[CentOS] Can we trust RedHAt encryption tools?
m.roth at 5-cent.us
m.roth at 5-cent.usThu Jan 9 22:52:01 UTC 2014
- Previous message: [CentOS] Can we trust RedHAt encryption tools?
- Next message: [CentOS] Can we trust RedHAt encryption tools?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Robert Moskowitz wrote:
>
> On 01/09/2014 05:28 PM, John R Pierce wrote:
>> On 1/9/2014 2:20 PM, Eero Volotinen wrote:
>>> It might be easier to compromise security of commercial products as
>>> source code is not available. they seem to have succeeded in compromising
>>>> STANDARDS and ALGORITHMS, to heck with implementations.
>
> Only algorithm they compromised was an RNG that got pretty strong thumbs
> down from the real cryptographers. They have not compromised any IETF
> standard; maybe kept quite about a problem, but have not put holes in
> any. Most of our problems with TLS is implementations and backwards
> compatiblity options.
Not quite - anyone mandated to POSIX standards are effectively mandated to
use the compromised algorithms, as I understand it.
mark
- Previous message: [CentOS] Can we trust RedHAt encryption tools?
- Next message: [CentOS] Can we trust RedHAt encryption tools?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list