« earlier | later » Page 7 of 11
How to Prevent the next Heartbleed edit / delete
An interesting review of some of the approaches that didn't prevent the OpenSSL heartbeat bug (either because they weren't effective or because they weren't applied).
to buffer-overflow checking openssl security static-analysis testing ... on 02 May 2014
C++ crypto library, with yet another TLS implementation.
to c++ cryptography library security software tls ... on 28 April 2014
A formally verified implementation of TLS. (Being written in F# means it's a bit impractical to use as a library, though...)
to cryptography formal-methods security tls verification ... on 28 April 2014
BetterCrypto⋅org edit / delete
Practical recommendations for TLS settings.
to cryptography security ssl tls ... on 28 April 2014
Cryptography Coding Standard edit / delete
Patterns for secure cryptographic software (e.g. same comparisons).
to cryptography patterns programming safety security ... on 27 April 2014
Diffie Hellman and TLS with nonsense parameters - Hanno's blog edit / delete
Apparently quite a lot of TLS implementations will happily accept 15 as a prime for DH key exchange. Presumably even if they were checking you could rely on the probabilistic test too...
to cryptography dh prime security ssl testing tls ... on 16 April 2014
Embedded in Academia : A New Development for Coverity and Heartbleed edit / delete
What Coverity is doing to detect the Heartbleed problem (in short: treating n2hs-style functions as generating tainted results).
to coverity security ssl static-analysis tls ... on 14 April 2014
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations edit / delete
Generating randomly-varied certificates and comparing how different implementations respond to them.
to ca certificate papers security ssl testing tls ... on 13 April 2014
ImperialViolet - Apple's SSL/TLS bug edit / delete
The famous copy-and-paste error.
« earlier | later » Page 7 of 11
tasty by Adam Sampson.