Reply to post: Not the first, probably won't be the last ...

Oracle already wins 'crypto bug of the year' with Java digital signature bypass

Richard Pennington 1
FAIL

Not the first, probably won't be the last ...

A few years ago, before I retired, I was involved in a safety-critical exercise in code verification.

One of the modules involved a series of values and a quick-and-dirty checksum for integrity. The checksum was simply the sum of the values of the rest of the array (ignoring overflows).

Meanwhile, another procedure would, under certain circumstances, wipe the whole array by overwriting it with zeroes.

Somebody pointed out that the integrity checksum algorithm was so poor that the integrity check would still show "OK" even after the array had been zeroed out ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon