This is one of the better comments I have seen on OpenSSL in the past week. Well said.

"This is why OpenSSL looks like a hodgepodge of hacks upon hacks in order to accomplish narrow goals with limited impact testing."

It doesn't just look like a hodgepodege of accumulated hacks, it is a hodgepodge of accumulated hacks. :)

"It should be no surprise to anyone else: clients are literally paying OpenSSL developers for this, and nothing else."

One could say this with respect to many popular open source projects, including ones with corporate sponsorship. The complexity just keeps building over time and there is no such thing as "finished, accepting bug fixes only".

"Who is paying OpenSSL for developers to clean up the code base and remove ancient #IFDEFs? Who is paying OpenSSL for developers to analyze code paths and do case analysis? Who is paying OpenSSL for developers to write unit tests or even have a test harness at all?"

Those are rhetorical questions. We know the answers. Alas, when the people who pay for (open source) software and consulting pay to have "features" removed instead of added, "pigs will fly".

Doug McIllroy is quoted as saying, "The hero is the negative coder".

(Just in case this need explanation: Prof. McIllroy is the mind behind UNIX pipes and one of computer science's most prominant contributors. "Negative coder" means someone who removes code instead of constantly adding, or "committing", new code.)

We could really use some more heros. And as we switch away from OpenSSL there will be a lot of links to libssl to remove.

Meanwhile some people have been writing and testing small, auditable and usable open source crypto, more or less for "free".

http://tweetnacl.cr.yp.to

My guess (and hope) is that pathological requests for "features" to be added would be met with heavy scrutiny. The authors already have day jobs in academia.

> "This is why OpenSSL looks like a hodgepodge of hacks upon hacks in order to accomplish narrow goals with limited impact testing."

Can you point out specific examples that you view as hacks upon hacks?

Maybe I've spent too many years in the code base, but I've also seen worse.

OpenSSL does a lot. Maybe smaller modules would be better and more testing certainly. Organizations using it should also be contributing back more.

Hacks upon hacks seems like a stretch to me.

As a side note, the NaCL library you mention does only a fraction of the things OpenSSL does. OpenSSL could certainly stand to be broken into smaller components, but trying to compare it with a very small library that does mostly primitive operations is...an improper comparison.

I like Dan's work and have used in in projects, I just think your comparison and analysis are quite off base.

You are entitled to your opinion and your preferences.

As I am to mine.

From the tweetnacl.cr.yp.to paper:

"OpenSSL is the space shuttle of crypto libraries. It will get you to space, provided you have a team of people to push the ten thousand buttons required to do so. NaCL is more like an elevator -- you just press a button and it takes you there. No frills or options.

I like elevators." - Matthew D. Green, 2012

Yes, it is improper to compare a space shuttle to an elevator.

It's also absurd to use a space shuttle when all you need is an elevator.

Use whatever you want. Not everyone's needs are the same.

I like small components that are independent. The OpenSSL binary is feature for feature one fo the most complex I have ever used.

I prefer simplicity. That's just me.

Not for everybody. But some might desire it.

You have my sincere apologies for daring to mention an OpenSSL alternative.

The fact that this NaCl is so small and limited is the whole point.

I guess that point was missed.

I think you should reread what I said -- I think it needs to be componentized, because OpenSSL does a lot. Plus has a bunch of utilities to do things.

Comparing it to a library that is mostly crypto primitives is not a fair comparison.

Also - I'm still curious of examples of "hacks upon hacks" for my own curiosity. I've been using OpenSSL in a number of projects for 15+ years, so maybe I am used to certain things.

It takes 500 extra lines of C to write a secure channel abstraction with a server and client on top of NaCl. This is the curvecp implementation.

And something capable of doing an SSL/TLS connection with cipher sweet negotiation and client certificate validation?

Maybe throw in hardware token/PKCS11 support?

> Meanwhile some people have been writing and testing small, auditable and usable open source crypto, more or less for "free".

With all due respect that is complete bullshit. I do not care that you put quotes around free. Writing "free" will never be considered to include sums in the hundreds of thousands of dollars. More importantly blatant lies like this muddy the debate and set outrageous expectations. The Nacl project gives the following description of funding:

  NaCl was initiated by the CACE (Computer Aided Cryptography Engineering)
  project funded by the European Commission\'s Seventh Framework Programme
  (FP7), contract number ICT-  2008-216499. CACE activities were organized
  into several  Work Packages (WPs). NaCl was  the main task of  CACE WP2,
  \"Accelerating Secure  Networking,\" led  by Tanja Lange  (at Technische
  Universiteit Eindhoven)  and Daniel  J. Bernstein (at the  University of
  Illinois at  Chicago, currently visiting Eindhoven). CACE  nished at the
  end of 2010 but NaCl is a continuing project.

  ...Many  of  the  algorithms  used  in  NaCl  were  developed as part of
  Daniel  J. Bernstein\'s   High-Speed  Cryptography  project   funded  by 
  the  U.S. National  Science  Foundation, grant  number  ITR-0716498. 

I found the funding information for ITR-0716498. djb is listed as the PI for the project.[^1] I could only find the high level funding of ICT-2008-216499.[^2] (wtf EU?) CACE WP2 is only one component of the project. I would love it if someone with better knowledge of EU funding can find the funding for the WP2 line item. The figures are:

  NSF ITR-0716498 funding: (USD)     400,000.00
  EU  2008-216499 funding: (EUR)   4,733,078.00 ***NEED WP2 line item***

The tweetnacl implementation lists two more funding sources. As above it was easy to locate the NSF funding but I totally struck out for the nwo funding:

  NSF 1018836 funding: (USD)        $436,203.00[^3] 
  NWO grant 639.073.005 funding:    ???????????

Don't get me wrong, I have a lot of respect for djb and I think he and his coworkers deserve every fractional euro/dollar of funding that they received but they did not work for free. Most importantly they should not be expected to work for free.

[^1]: http://www.nsf.gov/awardsearch/showAward?AWD_ID=0716498

[^2]: http://cordis.europa.eu/projects/rcn/85344_en.html

[^3]: http://www.nsf.gov/awardsearch/showAward?AWD_ID=1018836

NB: This is the nwo funding site: http://www.nwo.nl/en/funding I think the english version may have a reduced set of features. I can not find the this grant information on the site.

Wow. I guess "more or less" was not strong enough wording for you?

The point is that using something like NaCl costs you, the developer/user, nothing more than if you are using OpenSSL.

Do you agree?

No, "more or less for free" is not close to hundreds of thousands of dollars plus whatever funds came from the EU and NWO.

I have to say I am confused about your reply in the first sentence you seem to acknowledge that the wordingwas related to the cost of "writing and testing" crypto software. However in the second sentence you seem to indicate that your thesis was about the switching costs users face. Which is it? You did not say I get to use nacl "more or less for free" you said that "people have been writing and testing small, auditable and usable open source crypto, more or less for 'free'." That quote seems to be about the cost of creation not the switching costs.

Do you think djb et al produced nacl "more or less for free?"

I think you misunderstood what I meant.

I mentioned "free" only to point out that there is no financial cost to switching to it. I guess I did not type the sentence with enough care; words are missing. My apologies.

I imagine people would be willing (and are accustomed) to paying for software of similar quality.

But I'm also wondering why this bothered you so much.

Does it make a difference that grants were received?

Is the funding not transparent enough?

The blog article on OpenSSL mentions payments for consulting and "features" to be added to OpenSSL.

Should I be concerned about what those features are, and who is paying for them? Are you concerned?

I'm just nterested in cleaner code than OpenSSL's. NaCl looks cleaner to me.

Maybe I'm wrong. But I'd rather be compiling programs that use libnacl or some other simpler alternative than ones that use libssl.

We all have to make decisions about what software we choose to use, even if we are not cryptographers.

I see nothing wrong with discussing alternatives to OpenSSL. This bug has been a real PITA.

  > I mentioned "free" only to point out that there is no financial cost
  > to switching to it. I guess I did not type the sentence with enough
  > care; words are missing. My apologies.

It speaks highly of your character that you say this to the jerk on the internet said you were full of shit.

  > But I'm also wondering why this bothered you so much.

Because crypto is important. A lot of harmful attitudes/mindsets are reinforced if people think NaCl was created in the authors spare time and did not require funding:

- "Why should I donate to GnuPG/OpenSSL/Tor/Mozilla(NSS)? Those NaCl devs wrote NaCl for free."

- "How hard could it be to implement a crypto library? Nacl was a side project. The Nacl devs 'have day jobs in academia' and created nacl in their spare time. They did it for free, so they obviously didn't need to spend money on testing environment, research material or hire/consult experts. On the other hand look at SelfiesMadeEa.sy they raised serious cash and had to quit their jobs because they tackle hard problems."

- "Obama and the rest of gubmint are taxing me to death. Government should be pay for the military and maybe some roads; not waste money on liberal academics in ivory towers, maplethorpe and those pinkos from NEA or some stupid robot/telescope that cant do metric conversions."

- "OMG NSA is evil. USA does nothing but invade countries and privacy."

  > Does it make a difference that grants were received?

No it does not make a (negative/harmful) difference that grants were received. I think it is a shining example of modern civil society; you have the US, NL and the EU teaming up to fund strong crypto by top notch folks from a number of countries. Governments should fund research, applied and basic, and they should be encouraged to fund more of it.

Somewhat tangential: Knowledge of the grants also seeks to eliminate the idiocy in the latter two examples above. People need to be reminded that big government is not always an evil force, governments can be a force for good. I do not know if you saw my other comment about tor funding but tor had revenue of \$2+ million in 2012 and 60% came from US government. I don't know where you are from but I bet you have met a simple minded moron wearing a tea party costume or trendy European threads that will not stop complaining about the evil Obama surveillance administration. Blow their minds and ask them to wrap their heads around the:

- $800k from DoD for "Basic and Applied Research and Development in Areas Relating to the Navy Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance"

or

- $350k from State for "Programs to Support Democracy, Human Rights and Labor" and "New America Foundation: International Programs to Support Democracy, Human Rights"

  > Is the funding not transparent enough?

If this is in regards to the lack of numbers from NWO or the EU I am sure that I am at fault. (I also think one of djb's EU grant numbers might have a digit transposed) I imagine that the dutch version of nwo.nl is easier to use.

  > The blog article on OpenSSL mentions payments for consulting and
  > "features" to be added to OpenSSL.

  > Should I be concerned about what those features are, and who is paying
  > for them? Are you concerned?

I think we should be concerned that OSF is not doing a better job highlighting sponsors and attracting new ones. It should be easier for someone with check writing authority at big.corp.com to stumble across the sponsors information and think to themselves "hey, we should drop some petty cash on these folks. We use the product and I bet the marketing folks would appreciate the bump in visibility for a fraction of the cost of our latest failed social network branding efforts." If I was OSF I would look at the \$2 million tor brought in and ask myself "maybe we could do a better job of sponsor outreach? Tor is important to these people that wrote checks and tor uses libssl-dev, I wonder if there is an opportunity?"

The budget for NWO 639.073.005 is stated to be €1,500,00.00 at http://www.nwo.nl/onderzoek-en-resultaten/onderzoeksprojecte... .

Dank u.

They say they have 100 pending contracts... I believe their funding strategy could be fixed by hiring people to do the contract hours for a salary (those don't need to be OpenSSL core hackers, just good enough with the core of OpenSSL to help customers and provide viable work when a modification is requested). With the money you earn you also pay the core team members to just work at OpenSSL with the right priorities: this is where you improve security, do refactoring, and trow away #ifdefs.

> This is the wrong funding model.

It's only the wrong funding model if there is a superior alternative. It's a non-ideal funding model, but as is the main point of the article, they are and have been actively looking for alternative sources of funding without success. I hope your gripe is not directed at OpenSSL but at those who could be supporting it financially.

Reminds me on an article about how short-term, market-driven university research is killing innovation in abstract fields with no apparent financial ROI (e.g. mathematics, physics, chemistry and biology).

If research was market-driven in 1859 Riemann might not had time to play with zeta functions because at the time no one knew what to do with them. Same for Bayes and so many others. It's not that those man had a better environment around them than current researchers, it's mostly that we're getting results slower than we might as a human kind.

It's true that their funding model is imperfect, but then other funding models are imperfect in different ways, and their model should be perfectly workable: spend six months of the year working on contract jobs and the other six months making general improvements to the code.

The reason it's not working is that their rates are far too low. This is, for whatever reason, a classic mistake of technical people. If you're turning down work for lack of time, you need to increase your rates until this stops happening.

One approach, if you're coordinating development through the foundation, might be for the foundation to require some percentage of the funds go to foundational improvements.