lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTin=TsHTDRsRLOGLnbnnx+4fApvANXDNcoxS1cVh@mail.gmail.com>
Date: Wed, 15 Dec 2010 16:05:52 -0800
From: BMF <badmotherfsckr@...il.com>
To: clément Game <clement@...i-nation.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Allegations regarding OpenBSD IPSEC

On Wed, Dec 15, 2010 at 3:46 PM, clément Game <clement@...i-nation.com> wrote:
> i second that...yet we obviously need to figure out better ways to audit the code...maybe some kind of security-oriented unit-test framework ? ( dont'know if it exists already, and if it does, maybe that it's already employed  for the OpenBSD project...dunno )

We're likely talking potential side-channel key leakage here...that
sort of thing will be very hard to find. Unit-testing is not
applicable.

The worst thing about this sort of allegation is that it is impossible
to prove that it isn't true. All we will ever be able to say is "We
haven't found it yet."

BMF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ