repositories
/
ssproject1617.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Added a chapter analysing Fortify's results; some general beautification; modified...
[ssproject1617.git]
/
report
/
v7_cryptography.tex
diff --git
a/report/v7_cryptography.tex
b/report/v7_cryptography.tex
index
293dd19
..
952d832
100644
(file)
--- a/
report/v7_cryptography.tex
+++ b/
report/v7_cryptography.tex
@@
-1,11
+1,16
@@
% usage of crypt()
% usage of crypt()
-\begin{enumerate}[label={7.\arabic*}]
+\begin{enumerate}[label={
V
7.\arabic*}]
\addtocounter{enumi}{1}
\item
\addtocounter{enumi}{1}
\item
- \
TODO
{}
+ \
pass
{}
Verify that all cryptographic modules fail securely, and errors are handled
in a way that does not enable oracle padding.
Verify that all cryptographic modules fail securely, and errors are handled
in a way that does not enable oracle padding.
+ \begin{result}
+ The only cryptographic operation is the hashing of the password, which can
+ not be vulnerable to a padding attack as it does not use a block cipher.
+ \end{result}
+
\addtocounter{enumi}{3}
\notapplicable{
\addtocounter{enumi}{3}
\notapplicable{
@@
-20,6
+25,10
@@
\TODO{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140-2 or an equivalent standard.
\TODO{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140-2 or an equivalent standard.
+ \begin{result}
+ The application uses md-5 for password hashing, which should be insecure by
+ now.
+ \end{result}
\notapplicable{
\item
\notapplicable{
\item