Blumenthal, Uri - 0553 - MITLL writes:

>>>"In my opinion the issue is not implementation errors, they can be avoided
>>>with the right disciplineā€
>>
>> Has there ever been a vulnerability with a crypto, ah, implementation that
>> *wasn't* an implementation error?
>
>Yes. The most recent example is SIKE.

I meant actual deployed, in-use code, in TLS, SSH, IPsec, PGP, S/MIME, X.509,
whatever.  It doesn't matter if WOMBAT-128 is insecure if that affects
approximately zero instances of TLS, SSH, and so on.

(MD5 is a grey-area case.  It was known to be completely broken when it was
still being used, so implementing MD5 when you should have been implementing
SHA-256 is arguably an implementation error).

Peter.
_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to