Reply to post:

Here's a fab idea: Get crypto libs to warn devs when they screw up

dajames Silver badge

my experience is, crypto APIs are incredibly complicated, hard to use, and poorly documented. this especially applies to openSSL.

Designing and securely implementing cryptographic interfaces is a complex process really hard to do well ... but using them is much easier ... or would be if there was any documentation, which there all too often isn't (yes, OpenSSL, I'm looking at you, too).

Adding a few carefully-worded Doxygen comments would make all the difference ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019