repositories
/
ssproject1617.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
e71ae42
)
v7 first version done
author
W
<kuhnen@science.ru.nl>
Wed, 9 Nov 2016 10:53:52 +0000
(11:53 +0100)
committer
W
<kuhnen@science.ru.nl>
Wed, 9 Nov 2016 10:53:52 +0000
(11:53 +0100)
report/v7_cryptography.tex
patch
|
blob
|
history
diff --git
a/report/v7_cryptography.tex
b/report/v7_cryptography.tex
index
293dd19
..
9058968
100644
(file)
--- a/
report/v7_cryptography.tex
+++ b/
report/v7_cryptography.tex
@@
-3,9
+3,14
@@
\addtocounter{enumi}{1}
\item
\addtocounter{enumi}{1}
\item
- \
TODO
{}
+ \
pass
{}
Verify that all cryptographic modules fail securely, and errors are handled
in a way that does not enable oracle padding.
Verify that all cryptographic modules fail securely, and errors are handled
in a way that does not enable oracle padding.
+ \begin{result}
+ The only cryptographic operation is the hashing of the password, which can
+ not be vulnerable to a padding attack as it does not use a block cipher.
+ \end{result}
+
\addtocounter{enumi}{3}
\notapplicable{
\addtocounter{enumi}{3}
\notapplicable{
@@
-20,6
+25,10
@@
\TODO{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140-2 or an equivalent standard.
\TODO{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140-2 or an equivalent standard.
+ \begin{result}
+ The application uses md-5 for password hashing, which should be insecure by
+ now.
+ \end{result}
\notapplicable{
\item
\notapplicable{
\item