oss-sec mailing list archives

Re: Prime example of a can of worms

From: Tim <tim-security () sentinelchicken org>
Date: Mon, 19 Oct 2015 15:40:58 -0700

We have AFAIK no good test suites to ensure random numbers/primes are
cryptographically secure.

If we did we wouldn't have issues like CVE-2008-0166.



Actually, we might have this now.  See:
  http://www.cryptol.net/

These guys put on a very short training at BSidesPDX this last weekend
and it seems like it could be exactly what you're looking for.  No,
not to solve all the DH trouble, but it can make sure an
implementation matches a specification.  Of course you have to have a
specification.  But once you do, it can verify binaries' behavior.

tim

Current thread:

Prime example of a can of worms Kurt Seifried (Oct 18)
- Re: Prime example of a can of worms Alex Gaynor (Oct 18)
  - Re: Prime example of a can of worms Matt U (Oct 18)
  - Re: Prime example of a can of worms Seth Arnold (Oct 19)
    - Re: Prime example of a can of worms Kurt Seifried (Oct 19)
    - Re: Prime example of a can of worms Tim (Oct 19)
    - Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
    - Re: Prime example of a can of worms Kurt Seifried (Oct 19)
    - Re: Prime example of a can of worms Daniel Kahn Gillmor (Oct 19)
    - Re: Prime example of a can of worms Brad Knowles (Oct 20)
    - Re: Prime example of a can of worms Kurt Seifried (Oct 20)
    - Re: Prime example of a can of worms gremlin (Oct 20)
    - Re: Prime example of a can of worms Matthias Weckbecker (Oct 21)
    - Re: Prime example of a can of worms Kurt Seifried (Oct 21)
    - Re: Prime example of a can of worms Joshua Rogers (Oct 21)
    - Re: Prime example of a can of worms Kurt Seifried (Oct 21)

(Thread continues...)