Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Good and Bad Crypto



Mike Small wrote:
> So this is kind of what troubles me in the line this thread has taken
> re. checking that the encryption algorithms are well chosen and
> implemented correctly.

That's why the world trusts the cryptographic module in OpenSSL: it's 
been examined and confirmed to be implemented correctly where 
"correctly" is "what FIPS 140-2 says is correct". Microsoft's 
cryptographic library has undergone the same certification so I can say 
that it is implemented correctly to the same "what FIPS 140-2 says is 
correct". The world (and I) don't have the same trust for the GnuTLS 
cryptographic module because it doesn't have that certification.

Heartbleed is something else entirely. It's not a failure to implement 
an algorithm properly. It's a stupid little hack to work around slow 
malloc() calls.

-- 
Rich P.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org