Crypto Hash Boffins Trip on Buffer Overflow
-
Crypto hash boffins trip on buffer overflow[^]: Two of the programs submitted in the first round of a competition to find the next cryptographic hash standard contain buffer overflow errors that could make them prone to crashes and security problems.
-
Crypto hash boffins trip on buffer overflow[^]: Two of the programs submitted in the first round of a competition to find the next cryptographic hash standard contain buffer overflow errors that could make them prone to crashes and security problems.
from the article: The buffer overflow in Blender was the result of a typo. A developer mistyped3 instead of 2 for an array access. It required very large input in order to be caught. Fortify's analysis has already been greeted by a chorus of critics who point out the errors in the submission lie with source-code implementations rather than the soundness of the underlying algorithm. :-\
Yusuf
-
Crypto hash boffins trip on buffer overflow[^]: Two of the programs submitted in the first round of a competition to find the next cryptographic hash standard contain buffer overflow errors that could make them prone to crashes and security problems.
"Reference implementations don't disappear, they serve as a starting point for future implementations or are used directly," the company stated. "A bug in the RSA reference implementation was responsible for vulnerabilities in OpenSSL and to separate SSH implementations. ... rest omitted" even then, finding a reference implementation, extending and testing it is hard - it does put me in two minds - one, always use a well known trustworthy company and pay for the software or SDK, or two, if you're going it alone (and expect to be taken seriously/pass an audit), you'll need the resources of externals [either way, its a minefield] 'g'