Looking for crypto ciphers being used.
Florian Weimer
fweimer at redhat.com
Wed Jan 29 18:57:58 UTC 2014
On 01/29/2014 07:06 PM, Miloslav Trmač wrote:
> On Wed, Jan 29, 2014 at 4:49 PM, Eric H. Christensen
> <sparks at fedoraproject.org <mailto:sparks at fedoraproject.org>> wrote:
>
> I'm trying to figure out how to catalog what packages are using what
> cryptographic ciphers within Fedora (specifically RC4). Does anyone
> know of a good way of figuring that out?
> AFAIK there isn't one. There are various scripts that grep the source
> code for regexps (and if you are lucky, filter out the most blatant
> false positives), but even with the best scripts I've seen expect days
> or weeks of manual review to eliminate the false positives (and you'll
> have nothing to tell you about the false negatives).
And RC4 is especially tricky in this regard because it doesn't have any
magic constants.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list