Looking for crypto ciphers being used.

Florian Weimer fweimer at redhat.com
Wed Jan 29 18:57:58 UTC 2014


On 01/29/2014 07:06 PM, Miloslav Trma─Ź wrote:
> On Wed, Jan 29, 2014 at 4:49 PM, Eric H. Christensen
> <sparks at fedoraproject.org <mailto:sparks at fedoraproject.org>> wrote:
>
>     I'm trying to figure out how to catalog what packages are using what
>     cryptographic ciphers within Fedora (specifically RC4).  Does anyone
>     know of a good way of figuring that out?

> AFAIK there isn't one.  There are various scripts that grep the source
> code for regexps (and if you are lucky, filter out the most blatant
> false positives), but even with the best scripts I've seen expect days
> or weeks of manual review to eliminate the false positives (and you'll
> have nothing to tell you about the false negatives).

And RC4 is especially tricky in this regard because it doesn't have any 
magic constants.

-- 
Florian Weimer / Red Hat Product Security Team


More information about the devel mailing list