Mike Small wrote:
How do you examine closed source crypto? It's a fair argument that the code being available isn't sufficient to have all its bugs (intentional or normal) found, but if the code's not available at all...
That's both simple and not so simple: you compare what should be deterministic results, and you look for deterministic results when there should be none. In other words, you attack the closed cipher or hash implementation of an algorithm the same way you would attack an open source implementation of that algorithm.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
