alt Hacker NewsWhy not zoidbe... I mean, why not open ssh? It's literally a CLI that does every crypto operation with every primitive (except some PQC)?
Why not zoidbe... I mean, why not open ssh? It's literally a CLI that does every crypto operation with every primitive (except some PQC)?
If you mean the OpenSSL CLI, it's hard to think of a more footgun-y cryptographic tool than the one that:
* defaults to unauthenticated encryption
* buries its one authenticated mode
* requires explicit command-line nonces
* defaults to an MD5 KDF
You could probably keep going for another 10 bullets. Never use the OpenSSL CLI for anything other than TLS stuff.