I love this aspect of DTLS: Silently discards invalid inputs so attackers can keep guessing until they get it right. https://tools.ietf.org/html/rfc6347#section-4.1.2.7 …
-
-
Replying to @BRIAN_____
@BRIAN_____ there are so many trade-offs here. And isn't the role of crypto to guarantee that guessing will not lead anywhere? Why compromi…2 replies 0 retweets 0 likes -
Replying to @volatile_void
@spun_off I think that that thinking is predicated on having *good* crypto underneath. # of queries is relevant even for good crypto.
1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____ eventually we are going to find out what the best order for HMAC and encrypt is, though?1 reply 0 retweets 0 likes
Replying to @volatile_void
@spun_off There's even already an extension to fix the ordering, but nobody deployed it.
1:52 AM - 10 Apr 2016
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.