[Cryptography] How to solve the hen-and-egg problem

Tom Mitchell mitch at niftyegg.com
Fri Jul 31 17:53:27 EDT 2015

On Fri, Jul 31, 2015 at 1:34 PM, Ben Laurie <ben at links.org> wrote:

> On Thu, 30 Jul 2015 at 08:37 Ralf Senderek <crypto at senderek.ie> wrote:
>> While static code analysers will work with C code, they might be less
>> valuable when it comes to reviewing the ksh scripts. These scripts
>> represent the logic of the message encryption scheme and a review
>> needs to focus on the security of the ideas, they're based on.
> Perhaps you should consider writing those scripts in a language that lends
> itself to analysis?

How are the scripts being used?

Scripts that run with SUID/SGID permissions are difficult.
Many *nix disable the SGID/SGID permission bit for scripts because of the

If SUID/SGID is not an issue then never mind...

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150731/7c51b5e0/attachment.html>

More information about the cryptography mailing list