🦾 Why C Remains the Gold Standard for Cryptographic Software - wolfSSL
「 While memory-safe languages like Rust offer real benefits, serious cryptographic implementations inevitably rely on unsafe code, assembly, and low-level control, eroding those guarantees. At that point, the added abstraction often increases complexity without meaningfully reducing risk 」
https://www.wolfssl.com/why-c-remains-the-gold-standard-for-cryptographic-software/
Critical wolfSSL flaw (CVE-2026-5194) allows digital ID forgery across billions of devices. Update to version 5.9.1 to fix the issue and reduce risk
Read: https://hackread.com/wolfssl-vulnerability-iot-routers-military-systems/
Critical flaw in #wolfSSL library enables forged certificate use
wolfSSL library vulnerability undermines ECDSA signature verification
A single misstep in a crucial cryptographic check can have far-reaching consequences, rendering digital certificates unreliable and putting security at risk. The recently discovered wolfSSL library vulnerability compromises ECDSA signature verification, allowing for potentially forged certificates and weakened…
#EllipticCurveDigitalSignatureAlgorithm #Ecdsa #Wolfssl #Ssltls #CryptographicLibrary
Long, but great read from #HAProxy on the state of #TLS libraries. Includes some scathing remarks about the #OpenSSL project.
“The development team has degraded their project’s quality, failed to address ongoing issues, and consistently dismissed widespread community requests for even minor improvements.”
“This unfortunate situation considerably hurts QUIC protocol adoption. It even makes it difficult to develop or build test tools to monitor a QUIC server.”
“When some of the project members considered a 32% performance regression ‘pretty near’ the original performance, it signaled to our development team that any meaningful improvement was unlikely.”
“In blunt terms: running OpenSSL 3.0.2 as shipped with Ubuntu 22.04 results in 1/100 of #WolfSSL’s performance on identical hardware! To put this into perspective, you would have to deploy 100 times the number of machines to handle the same traffic, solely because of the underlying SSL library.”
After heartbleed in 2014, there were a lot of calls to abandon OpenSSL and support alternative libraries because it had written itself into a corner full of holes. I didn’t anticipate that 11 years later, there’d be a call to abandon OpenSSL because it’s written itself into a corner of running at 1% the performance of those very same alternative libraries https://www.haproxy.com/blog/state-of-ssl-stacks
“AWS-LC looks like a very active project with a strong community. […] Even the recently reported performance issue was quickly fixed and released with the next version. […] This is definitely a library that anyone interested in the topic should monitor.”
#OpenSSL #BoringSSL #WolfSSL #AWSLC #HAProxy #OpenSource #FreeSoftware #FOSS #OSS #TLS #QUIC
https://www.haproxy.com/blog/state-of-ssl-stacks
I'll be speaking at CYSAT Conference in Paris next month!
Let me know if you are going! Stop by and say hi. I'll be at the #wolfSSL booth, too.
Frontgrade Gaisler and wolfSSL Collaborate to Enhance Cybersecurity in Space Applications
jbz
Marcel SIneM(S)US
Hackread.com
The New Oil
Analyst207
.:. brainsik
Matt "msw" Wilson
gojimmypi
SpaceNews [Unofficial]
RenalCalculus