Flaws in OpenSSL FIPS Object Module
weinmann at cdc.informatik.tu-darmstadt.de
Wed Dec 5 06:43:21 EST 2007
On Dec 3, 2007, at 16:51 , Paul Hoffman wrote:
> At 9:58 AM -0500 12/3/07, Perry E. Metzger wrote:
>> I don't know if people have been following this, but it is
>> from the point of view of studying how the FIPS process does (or does
>> not) interact with the underlying goal of producing assured systems.
> Another interesting part is that open-source systems are much more
> susceptible to being attacked by competitors (that is, having their
> validation suspended) than are closed-source systems.
this may have been true in the past. Enter tools like BinDiff  and
BinNavi  and a skilled reverse engineer is able to shoot down
you're closed-source implementation almost as quickly as one for which
she has source (assuming she has binaries, of course).
 Zynamics BinNavi
 Zynamics BinDiff
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1846 bytes
Desc: not available
More information about the cryptography