[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTin=TsHTDRsRLOGLnbnnx+4fApvANXDNcoxS1cVh@mail.gmail.com>
Date: Wed, 15 Dec 2010 16:05:52 -0800
From: BMF <badmotherfsckr@...il.com>
To: clément Game <clement@...i-nation.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Allegations regarding OpenBSD IPSEC
On Wed, Dec 15, 2010 at 3:46 PM, clément Game <clement@...i-nation.com> wrote:
> i second that...yet we obviously need to figure out better ways to audit the code...maybe some kind of security-oriented unit-test framework ? ( dont'know if it exists already, and if it does, maybe that it's already employed for the OpenBSD project...dunno )
We're likely talking potential side-channel key leakage here...that
sort of thing will be very hard to find. Unit-testing is not
applicable.
The worst thing about this sort of allegation is that it is impossible
to prove that it isn't true. All we will ever be able to say is "We
haven't found it yet."
BMF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists