On 2010-12-18 4:35 PM, Peter Gutmann wrote:
James A. Donaldjam...@echeque.com writes:
Must interoperate with legitimate code.
Must plausibly claim to utilize well known algorithms (while actually
misusing them or grossly deviating from them.).
Sheesh, I can do this without even thinking.
James A. Donald jam...@echeque.com writes:
That took all of ten seconds to get. Result: A completely FIPS 186-compliant
digsig implementation that leaks the private key.
And one that would take someone checking the code about an hour or so to
detect.
And on what do you base that apart from