On 2012-02-23 9:49 AM, Jeffrey Walton wrote:
On Wed, Feb 22, 2012 at 2:53 AM, James A. Donald<[email protected]> wrote:
On 2012-02-22 12:31 PM, Kevin W. Wall wrote:
1) They think that key size is the paramount thing; the bigger the
better.
2) The have no clue as to what cipher modes are. It's ECB by default.
3) More importantly, they don't know how to choose a cipher mode (not
surprising, given #2). They need to understand the trade-offs.
4) They have no idea about how to generate keys, derived keys, IVs,
5) They don't know what padding is, or when/why to use it.
6) They have a very naive concept of entropy...where/when to use it
and from where and how to obtain it.
The debian debacle was none of the above - the patch was simply obviously
stupid even if one had no idea about what the software was supposed to be
doing.
Remember, OpenSSL gave tacit approval: "If it helps with debugging,
I'm in favor of removing them,"
http://www.mail-archive.com/[email protected]/msg21156.html.
OpenSSL approved removing uninitialized data as *one* of many sources of
randomness. They did not give approval to remove *all* sources of
randomness.
The routine for stirring randomness into the entropy pool had all use of
its input argument commented out, so that the routine did nothing - did
nothing regardless of whether it was called with uninitialized data, or
called with any other source of randomness.
Which was simply moronic. You don't need to know anything about
cryptography to figure out that disabling a widely used routine because
valgrind complains about *two* uses of that routine is stupid.
The fact that this was done and passed code review discredits the debian
organization.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
