Keyczar is sound. NACL is sound. Using straight-up TLS with OpenSSL or your plat... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Nov 14, 2012 \| parent \| context \| favorite \| on: All the crypto code you've ever written is probabl... Keyczar is sound. NACL is sound. Using straight-up TLS with OpenSSL or your platform default is fine as long as you test that you're validating certificates. PGP/GPG is fine. Everything else is extremely suspect.

jarrett on Nov 14, 2012 [–]

Does that mean Bcrypt is extremely suspect? If so, then we have a real communication problem, because lots of people who claim to know crypto sing Bcrypt's praises.

tptacek on Nov 14, 2012 | [–]

We aren't talking about password hashes.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact