On 01/29/2014 07:06 PM, Miloslav Trmač wrote:
On Wed, Jan 29, 2014 at 4:49 PM, Eric H. Christensen <spa...@fedoraproject.org <mailto:spa...@fedoraproject.org>> wrote:I'm trying to figure out how to catalog what packages are using what cryptographic ciphers within Fedora (specifically RC4). Does anyone know of a good way of figuring that out?
AFAIK there isn't one. There are various scripts that grep the source code for regexps (and if you are lucky, filter out the most blatant false positives), but even with the best scripts I've seen expect days or weeks of manual review to eliminate the false positives (and you'll have nothing to tell you about the false negatives).
And RC4 is especially tricky in this regard because it doesn't have any magic constants.
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
