[Odenwaelder]

No, you're not better off. If you want to get a medical product like this licensed, you have to prove that you performed rigorous, multi-staged testing and document all your development including all emerging risks. I have participated in such licensing efforts and I doubt that an open source project has the means of providing such rigorous testing.

[stefan_]

The result of this diligent process, of course, is how a broken CRC16 routine got shipped in this medical product.

It's the most trivial thing. Copy a public domain CRC16 routine, add a unit test with a test vector.

[joezydeco]

Can you be sure it wasn’t a badly implemented form of obsfucatiom?

It certainly slowed down the reverse engineers. If they didn’t get to the object code what would the next step have been? Cryptographic analysis?

[stefan_]

5 of the bits were never set in their "obfuscated" variant? If you want to obfuscate CRC16 you would just choose a randomized starting value.

[joezydeco]

I didn't say it was implemented well. Perhaps they should changing shift operators would quietly change the values without any disturbance to checksum integrity.

[mikelward]

Tidepool is indeed working on FDA approval for Loop.

https://www.tidepool.org/blog/tidepool-delivering-loop