Date: Mon, 19 Oct 2015 15:40:58 -0700 From: Tim <tim-security@...tinelchicken.org> To: oss-security@...ts.openwall.com Subject: Re: Prime example of a can of worms > We have AFAIK no good test suites to ensure random numbers/primes are > cryptographically secure. > > If we did we wouldn't have issues like CVE-2008-0166. Actually, we might have this now. See: http://www.cryptol.net/ These guys put on a very short training at BSidesPDX this last weekend and it seems like it could be exactly what you're looking for. No, not to solve all the DH trouble, but it can make sure an implementation matches a specification. Of course you have to have a specification. But once you do, it can verify binaries' behavior. tim
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ