On 01/29/2014 07:06 PM, Miloslav Trmač wrote:
On Wed, Jan 29, 2014 at 4:49 PM, Eric H. Christensen
<spa...@fedoraproject.org <mailto:spa...@fedoraproject.org>> wrote:
I'm trying to figure out how to catalog what packages are using what
cryptographic ciphers within Fedora (specifically RC4). Does anyone
know of a good way of figuring that out?
AFAIK there isn't one. There are various scripts that grep the source
code for regexps (and if you are lucky, filter out the most blatant
false positives), but even with the best scripts I've seen expect days
or weeks of manual review to eliminate the false positives (and you'll
have nothing to tell you about the false negatives).
And RC4 is especially tricky in this regard because it doesn't have any
magic constants.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct