From owner-freebsd-security Mon Jan 18 07:19:33 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA22486 for freebsd-security-outgoing; Mon, 18 Jan 1999 07:19:33 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hillbilly.hayseed.net (dnai-207-181-249-194.dsl.dnai.com [207.181.249.194]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA22480 for ; Mon, 18 Jan 1999 07:19:31 -0800 (PST) (envelope-from enkhyl@scient.com) Received: from localhost (IDENT:root@localhost [127.0.0.1]) by hillbilly.hayseed.net (8.9.1/8.8.5) with ESMTP id HAA07131 for ; Mon, 18 Jan 1999 07:19:22 -0800 Date: Mon, 18 Jan 1999 07:18:59 -0800 (PST) From: Christopher Nielsen X-Sender: enkhyl@ender.sf.scient.com Reply-To: Christopher Nielsen To: freebsd-security@FreeBSD.ORG Subject: Port of 'bugs' in ports tree Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Poking around in the ports tree this morning, I noticed a port under ports/security called bugs. It caught my attention because pkg/DESCR says it's a crypto library. Having never heard of it, I decided to take a look at it. After perusing the code and reading through the description of the algorithm, I feel very strongly that a warning of some kind should be placed on this piece of software. This is NOT secure in any sense of the word (except possibly against little sisters/brothers). I can think of at least one cryptanalysis attack off the top of my head (poor source of random data), and that's after spending 10 minutes looking at the code and reading the algorithm. Comments? -- Christopher Nielsen Scient: The eBusiness Systems Innovator cnielsen@scient.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message