2018.05.18 13:26:12 (997438199227211776) from Daniel J. Bernstein, replying to "Matthew Green (@matthew_d_green)" (997435638566850560):
libpqcrypto (https://libpqcrypto.org) includes a simple command-line interface designed to prevent common security failures: everything aims for CCA2, verification failures produce empty output in case errors are ignored, etc. But still needs consttime + tons of security review.
2018.05.18 13:11:57 (997434611754983424) from "Orthanc (@Orthanc)", replying to "Matthew Green (@matthew_d_green)" (997434118207131649):
Does openssl count?
2018.05.18 13:12:53 (997434846652846081) from "Matthew Green (@matthew_d_green)", replying to "Orthanc (@Orthanc)" (997434611754983424):
The process of public key encrypting a file is pretty janky.
2018.05.18 13:14:16 (997435193903472641) from "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)", replying to "Matthew Green (@matthew_d_green)" (997434846652846081):
Is "janky" a technical criticism?
2018.05.18 13:16:02 (997435638566850560) from "Matthew Green (@matthew_d_green)", replying to "ͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥͥtruelai ╪ͥͥͥͥͥͥͥͥͥͥͥ (@truelai)" (997435193903472641):
It’s a corollary of “sucky”. But seriously, OpenSSL public key encryption is bad.