[Cryptography] Amazon releases open source cryptographic module

Viktor Dukhovni cryptography at dukhovni.org
Fri Jul 3 19:15:09 EDT 2015

On Thu, Jul 02, 2015 at 11:47:29PM -0700, Ryan Carboni wrote:

> The code wasn't so easy to read to prevent Heartbleed, now was it?

There was no audit, and the legacy code quality in OpenSSL is lower.
The s2n code is objectively easier to read and audit.

However, it is still far from complete.  We'll see how large the
code base is once it is complete.

> Some of
> the most catastrophic bugs in C seemingly involve a few lines of code
> needing to be fixed.

The limitations of C have not been a problem for Postfix.  You can
write Fortran in any language.  Sure some bugs are more common in
C than other languages, but I see plenty of security bugs in Python
code, they're just not buffer overflows.


More information about the cryptography mailing list