[Cryptography] How to solve the hen-and-egg problem
mitch at niftyegg.com
Fri Jul 31 17:53:27 EDT 2015
On Fri, Jul 31, 2015 at 1:34 PM, Ben Laurie <ben at links.org> wrote:
> On Thu, 30 Jul 2015 at 08:37 Ralf Senderek <crypto at senderek.ie> wrote:
>> While static code analysers will work with C code, they might be less
>> valuable when it comes to reviewing the ksh scripts. These scripts
>> represent the logic of the message encryption scheme and a review
>> needs to focus on the security of the ideas, they're based on.
> Perhaps you should consider writing those scripts in a language that lends
> itself to analysis?
How are the scripts being used?
Scripts that run with SUID/SGID permissions are difficult.
Many *nix disable the SGID/SGID permission bit for scripts because of the
If SUID/SGID is not an issue then never mind...
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography