[Cryptography] Other obvious issues being ignored?

Philipp Gühring pg at futureware.at
Thu Oct 22 15:15:02 EDT 2015


Hi,

I agree that it´s impossible to catch every boneheaded issue someone could
produce. But I think that there is some value in a list of crypto related
mistakes people make that are not extremely obvious, and that should still
be avoided.

E.g.
* Do not deplete /dev/*random by using fopen() fread() without disabling
buffering
* Random number generators have a reasonable usecase for reading
uninitialized memory

I´ve seen such things too often in code that was developed by skilled and
experienced developers, that I think we really should develop a checklist
for crypto and it´s applications. 


Best regards,
Philipp



More information about the cryptography mailing list