[Cryptography] [cryptography] Underhanded Crypto

Bill Frantz frantz at pwpconsult.com
Fri Nov 28 19:14:47 EST 2014

On 11/28/14 at 2:59 AM, pgut001 at cs.auckland.ac.nz (Peter 
Gutmann) wrote:

>It's not really "giving it a shot" in my case, it's taking crypto
>implementation mistakes so old that people have forgotten about them and
>adding them to recent code.  All you need to do in theory is plough through a
>bunch of old CVEs and update the use from (say) SSH 1.2.09 to something
>current, and you're done.

This is a wonderful way to audit code reviews. Just add a few 
old attacks and see if the reviewers find them.

Cheers - Bill

Bill Frantz        | I like the farmers' market   | Periwinkle
(408)356-8506      | because I can get fruits and | 16345 
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos, 
CA 95032

More information about the cryptography mailing list