On Tue, Dec 14, 2010 at 05:05:06PM -0800, John R Pierce wrote:
> but didn't openssl get its
> start with that same openbsd crypto code?
No. From the information-free OpenBSD mailing list message:
It is alleged that some ex-developers (and the company they worked
for) accepted US government money to put backdoors into our network
stack, in particular the IPSEC stack. Around 2000-2001.
http://www.mail-archive.com/openssl-users@openssl.org/msg00873.html
In 1995, Eric Young and Tim Hudson posted version 1 of SSLeay to
the Internet. SSLeay (eay for Eric A. Young) is a free cryptographic
library in which Young managed to single-handedly implement the full
suite of cryptosystems used in SSL: the RSA-based security protocol
that provides confidentiality, integrity, and "digital signature"
authentication functions for secure connections, transactions, and
file transfers over the World Wide Web (WWW) recently invented by
European programmers.
See also http://en.wikipedia.org/wiki/Timeline_of_OpenBSD
So OpenSSL predates and is completely independent of same code. No
developed of OpenSSL was done in the US, in part to avoid crypto
export issues.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
