[Mono-dev] Possible Crypto bug found...

Sebastien Pouliot sebastien.pouliot at gmail.com
Fri Jul 20 10:59:42 EDT 2007


On Thu, 2007-07-19 at 20:31 -0500, jae wrote:
> Sebastien Pouliot wrote:
> > Hello,
> >
> > This is a known "issue". The sample code doesn't check for
> > ICryptoTransform.CanReuseTransform and this value is different between
> > Mono and MS.
> >
> > Actually the code is somewhat dangerous as you can't be sure what
> > implementation will be used at runtime, because implementation can be
> > remapped using CryptoConfig. This means that someone else (with a custom
> > machine.config could be using another Rijndael implementation and the
> > code would fail under MS runtime too).
> >
> > <note-to-self>a gendarme rule to check for this would be
> > nice</note-to-self>
> >
> > Sebastien
> >   
> 
> Ah yes, thanks. I didn't not check that property...I think a FAQ item
> would be useful here. 

True, I'll add it to the security faq later (or when I'm back from
vacations).

> Complex issues like this, binary serialization,
> etc probably should be documented somewhere. An editable wiki would help
> (is there one? :) I'm finding issues as I port our complex .net app to
> mono and it would be nice to put them somewhere web accessible.

It may be better to post them (in groups or single issues) on this list
and, when answered, moved to the wiki FAQs.

> Thanks,
> 
> Jae
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list




More information about the Mono-devel-list mailing list