Matthew Garrett on Nostr: FFS. If you *knew* that your cryptography library had weaknesses but you justify that ...
FFS. If you *knew* that your cryptography library had weaknesses but you justify that by arguing that they're probably not real-world exploitable, you really need to be able to explain *why* they're not real-world exploitable, and even if that's true all this should be clearly documented in order to prevent someone else using your code in a way that breaks your assumptions and is vulnerable as a result (re:
https://news.ycombinator.com/item?id=41249371)
Published at
2024-08-14 22:51:46Event JSON
{
"id": "719321b316e2ebd02bdeab38bea91eb31493f3d35c56948153de41c233151231",
"pubkey": "ef5e80e6c74387ef14f5c6b89079f22b6847dc14365001c0ed662a20bd891677",
"created_at": 1723668706,
"kind": 1,
"tags": [
[
"proxy",
"https://nondeterministic.computer/users/mjg59/statuses/112962352381235003",
"activitypub"
]
],
"content": "FFS. If you *knew* that your cryptography library had weaknesses but you justify that by arguing that they're probably not real-world exploitable, you really need to be able to explain *why* they're not real-world exploitable, and even if that's true all this should be clearly documented in order to prevent someone else using your code in a way that breaks your assumptions and is vulnerable as a result (re: https://news.ycombinator.com/item?id=41249371)",
"sig": "9dbfa8dc178984283a56f3013ede3fb027d2c2f67df501bfed7ab4c0278838048d55ca6537aa163d218cfad4608ea0e8a0d626e80feff2d06e58a61d2046d689"
}