[Owasp-leaders] Weak Cryptography

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Tue Nov 18 11:41:59 EST 2008


Our last chapter meeting had a presentation from Voltage on the topic of
Identity-Based Encryption (IBE) which is different than traditional PKI
approaches. Has anyone in OWASP ever thought about explaining the notion
of weak crypto from an IBE perspective?

Do vendors such as Fortify, Ounce Labs, Coverity, etc when doing static
analysis understand weak crypto anti-patterns against IBE?

When using format preserving encryption around data, how can we quantify
any weaknesses? See:
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem
/ffsem-spec.pdf

Should we quantify crypto weaknesses not just from an code perspective
but also how it is represented within XML?


************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20081118/a400eab0/attachment-0001.html 


More information about the OWASP-Leaders mailing list