Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Keyczar is sound.

NACL is sound.

Using straight-up TLS with OpenSSL or your platform default is fine as long as you test that you're validating certificates.

PGP/GPG is fine.

Everything else is extremely suspect.



Does that mean Bcrypt is extremely suspect? If so, then we have a real communication problem, because lots of people who claim to know crypto sing Bcrypt's praises.


We aren't talking about password hashes.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: