
OpenSSL wins the Levchin prize - kardos
https://www.openssl.org/blog/blog/2018/01/10/levchin/
======
mstachowiak
Can't help but find it ironic the winner of the 2018 Levchin Prize for
Advancements in Real-World Cryptography has an invalid SSL certificate on his
research website.

~~~
emmelaich
Also the levchinprize.com website. (not that there is a link to it; and it
might not even attempt to do ssl)

    
    
       levchinprize.com uses an unsupported protocol.
       ERR_SSL_VERSION_OR_CIPHER_MISMATCH
    

Classic.

~~~
duozerk
At first glance they do support _SSL_ , but not _TLS_ ; basically your browser
laughed at their antiquated protocol.

------
cosmojg
What about LibreSSL?

~~~
mrweasel
I was think along the same lines. It great that OpenSSL have improved quality,
yet it feels like they're rewarded for cleaning up their own mess.

Honestly, given the background for the award, cleaning up your code base
shouldn't qualify you:

> The prize honors significant contributions to real-world cryptography and
> celebrates recent advances that have had a major impact on the practice of
> cryptography and its use in real-world systems.

Improving code quality doesn't actually impact "the practice of cryptography".

~~~
shandor
> It great that OpenSSL have improved quality, yet it feels like they're
> rewarded for cleaning up their own mess.

Though to be honest, an insane amount of stuff relies on OpenSSH for their
security, and has for years. If their code was messy earlier, ok, but they
have still been basically de facto standard SSH client for much of networking.
I'd say their prize is well earned.

~~~
mulander
The reward was given to the OpenSSL team.

OpenSSH is a different project, developed by the OpenBSD project. OpenBSD also
works on LibreSSL which is a fork of OpenSSL.

OpenSSL itself has NOTHING to do with OpenBSD and OpenBSD related projects.

------
bluejekyll
If you haven’t seen the difference in quality and design from older versions
of OpenSSL to more recent versions, it’s a quite impressive transformation.

I definitely learned a lot of new techniques for writing quality modern C from
the recent versions of OpenSSL.

Congrats on the award.

~~~
voltagex_
Can you provide a short example?

~~~
bluejekyll
take a look at this current pkey impl:
[https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable...](https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/crypto/evp/evp_pkey.c#L21)

and compare that to 0.9.8: [https://github.com/openssl/openssl/blob/OpenSSL-
fips-0_9_8-s...](https://github.com/openssl/openssl/blob/OpenSSL-
fips-0_9_8-stable/crypto/evp/evp_pkey.c#L81)

You'll notice how much _cleaner_ the code is. Error conditions are more
consistently handled. Many fewer macros interleaving the code... etc.

~~~
pjmlp
Yes quite true, it is like night and day.

------
snvzz
Every time I see openssl rather than libressl getting attention, I'm reminded
of how often incompetence is rewarded.

------
virtualized
Does OpenSSL have useful documentation yet?

~~~
wasx
No.

Source: writing code using openSSL

------
CharlesMerriam2
Congratulations!

When money cannot be given, at least kudos can be given.

Words to live by.

------
ramshanker
Didn't hear of the prize before, so searched for it. From the website of
prize.

>>>>>The Levchin Prize was established in 2015 by internet entrepreneur, Max
Levchin. The prize honors significant contributions to real-world cryptography
and celebrates recent advances that have had a major impact on the practice of
cryptography and its use in real-world systems. Up to two awards will be given
every year and each carries a cash prize of $10,000.<<<<<

2015\. That is pretty new. So, for me it's more of a publicity for the "prize"
itself the the"advancement".

~~~
pvg
It's a serious conference with a steering committee of serious experts who
award the prize for serious work. Take a look at the previous winners. I think
the only thing you're getting right here is that the prize is relatively new.

