Re: My Assessment of the Heartbleed OpenSSL bug and LedgerSMB

[ario <..hidden..>]

On Fri, 11 Apr 2014 19:15:00 +1200
Richard Hector <..hidden..> wrote:

> On 11/04/14 09:41, ario wrote:
> > On Thu, 10 Apr 2014 19:04:27 +0200
> > Pongrácz István <..hidden..> wrote:
> > 
> >> > What if they implemented this "feature" to be able to get
> >> > information without trace? :)))) 
> > Then they would have succeeded spectacularly with us thinking
> > "there is a bug" in OpenSSL.
> > 
> > My preferred beckup encryption scheme still would be the One Time
> > Pad (OTP) as it seems really unbreakable, if it were not for the
> > recurrency in the problem of: "Where do I backup the OTP itself,
> > and how do I encrypt it?"
> > 
> 
> Heartbleed isn't a problem with the encryption though; the encryption
> didn't get broken. Any protocol could probably potentially suffer
> from a buffer overflow due to a bug in the software. Given this one
> leaked info from the server process, who's to say it wouldn't leak
> your one-time pad?

You are right: It probably would. :)

ario


> Richard
> 
> 
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment 
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Ledger-smb-users mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-users


------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Ledger-smb-users mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-users