[wplug] OpenSSL security vulnerability
Tom Rhodes
trhodes at FreeBSD.org
Thu May 15 19:15:47 EDT 2008
On Thu, 15 May 2008 16:02:36 -0400
Christopher DeMarco <demarco at maya.com> wrote:
> On Thu, May 15, 2008 at 03:49:36PM +0200, Patrick Wagstrom wrote:
>
> > possible key space to 2^15 keys instead of 2^1024 possible keys.
> > Yeah, it took two years for people to realize this.
>
> I ordinarily don't read Slashdot, but this caught my eye:
>
> Lesson#1: It's best to not change code you do not understand
> without getting it reviewed by people who (are supposed to)
> understand the code.
>
> Lesson#2: If you write code that deliberately does weird things
> like wanting to read unitialised memory, PUT A COMMENT so that
> people other than you have a fighting chance with your code.
>
I don't read slashdot for a small handful of reasons. But
there is definitely a few things I could say with regards
to this. One is that comments are extremely important, and
have saved me a lot of problems. You never know if the author
is doing something stupid deliberately or if they're just a nut.
--
Tom Rhodes
More information about the wplug
mailing list