[Cryptography] [cryptography] Underhanded Crypto
Bill Frantz
frantz at pwpconsult.com
Fri Nov 28 19:14:47 EST 2014
On 11/28/14 at 2:59 AM, pgut001 at cs.auckland.ac.nz (Peter
Gutmann) wrote:
>It's not really "giving it a shot" in my case, it's taking crypto
>implementation mistakes so old that people have forgotten about them and
>adding them to recent code. All you need to do in theory is plough through a
>bunch of old CVEs and update the use from (say) SSH 1.2.09 to something
>current, and you're done.
This is a wonderful way to audit code reviews. Just add a few
old attacks and see if the reviewers find them.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | I like the farmers' market | Periwinkle
(408)356-8506 | because I can get fruits and | 16345
Englewood Ave
www.pwpconsult.com | vegetables without stickers. | Los Gatos,
CA 95032
More information about the cryptography
mailing list