Blumenthal, Uri - 0553 - MITLL writes: >>>"In my opinion the issue is not implementation errors, they can be avoided >>>with the right disciplineā >> >> Has there ever been a vulnerability with a crypto, ah, implementation that >> *wasn't* an implementation error? > >Yes. The most recent example is SIKE.
I meant actual deployed, in-use code, in TLS, SSH, IPsec, PGP, S/MIME, X.509, whatever. It doesn't matter if WOMBAT-128 is insecure if that affects approximately zero instances of TLS, SSH, and so on. (MD5 is a grey-area case. It was known to be completely broken when it was still being used, so implementing MD5 when you should have been implementing SHA-256 is arguably an implementation error). Peter.
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
