diff options
author | Andres Erbsen <andres@krutt.org> | 2016-06-29 03:40:18 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-06-29 03:40:18 -0400 |
commit | 303fffc1e9ec910cd560a8d7917ab1b3c1e94707 (patch) | |
tree | a3a5bcea45a37f539887116df80b00bbd1d3521a /crypto-defects.md | |
parent | 5e85d15452a3c2cd2d79fcbd117427e040c7bd1d (diff) |
Update crypto-defects.md
Diffstat (limited to 'crypto-defects.md')
-rw-r--r-- | crypto-defects.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto-defects.md b/crypto-defects.md index 90675d3d0..f8cf52053 100644 --- a/crypto-defects.md +++ b/crypto-defects.md @@ -16,3 +16,5 @@ appearing in our code. | [end-to-end#340](https://github.com/google/end-to-end/issues/340) | Curve25519 library | twisted Edwards coordinates | (0, 1) = ∞ | | [CVE-2006-4339](https://web.archive.org/web/20071010042708/http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html) | RSA-PKCS-1 sig. verification | irrelevant | padding check | | [CVE-2014-3570](https://www.openssl.org/news/secadv/20150108.txt) | Bignum squaring | | | + +Not covered in the above list: memory mismanagement (buffer overrun, use-after-free, uninitialized read, null dereference), timing attacks (branch, cache, instruction). While these issues are very important, there are good programming disciplines for avoiding them without verifying intricate details of the computation. |