![]() Don't even begin to think your code is secure until it has had the holy hell tested out of it by talented people truly dedicated to breaking it, who have access to the source code.Īnd for whoever wrote this code, there is a special moral: don't write any more code, period. Caring about it, and wanting to do it, are irrelevant. If you aren't a really, really good programmer, don't write any kind of code upon which the lives or safety of people depend. Don't rely on your own opinion to determine whether you are a security expert. If you do it for less than absolute necessity, you're a moron. ![]() Touching any piece of security code at all is basically like performing brain surgery. And even then, only if absolutely necessary. If you aren't a security expert don't write security code. They generating a random floating point number by getting 16 random bytes of data with values less than 250 and converting each of them to a single decimal digit. I don't know of any legitimate crypto software that does this. ![]() they generate random data by first generating a random floating point number instead of random bits or bytes. "Let's see, where the heck is house 93760?" And then not noticing he had a problem for a year.Īnd worse, from the Steve Thomas' autopsy: ". I would suggest the analogy of a mailman who thinks that the zip code is the street address. Since many of the readers aren't programmers, maybe you might want to put in the article something to suggest just how stupendously bad this programming is. "The bug stems from programming that confused the difference between strings of digits and an array of integers" ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |