From owner-freebsd-security  Tue Jan 19 13:39:01 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA10525
          for freebsd-security-outgoing; Tue, 19 Jan 1999 13:39:01 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from wanadoo.fr (smtp-out-001.wanadoo.fr [193.252.19.68])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA10520
          for <freebsd-security@FreeBSD.ORG>; Tue, 19 Jan 1999 13:38:58 -0800 (PST)
          (envelope-from stephane@wanadoo.fr)
Received: from nev1-59.abo.wanadoo.fr [193.252.144.59] by wanadoo.fr
          for 
          Paris Tue, 19 Jan 1999 22:36:25 +0100 (MET)
Received: (from stephane@localhost)
	by sequoia.mondomaineamoi.megalo (8.9.2/8.9.1) id VAA01249;
	Mon, 18 Jan 1999 21:27:08 +0100 (CET)
	(envelope-from stephane)
Date: Mon, 18 Jan 1999 21:27:08 +0100 (CET)
Message-Id: <199901182027.VAA01249@sequoia.mondomaineamoi.megalo>
From: Stephane Legrand <Stephane.Legrand@wanadoo.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Christopher Nielsen <cnielsen@pobox.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Port of 'bugs' in ports tree
In-Reply-To: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com>
References: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com>
X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs  Lucid
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Christopher Nielsen writes:
 > Poking around in the ports tree this morning, I noticed a port under
 > ports/security called bugs. It caught my attention because pkg/DESCR says
 > it's a crypto library. Having never heard of it, I decided to take a look
 > at it.
 > 
 > After perusing the code and reading through the description of the
 > algorithm, I feel very strongly that a warning of some kind should be
 > placed on this piece of software. This is NOT secure in any sense of the
 > word (except possibly against little sisters/brothers). I can think of at
 > least one cryptanalysis attack off the top of my head (poor source of
 > random data), and that's after spending 10 minutes looking at the code and
 > reading the algorithm.
 > 
 > Comments?
 > 

Did you try to contact the original author to discuss about this
problem with him ?

-- 
Stephane.Legrand@wanadoo.fr               | FreeBSD Francophone
http://perso.wanadoo.fr/stephane.legrand/ | http://www.freebsd-fr.org/
"Laissez les developpeurs developpes et les octets seront bien gardes"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message