Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151019224058.GD28306@sentinelchicken.org>
Date: Mon, 19 Oct 2015 15:40:58 -0700
From: Tim <tim-security@...tinelchicken.org>
To: oss-security@...ts.openwall.com
Subject: Re: Prime example of a can of worms

> We have AFAIK no good test suites to ensure random numbers/primes are
> cryptographically secure.
> 
> If we did we wouldn't have issues like CVE-2008-0166.


Actually, we might have this now.  See:
  http://www.cryptol.net/

These guys put on a very short training at BSidesPDX this last weekend
and it seems like it could be exactly what you're looking for.  No,
not to solve all the DH trouble, but it can make sure an
implementation matches a specification.  Of course you have to have a
specification.  But once you do, it can verify binaries' behavior.

tim

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.