On Tue, Nov 18, 2003 at 02:50:13PM -0500, [EMAIL PROTECTED] wrote: > "Testing can prove the presence of flaws, but not their absence" -- Dijkstra. > > The same exact logic of why a crypto challenge doesn't prove anything > applies to a firewall challenge as well.
Lets take a example. I have firewall A that uses crypto method B. Cryptalanysis against B will not prove that the firewall implemented it properly. On the flip side failing to comprimise the firewall will not prove the method B is sound. The logic maybe the same but the implementation of the logic is diffrent. The reasons that were mentioned in the article applies to crypto far more than vulndev of products. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
