back to article Auto crypto algo validation? Protocol prototype here

Cisco and the United States' National Institute of Standards and Technology (NIST) have quietly taken the covers off an important development for cryptographers: the first implementation of the Automated Cryptographic Validation Protocol (ACVP). First discussed at May's ICM conference, its aim is to help developers get across …

  1. Flocke Kroes Silver badge

    Doesn't everybody ...

    ... arrange for 'make test' to whine if some module's output does not match known good output for a set of test vectors?

    So the new plan is to use untested code to connect to a spoofed server, get some test vectors, run the untested crypto algorithm on them and rely on a reply from that spoofed server to valid the code that authenticated the wrong server in the first place?

    1. jfigus

      Re: Doesn't everybody ...

      Self-tests are a good idea. But what if a developer botches something in the self-tests? Third-party crypto validation provides another level of protection for people that are serious about privacy.

      Spoofing the server??? It doesn't sound like you're familiar with ACVP. ACVP uses TLS, along with mutual auth using X.509 certificates. While not inconceivable, spoofing the server or the client will be a challenge.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022