Mike Small wrote:
So this is kind of what troubles me in the line this thread has taken re. checking that the encryption algorithms are well chosen and implemented correctly.
That's why the world trusts the cryptographic module in OpenSSL: it's been examined and confirmed to be implemented correctly where "correctly" is "what FIPS 140-2 says is correct". Microsoft's cryptographic library has undergone the same certification so I can say that it is implemented correctly to the same "what FIPS 140-2 says is correct". The world (and I) don't have the same trust for the GnuTLS cryptographic module because it doesn't have that certification.
Heartbleed is something else entirely. It's not a failure to implement an algorithm properly. It's a stupid little hack to work around slow malloc() calls.
-- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
