oss-sec mailing list archives
Re: Prime example of a can of worms
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 19 Oct 2015 15:40:58 -0700
We have AFAIK no good test suites to ensure random numbers/primes are cryptographically secure. If we did we wouldn't have issues like CVE-2008-0166.
Actually, we might have this now. See: http://www.cryptol.net/ These guys put on a very short training at BSidesPDX this last weekend and it seems like it could be exactly what you're looking for. No, not to solve all the DH trouble, but it can make sure an implementation matches a specification. Of course you have to have a specification. But once you do, it can verify binaries' behavior. tim
Current thread:
- Prime example of a can of worms Kurt Seifried (Oct 18)
- Re: Prime example of a can of worms Alex Gaynor (Oct 18)
- Re: Prime example of a can of worms Matt U (Oct 18)
- Re: Prime example of a can of worms Seth Arnold (Oct 19)
- Re: Prime example of a can of worms Kurt Seifried (Oct 19)
- Re: Prime example of a can of worms Tim (Oct 19)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
- Re: Prime example of a can of worms Kurt Seifried (Oct 19)
- Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
- Re: Prime example of a can of worms Brad Knowles (Oct 20)
- Re: Prime example of a can of worms Kurt Seifried (Oct 20)
- Re: Prime example of a can of worms gremlin (Oct 20)
- Re: Prime example of a can of worms Alex Gaynor (Oct 18)
- Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)
- Re: Prime example of a can of worms Joshua Rogers (Oct 21)
- Re: Prime example of a can of worms Kurt Seifried (Oct 21)