[Mono-dev] Possible Crypto bug found...
jae
jaebird at coolaccess.net
Thu Jul 19 21:31:41 EDT 2007
Sebastien Pouliot wrote:
> Hello,
>
> This is a known "issue". The sample code doesn't check for
> ICryptoTransform.CanReuseTransform and this value is different between
> Mono and MS.
>
> Actually the code is somewhat dangerous as you can't be sure what
> implementation will be used at runtime, because implementation can be
> remapped using CryptoConfig. This means that someone else (with a custom
> machine.config could be using another Rijndael implementation and the
> code would fail under MS runtime too).
>
> <note-to-self>a gendarme rule to check for this would be
> nice</note-to-self>
>
> Sebastien
>
Ah yes, thanks. I didn't not check that property...I think a FAQ item
would be useful here. Complex issues like this, binary serialization,
etc probably should be documented somewhere. An editable wiki would help
(is there one? :) I'm finding issues as I port our complex .net app to
mono and it would be nice to put them somewhere web accessible.
Thanks,
Jae
More information about the Mono-devel-list
mailing list