Date: Tue, 19 Jan 1999 01:47:00 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Christopher Nielsen <cnielsen@pobox.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Port of 'bugs' in ports tree Message-ID: <19990119014700.D42642@bitbox.follo.net> In-Reply-To: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com>; from Christopher Nielsen on Mon, Jan 18, 1999 at 07:18:59AM -0800 References: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 18, 1999 at 07:18:59AM -0800, Christopher Nielsen wrote: > Poking around in the ports tree this morning, I noticed a port under > ports/security called bugs. It caught my attention because pkg/DESCR says > it's a crypto library. Having never heard of it, I decided to take a look > at it. > > After perusing the code and reading through the description of the > algorithm, I feel very strongly that a warning of some kind should be > placed on this piece of software. This is NOT secure in any sense of the > word (except possibly against little sisters/brothers). I can think of at > least one cryptanalysis attack off the top of my head (poor source of > random data), and that's after spending 10 minutes looking at the code and > reading the algorithm. If you write up a description of your attack and also submit it to the author, I'll add a link to it from pkg/DESCR. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990119014700.D42642>