[openssl-users] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback
lists
lists at rustichelli.net
Thu Nov 26 15:10:20 UTC 2015
On 11/13/2015 02:40 PM, Emilia Käsper wrote:
>
> BLOWFISH - probably still in use though I don't know where exactly?
Isn't Blowfish a building block of bcrypt and/or some similar stuff? I
think that implementations don't rely on OpenSSL but I wouldn't give it
for granted.
As for the rest of the algorithms, a lot has been already said but I
would like to share my personal opinion (that of someone who codes using
the OpenSSL API since some time): I think of OpenSSL as an incredibly
rich tool for the professionals and the students as well, if it were
possible I would like to see all of the algorithms to be there forever,
including the odd situation of people who must decrypt some content they
produced a long time ago, for instance.
I understand that this is not feasable in the long-term, but we cannot
forget that IT time is different from people time: the fact that an
algorithm is born and becomes insecure in a few years doesn't mean that
it won't be needed for some time, unless we accept the idea that OpenSSL
is something to be used "for the moment being" (which is reasonable for
SSL/TLS and communications in general, much less for file encryption and
signature features).
So, if it were possible to keep the algorithms for a long time,
providing a simple way to put them out of the compilation (and the
default compilation options may just do that), that would be great. At
least as long as they are API-compliant (of course, you cannot ask to be
kept consistent with the rest of the code for decades).
My gratefulness to all developers, whatever it will be!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151126/34093445/attachment.html>
More information about the openssl-users
mailing list