[148928] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [Cryptography] defaults, black boxes, APIs,

daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Jan 5 16:52:09 2014

X-Original-To: cryptography@metzdowd.com
Date: Mon, 06 Jan 2014 01:34:45 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1401041810180.3176@astro.indiana.edu>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

On 2014-01-05 12:23, Jonathan Thornburg wrote:
> The OpenBSD website points out that they've only had two remote holes
> in the default install in "a heck of a long time" (I think more than a
> decade).  So perhaps the manual-updates security model remains viable....

Despite being open source, OpenBSD audits most of its code.

Audit is the only way to find remote holes, since remote hole attacks 
consist of specially crafted abnormal data, hence will not show up in 
ordinary testing.

_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[148928] in cryptography@c2.net mail archive

Re: [Cryptography] defaults, black boxes, APIs,

daemon@ATHENA.MIT.EDU (James A. Donald)Sun Jan 5 16:52:09 2014

daemon@ATHENA.MIT.EDU (James A. Donald)
Sun Jan 5 16:52:09 2014