Paul Rubin <http> wrote: > Actually and surprisingly, that's not really true. Crypto algorithms > are pretty straightforward, so if you examine the code and check that > it passes a bunch of test vectors, you can be pretty sure it's > correct.
I was going to write pretty much the same thing. If a security flaw is found in a block cipher (say) it won't be because it has a buffer overflow etc, it will be because the algorithm is flawed. You can't patch up crypto algorithms, you have to throw them away and start again (you can't have two incompatible versions of DES for instance). -- Nick Craig-Wood <[EMAIL PROTECTED]> -- http://www.craig-wood.com/nick -- http://mail.python.org/mailman/listinfo/python-list
