Cryptographic Libraries

Don't use these libraries for new cryptosystems. They're low-level, and so very easy to get wrong. And the primitives they expose are mostly outmoded. Your code will be safer, your crypto will be stronger, and your website will look cooler if you can tell people you used Nacl/libsodium instead of Common Crypto.

So, Security and CommonCrypto were already open source. The new thing here is corecrypto - but it has <i>not</i> been made open source! If you click the download link, you get a license agreement authorizing you to use it only &quot;for the sole purpose of verifying the security characteristics and correct functioning of the Apple Software&quot;.<p>I don&#x27;t really understand the point of not just publishing it under a regular open source license, since it&#x27;s hardly some big competitive advantage for Apple when there are plenty of other libraries to do the same thing.<p>Still, nice to be able to audit it.

They didn&#x27;t bother to remove RC4 from it before doing that? I wonder if they did any cleanup at all or just released it before the current encryption backdoor trial concludes.

A mental inventory of bloggers who routinely say they did not hand over their HD unlock keys to Apple haunts my mind after reading this. Apple are one of the few tech companies who could throw money at the crypto debate and win some Internet Points, but they would have to counter the claims of many bloggers who said they don&#x27;t trust Apple to guard their unlock keys

Important: The headline was modified since I submitted this. Apple didn&#x27;t actually open-source the code. They give you a 90-day licence to read the code.<p>&gt; Apple grants you, for a period of ninety days from the date you downloaded the Apple Software, a limited, non-exclusive, non-licensable license under Apple&#x27;s copyrights in the Apple Software to make a reasonable number of copies of, compile and run the Apple Software internally within your organization only on devices and computers you own or control for the sole purpose of verifying the security characteristics and correct functioning of the Apple Software;...