
Libsodium Audit Results - CiPHPerCoder
https://www.privateinternetaccess.com/blog/2017/08/libsodium-v1-0-12-and-v1-0-13-security-assessment
======
imaginenore
No fuzzing?

~~~
technion
Fuzzing will catch C related bugs - it won't generally detect crypto
implementation bugs, which this appears to have focussed on.

There's a lot of people who can write a fuzzer in their spare time and I'd be
surprised if libsodium had never been a target. Comprehensive crypto audits on
the other hand, are a different story.

Edit: It does state dynamic analysis was performed for classes of C bugs

