X-Git-Url: https://git.martlubbers.net/?a=blobdiff_plain;f=report%2Fv7_cryptography.tex;h=2d83ce2114fc1c78517b85702f20fadc115dc661;hb=06d7ae862f750a89968a0c7c2104b133e801d3a5;hp=9058968f534437ae6a7be8c186bac4a51a44095a;hpb=4cfce62881e08e89e155c7965c138568a336cdb1;p=ssproject1617.git

diff --git a/report/v7_cryptography.tex b/report/v7_cryptography.tex
index 9058968..2d83ce2 100644
--- a/report/v7_cryptography.tex
+++ b/report/v7_cryptography.tex
@@ -1,5 +1,5 @@
 % usage of crypt()
-\begin{enumerate}[label={7.\arabic*}]
+\begin{enumerate}[label={V7.\arabic*}]
 
   \addtocounter{enumi}{1}
     \item
@@ -22,11 +22,10 @@
   }
 
     \item
-    \TODO{}
     Verify that cryptographic algorithms used by the application have been
     validated against FIPS 140-2 or an equivalent standard.
     \begin{result}
-    The application uses md-5 for password hashing, which should be insecure by
+    The application uses MD5 for password hashing, which should be insecure by
       now.
     \end{result}
 
@@ -63,12 +62,14 @@
     Verify that sensitive passwords or key material maintained in memory is
     overwritten with zeros as soon as it no longer required, to mitigate memory
     dumping attacks.
+    % FIXME(dsprenkels) Passwords should be zero'd?
   }
 
   \notapplicable{
     \item
     Verify that all keys and passwords are replaceable, and are generated or
     replaced at installation time.
+    % FIXME(dsprenkels) This *is* relevant (passwords)
   }
 
   \notapplicable{
@@ -76,6 +77,8 @@
     Verify that random numbers are created with proper entropy even when the
     application is under heavy load, or that the application degrades gracefully
     in such circumstance.
+    % FIXME(dsprenkels) This *is* relevant: password generation of the admin
+    %                   password in the install script uses a Mersenne twister!
   }
 
 \end{enumerate}