Hacker News new | ask | show | jobs
by couchand 2612 days ago
OTOH if the OEM can't code the CRC right, one might be better off packing their own parachute...
1 comments
Odenwaelder 2612 days ago
No, you're not better off. If you want to get a medical product like this licensed, you have to prove that you performed rigorous, multi-staged testing and document all your development including all emerging risks. I have participated in such licensing efforts and I doubt that an open source project has the means of providing such rigorous testing.
link
stefan_ 2612 days ago
The result of this diligent process, of course, is how a broken CRC16 routine got shipped in this medical product.

It's the most trivial thing. Copy a public domain CRC16 routine, add a unit test with a test vector.

link
joezydeco 2611 days ago
Can you be sure it wasn’t a badly implemented form of obsfucatiom?

It certainly slowed down the reverse engineers. If they didn’t get to the object code what would the next step have been? Cryptographic analysis?

link
stefan_ 2611 days ago
5 of the bits were never set in their "obfuscated" variant? If you want to obfuscate CRC16 you would just choose a randomized starting value.
link
joezydeco 2611 days ago
I didn't say it was implemented well. Perhaps they should changing shift operators would quietly change the values without any disturbance to checksum integrity.
link
mikelward 2612 days ago
Tidepool is indeed working on FDA approval for Loop.

https://www.tidepool.org/blog/tidepool-delivering-loop

link