[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnueval-security] [Richard Stallman] evaluating an encryption progr
From: |
Christian Grothoff |
Subject: |
Re: [gnueval-security] [Richard Stallman] evaluating an encryption program |
Date: |
Wed, 27 Nov 2013 22:50:54 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9 |
On 11/26/2013 09:32 AM, Niels Möller wrote:
> At this point, would it be useful to also have a look at the provided
> source code and see if it appears to be well written?
I checked, the main issue would seem to be the use of vanilla Makefiles
(no autotools) to build the code, but the C itself seems very clean and
documented. The API itself also makes a good impression to me. There is
also additional documentation with the code (C/*/doc/), and the headers
are commented very nicely.
So while I didn't do a "security audit" (for that, I'd have to really
read up on the NTRU specs and compare AND go line-by-line over the
code), the quality of the code itself beats OpenSSL's mess any day ;-).
My 2 cents
Christian