[Cryptography] Is the real cause of the recent socat error now known?
mok-kong shen
mok-kong.shen at t-online.de
Thu Mar 17 15:28:05 EDT 2016
Is the real cause of the recent socat error
(http://www.theregister.co.uk/2016/02/03/socat_backdoor_fix/) now
known or would the event remain inscrutable forever?
There could apparently only be 2 possible causes conceivable:
(1) Scientific: Almost certainly a probabilistic procedure (commonly
involving the Miller-Rabin Test) was employed instead of Maurer's
algorithm of provable prime generation. Hence with some, though
practically very minute (depending on the parameter t of the
Miller-Rabin Test), probability one could indeed have obtained a
composite instead of a prime number, (2) Human: Human errors of
diverse genre and manipulation (backdoor).
Anyway, it cannot be overemphasized that the software engineering
community in the large and the IT-security community in particular
shouldn't simply "passively" react to such events (i.e. taking the
viewpoint that the event is now bygone and everything is again ok such
that life could continue as usual) but instead "learn" from such events
and "actively" attempt to find ways to fundamentally and significantlly
reduce the risks of similar deplorable events occurring in the future.
M. K. Shen
More information about the cryptography
mailing list