9 Jan
2014
9 Jan
'14
10:52 p.m.
Robert Moskowitz wrote:
On 01/09/2014 05:28 PM, John R Pierce wrote:
On 1/9/2014 2:20 PM, Eero Volotinen wrote:
It might be easier to compromise security of commercial products as source code is not available. they seem to have succeeded in compromising
STANDARDS and ALGORITHMS, to heck with implementations.
Only algorithm they compromised was an RNG that got pretty strong thumbs down from the real cryptographers. They have not compromised any IETF standard; maybe kept quite about a problem, but have not put holes in any. Most of our problems with TLS is implementations and backwards compatiblity options.
Not quite - anyone mandated to POSIX standards are effectively mandated to use the compromised algorithms, as I understand it.
mark