\addtocounter{enumi}{1}
\item
- \TODO{}
+ \pass{}
Verify that all cryptographic modules fail securely, and errors are handled
in a way that does not enable oracle padding.
+ \begin{result}
+ The only cryptographic operation is the hashing of the password, which can
+ not be vulnerable to a padding attack as it does not use a block cipher.
+ \end{result}
+
\addtocounter{enumi}{3}
\notapplicable{
\TODO{}
Verify that cryptographic algorithms used by the application have been
validated against FIPS 140-2 or an equivalent standard.
+ \begin{result}
+ The application uses md-5 for password hashing, which should be insecure by
+ now.
+ \end{result}
\notapplicable{
\item
repositories / ssproject1617.git / commitdiff