Jud Posted April 2, 2019 Share Posted April 2, 2019 One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Popular Post mansr Posted April 2, 2019 Popular Post Share Posted April 2, 2019 Yes. Jud and 89reksal 1 1 Link to comment
Shadders Posted April 2, 2019 Share Posted April 2, 2019 Yes, it is just a software set - so it will be prone to attacks based on the system it is implemented upon, as well as side channel attacks. Link to comment
mrvco Posted April 2, 2019 Share Posted April 2, 2019 Secure and free of bugs... until it's not. -- My Audio System Link to comment
Samuel T Cogley Posted April 2, 2019 Share Posted April 2, 2019 Quote Work on EverCrypt began in 2016 as a part of Project Everest, an initiative led by Microsoft Research. Based on what we now know with how cozy Microsoft is with U.S. NSA, I wouldn't trust EverCrypt period. Link to comment
Popular Post mansr Posted April 2, 2019 Popular Post Share Posted April 2, 2019 The work they've done is most likely good. It's the reporting that's overblown. Near as I can tell, the project involves formal verification techniques to ensure that the software implementation is actually equivalent to the specification. To a limited extent, this can even extend to compiled code. While it indisputably avoids certain kinds of bugs (e.g. accidentally referring to the wrong variable), it provides no guarantees that the specification is sound. If they've found a way to prove that a crypto algorithm is secure, I'll be impressed, and even then there are still places where bugs can be hiding. The verifier itself comes to mind, as does the hardware. rando and crenca 2 Link to comment
Jud Posted April 2, 2019 Author Share Posted April 2, 2019 1 hour ago, mansr said: The work they've done is most likely good. It's the reporting that's overblown. Near as I can tell, the project involves formal verification techniques to ensure that the software implementation is actually equivalent to the specification. To a limited extent, this can even extend to compiled code. While it indisputably avoids certain kinds of bugs (e.g. accidentally referring to the wrong variable), it provides no guarantees that the specification is sound. If they've found a way to prove that a crypto algorithm is secure, I'll be impressed, and even then there are still places where bugs can be hiding. The verifier itself comes to mind, as does the hardware. I think I recall NASA doing something similar (regarding formal verification, including compiled code). What was the email program that had a bounty for security holes, and it was at least disputed whether some had been found and the developer had refused to acknowledge/pay? One never knows, do one? - Fats Waller The fairest thing we can experience is the mysterious. It is the fundamental emotion which stands at the cradle of true art and true science. - Einstein Computer, Audirvana -> optical Ethernet to Fitlet3 -> Fibbr Alpha Optical USB -> iFi NEO iDSD DAC -> Apollon Audio 1ET400A Mini (Purifi based) -> Vandersteen 3A Signature. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now