Flaws in OpenSSL FIPS Object Module

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Dec 4 03:53:52 EST 2007

Paul Hoffman <paul.hoffman at vpnc.org> writes:
>At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
>>I don't know if people have been following this, but it is interesting
>>from the point of view of studying how the FIPS process does (or does
>>not) interact with the underlying goal of producing assured systems.
>Another interesting part is that open-source systems are much more
>susceptible to being attacked by competitors (that is, having their
>validation suspended) than are closed-source systems.

That's a good problem statement for the dark side of "many eyes make bugs


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list