[Linuxtrent] Re: security & privacy 06
- From: "Roberto Resoli" <roberto.resoli@xxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxx
- Date: Thu, 25 May 2006 15:49:34 +0200
--- cut ---
Preoccupante quello che dicono sulla predicibilità del RNG di openWRT ....
speriamo che siano corsi ai ripari ....
Interessanti anche
alcuni commenti (non lusinghieri) sulla qualita` del codice e il suo
essere open source (ok, free software).
Dalle conclusioni :
================================
"Open" is not a synonym for "secure". We feel that the open source
community should have a better policy for
security sensitive software components. These components should not be
treated as other source elements. We suggest to add a better quality
assurance procedure for the cryptographic elements of the kernel. For
example, the PRNG must
pass statistical tests which can be put into the kernel build process.
Open source must also have, in our opinion, a
clear and updated documentation of the algorithms used in the code.
Such documentation could have saved us from
the trouble of reverse engineering the code, and would have provided
better access for other researchers to review the
security of the LRNG.
======================================================
... condivido completamente.
Ciao,
Rob
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx
Other related posts:
