On Sat, Nov 06, 2010 at 03:15:58PM +0200, Miika Komu wrote: > > On 11/05/2010 07:17 PM, Diego Biurrun wrote: >> On Fri, Nov 05, 2010 at 07:01:32PM +0200, Miika Komu wrote: >>> >>> please elaborate? What is wrong with the crypto in HIPL? >> >> Hopefully nothing, but I would not bet :) > > while I think it would nice to have e.g. a static analysis on HIPL code, > I would suggest to keep such remarks to yourself until you have > something solid to point at. You have bad habit of seeing the devil > everywhere you go >) I disagree completely. Software in general should not be trusted without a thorough review and/or audit, crypto routines doubly so. This applies to any sort of security measure. Banks don't assume that their security is sufficient until somebody breaks in, they have experts check. This not only applies to software, it's the same in e.g. construction. The statics calculations for complex buildings are not trusted, they are doublechecked by independent experts. Nothing of the sort has ever happened with HIPL, so trusting it to handle security-relevant things is foolish. I'll also note that this semi-rant comes after discussions on the subject with Stefan, who found numerous issues in HIPL at a quick glance. There is no indication that we will run out of such opportunities for bug discovery any time soon. If you disagree, we can make a HIPL bug hunt challenge and give prizes out for discovering bugs, could be a lot of fun :) Diego