ilf <ilf(_at_)zeromail(_dot_)org> writes:
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://raw.githubusercontent.com/RUB-NDS/Johnny-You-Are-Fired/master/paper/johnny-fired.pdf
Thus confirming Shamir's law, "crypto is bypassed, not attacked". When I get
asked to perform a security assessment of something involving crypto, I look
for the crypto code, ignore it, and look at the code next to it. I've never
failed to find vulns there.
Crypto code in software is a beacon pointing you to where to the
vulnerabilities are.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp