Openssl


SSH Crypt

For some reason a few weeks back I was wondering about using ssh keys to encrypt/decrypt files. Seems like a thing that should be possible, why not? And sure enough, it’s been done. This won’t be as good as using gpg keys. Specifically without the web of trust it can be hit with MITM attacks, but I think it would be “good enough” for most people in most uses. And in my experience getting people to use gpg is like pulling teeth.

OpenSSL malloc usage

Some info on how the OpenBSD libc’s malloc could have detected, neutered or reduced the impact of Heartbleed. Further info on OpenSSL’s broken free list implementation. Essentially, don’t implement your own memory handling routines; use the system ones or obvious alternatives.