ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Spoofing OpenPGP and S/MIME Signatures in Emails

2019-04-30 22:44:14
ilf <ilf(_at_)zeromail(_dot_)org> writes:

https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://raw.githubusercontent.com/RUB-NDS/Johnny-You-Are-Fired/master/paper/johnny-fired.pdf

Thus confirming Shamir's law, "crypto is bypassed, not attacked".  When I get
asked to perform a security assessment of something involving crypto, I look
for the crypto code, ignore it, and look at the code next to it.  I've never
failed to find vulns there.  

Crypto code in software is a beacon pointing you to where to the
vulnerabilities are.

Peter.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>