top | item 8565442

(no title)

xnull | 11 years ago

I think implementation bugs are within the spirit of OP, especially provided the NSA claims to have provided an implementation fix for Heartbleed.

The sorts of bugs I'm talking about exist in client and popular software. As far as tempo is concerned this year alone has given us BERserk, gotofail, Android Master Key, OpenSSL fork(), Bitcoin's use of P256, GNUTLS X.509 parsing bug, the OpenSSL compiler optimization+processor family randomness bug, and others.

If we were to entertain OP's point maybe there would be a faster tempo if the NSA were helping out. :)

discuss

tptacek|11 years ago

Sure, if this is what we mean by the kinds of cryptography bugs NSA is a powerhouse at, I'm sure they could be leaking more of them to industry.