[Cryptography] Other obvious issues being ignored?
Philipp Gühring
pg at futureware.at
Thu Oct 22 15:15:02 EDT 2015
Hi,
I agree that it´s impossible to catch every boneheaded issue someone could
produce. But I think that there is some value in a list of crypto related
mistakes people make that are not extremely obvious, and that should still
be avoided.
E.g.
* Do not deplete /dev/*random by using fopen() fread() without disabling
buffering
* Random number generators have a reasonable usecase for reading
uninitialized memory
I´ve seen such things too often in code that was developed by skilled and
experienced developers, that I think we really should develop a checklist
for crypto and it´s applications.
Best regards,
Philipp
More information about the cryptography
mailing list