Date: Mon, 18 Jan 1999 21:27:08 +0100 (CET) From: Stephane Legrand <Stephane.Legrand@wanadoo.fr> To: Christopher Nielsen <cnielsen@pobox.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Port of 'bugs' in ports tree Message-ID: <199901182027.VAA01249@sequoia.mondomaineamoi.megalo> In-Reply-To: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com> References: <Pine.BSF.4.05.9901180658280.93748-100000@ender.sf.scient.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Christopher Nielsen writes: > Poking around in the ports tree this morning, I noticed a port under > ports/security called bugs. It caught my attention because pkg/DESCR says > it's a crypto library. Having never heard of it, I decided to take a look > at it. > > After perusing the code and reading through the description of the > algorithm, I feel very strongly that a warning of some kind should be > placed on this piece of software. This is NOT secure in any sense of the > word (except possibly against little sisters/brothers). I can think of at > least one cryptanalysis attack off the top of my head (poor source of > random data), and that's after spending 10 minutes looking at the code and > reading the algorithm. > > Comments? > Did you try to contact the original author to discuss about this problem with him ? -- Stephane.Legrand@wanadoo.fr | FreeBSD Francophone http://perso.wanadoo.fr/stephane.legrand/ | http://www.freebsd-fr.org/ "Laissez les developpeurs developpes et les octets seront bien gardes" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901182027.VAA01249>