Hacker News new | past | comments | ask | show | jobs | submit login

Why prefer BoringSSL over LibreSSL?



I don't have a strong preference between the two, but have more insight into who's doing crypto work on BoringSSL than I do on LibreSSL.


LibreSSL removed a significant portion of the optimized ASM from OpenSSL. This means that for key operations it is significantly slower.


Optimized ASM means code that only very few people are able to review, and only with considerable time and effort. If security is the primary concern, I would argue that optimized ASM becomes a liability.


It's cute that you think people review crypto C code.


I had to read parts of OpenSSL to figure out how some of the utilities worked. Let me say that it's wonderful that people are trying to write a more readable version and leave it at that.


But people won't use slow code. Look at RSA-1024 on DNSSec.


If speed was a motivating factor, DNSSEC would be using fast curves instead of archaic RSA. The reality of DNSSEC is that it's built around the performance concerns of 1997.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: