[Discuss] Good and Bad Crypto

[Richard Pieri]

Mike Small wrote:
> GnuTLS I've heard negative things about.  On the other hand PolarSSL
> seems to have a good reputation, yet it's not FIPS certified.

There's a lot of politics around GnuTLS so take it with a grain of salt.

> FIPS 140-2 I'm sure is useful in certain environments (though not
> environments I'd ever subject myself to) but is it the be all and end
> all? e.g. do you have to wait until FIPS corrects itself before you stop
> using Dual EC DRBG?

It's not FIPS that's useful per se. It's that a group of experts have 
gone over the product and demonstrated that it works as described under 
the specified test conditions.

And as a point, the NIST formally deprecated Dual_EC_DRBG this week.


> Well, that they wrote their own malloc wrapper prevented memory
> debuggers having any hope of helping notice the bug, but that wasn't the

There's a reason why I call it a stupid rather than a bug. :)

Really. The code works exactly as it was designed to work. Therefore 
technically not a bug. What's broken about it is the stupid design 
decision that led to it being written. So I call it a stupid.


John Abreau wrote:
 > I take issue with the strawman argument about everyone needing to
 > look at the source. As long as the source is available, it only needs
 > one person to notice a problem and sound the alarm, and then everyone
 > else benefits.

It's not the number of people who see it. One or a million, it doesn't 
matter. What matters is that the right people see it, the people who 
genuinely understand what they're looking at. And even then they might 
not see the problem. If the likes of Messrs. R, S and A can screw up 
then what assurances can lesser mortals offer?

After I just got through saying that FIPS certification is a good thing. 
Well, certification isn't perfect, but it's better than a bunch of 
amateurs who think they know what they're doing but don't.

-- 
Rich P.