[Cryptography] Possible SHA2 vulnerability
Tom Mitchell
mitch at niftyegg.com
Fri Jun 30 13:23:44 EDT 2017
On Wed, Jun 28, 2017 at 9:09 AM, Ron Garret <ron at flownet.com> wrote:
>
> On Jun 28, 2017, at 9:00 AM, Ron Garret <ron at flownet.com> wrote:
>
>> https://github.com/laie/WorldsFirstSha2Vulnerability
>
> Turns out to be a false alarm.
OK this was a test. Had it been a real emergency would we
have been prepared sufficiently and in what ways?
To me sufficiently implies the ability to download a replacement safely
and be notified promptly that it is necessary.
As for software updates what cryptographic tools are in that dependency chain?
Notification is also important. CERT latency is a bit long. CNN, FoX
and MSNBC are worthless
and RT has other agenda. I am not sure Gentoo is better, yet it is
fun in a VM.
Cloud services, Do customers get notified and do they have sufficient visibility
to the code and binaries they depend on.
Can Linux users download updates with WindowZ safely?
Can WindowZ updates be downloaded safely with Linux?
Does this even make sense to think about.
Would different cryptographic tools used in pairs help and also help discover
abuse clock start at zero discovery day not patch day zero.
--
T o m M i t c h e l l
More information about the cryptography
mailing list