[Cryptography] Secure erasure
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Sep 12 05:01:12 EDT 2016
alex at alten.org <alex at alten.org> writes:
>This is so true. After having spent several years with (legal) cyber-hacking
>teams, I almost don't care about crypto anymore.
Oh, it does have some use if you're doing pen-testing, it's a great indicator
for where to look for vulns. What I do when I'm asked to audit code is to
look for the crypto, ignore it, and look right next to the crypto itself to
find all the mistakes being made in applying and managing it. So it's a
beacon to use for finding vulnerabilities.
(I may have given away a pen-testing secret there :-). If someone looks at
your code for five minutes or less and points out an exploitable flaw, it's
not because they have magic powers, it's because you're using crypto to guide
them to it).
Peter.
More information about the cryptography
mailing list