[Cryptography] What faults would you inject to test crypto mechanisms/protocols?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue May 13 07:50:35 EDT 2014
Dmitry Belyavsky <beldmit at gmail.com> writes:
> What check is to catch the Apple "gotofail" bug?
There's no specific check to catch it, or more specifically you don't need to
code in a special-case check for it, since it would be caught by any of:
> Wrong certificate/key
> Handshake message corruption
> Bad signature - wrong hash value
> Bad signature - data corrupted
all of which will lead to a sig-check failure for various reasons.
Peter.
More information about the cryptography
mailing list