On Thu, Jul 09, 2026 at 12:13:06PM +0000, Peter Gutmann wrote:
> Orr Dunkelman <[email protected]> writes:
> 
> >"In my opinion the issue is not implementation errors, they can be avoided
> >with the right discipline"
> 
> Has there ever been a vulnerability with a crypto, ah, implementation that
> *wasn't* an implementation error?
> 
Maybe it just was a rethorical quations,  but here is a quick brain dump, sorry
if I missed anybody's favoite:

Broken deployed crypo: MD4, MD5, RC4, SHA1, TETRA, A5/1, A5/2, ... sadly, this 
goes on
Too small choice of parameters: RSA-512 and other export-grade crypto
Bad design ideas: RSA prime generation by Infinon (ROCA)
Proocol:  RSA PKCS 1.5 and other padding oracles

All of those are weak even with an implementation that's perfectly matching the
specs,

All the best
        Tanja

_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to