undefined | Better HN

0 pointsdaxorid8y ago0 comments

It builds on Noise, which is very highly regarded and reasonably well researched in crypto circles. Ironically (vis-a-vis your comment), it was designed largely to avoid the mistakes inherent in developers "rolling [their] own" crypto on TLS with poorly chosen stacks, ciphers, parameters, downgrade criteria, etc.

https://noiseprotocol.org/noise.html

0 comments

twitchyliquid648y ago

Guess you could say noise is pretty quiet xD

+1 for trying to eliminate complexity from developer error. This was one of the worst cows in the herd for OpenSSL.

That said, I think a bit of good design on the APIs part can go a long way. For Instance, I think Go's crypto/tls aint bad: Its pretty difficult to 'accidentally' configure it in a shocking configuration (suites have to be overridden, turning off verification requires you to set a field called InsecureNoVerify etc).

j / k navigate · click thread line to collapse

0 pointsdaxorid8y ago0 comments

https://noiseprotocol.org/noise.html

0 comments

twitchyliquid648y ago

Guess you could say noise is pretty quiet xD

+1 for trying to eliminate complexity from developer error. This was one of the worst cows in the herd for OpenSSL.

j / k navigate · click thread line to collapse