[Cryptography] [cryptography] Underhanded Crypto
abe at oyvay.nu
Sat Nov 29 23:24:07 EST 2014
On Fri, Nov 28, 2014 at 11:59:07PM +1300, Peter Gutmann wrote:
> ianG <iang at iang.org> writes:
> It's not really "giving it a shot" in my case, it's taking crypto
> implementation mistakes so old that people have forgotten about them and
> adding them to recent code. All you need to do in theory is plough through a
> bunch of old CVEs and update the use from (say) SSH 1.2.09 to something
> current, and you're done.
Heck, just run the source through lint and blindly fix anything it finds,
like use of uninitialized variables.
More information about the cryptography