From: W Date: Wed, 9 Nov 2016 10:53:52 +0000 (+0100) Subject: v7 first version done X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=4cfce62881e08e89e155c7965c138568a336cdb1;p=ssproject1617.git v7 first version done --- diff --git a/report/v7_cryptography.tex b/report/v7_cryptography.tex index 293dd19..9058968 100644 --- a/report/v7_cryptography.tex +++ b/report/v7_cryptography.tex @@ -3,9 +3,14 @@ \addtocounter{enumi}{1} \item - \TODO{} + \pass{} Verify that all cryptographic modules fail securely, and errors are handled in a way that does not enable oracle padding. + \begin{result} + The only cryptographic operation is the hashing of the password, which can + not be vulnerable to a padding attack as it does not use a block cipher. + \end{result} + \addtocounter{enumi}{3} \notapplicable{ @@ -20,6 +25,10 @@ \TODO{} Verify that cryptographic algorithms used by the application have been validated against FIPS 140-2 or an equivalent standard. + \begin{result} + The application uses md-5 for password hashing, which should be insecure by + now. + \end{result} \notapplicable{ \item