Tom Metro wrote:
Anyone who read this thread will recall that my comments were in the context of a certain class of errors.
Here's what you wrote:
That's a simplistic understanding of how crypto algorithms work. An algorithm might consist of multiple layered state machines, and triggering a flaw might require hitting upon a state that your randomized black-box testing might find only once in a thousand years.
Source code analysis has the potential to find these, if the code is analyzed. Back-box testing will find them only if you are very lucky.
The knife cuts both ways, Tom. If white hats can use tools like these to find flaws in code then black hats can use the same tools to find the same flaws. Closed source crypto becomes more beneficial to the world than open source crypto because it denies black hats the ability to use to these tools against it and leaves them with your once in a thousand years chance of accidentally finding a flaw.
Laughable, like I said. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
