Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Good and Bad Crypto

Mike Small wrote:
> So this is kind of what troubles me in the line this thread has taken
> re. checking that the encryption algorithms are well chosen and
> implemented correctly.

That's why the world trusts the cryptographic module in OpenSSL: it's 
been examined and confirmed to be implemented correctly where 
"correctly" is "what FIPS 140-2 says is correct". Microsoft's 
cryptographic library has undergone the same certification so I can say 
that it is implemented correctly to the same "what FIPS 140-2 says is 
correct". The world (and I) don't have the same trust for the GnuTLS 
cryptographic module because it doesn't have that certification.

Heartbleed is something else entirely. It's not a failure to implement 
an algorithm properly. It's a stupid little hack to work around slow 
malloc() calls.

-- 
Rich P.
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org