Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @FiloSottile
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @FiloSottile
-
Pinned Tweet
Do you wish my cryptography threads had more depth, context, or nuance? I'm giving the newsletter thing a try. Subscribe to Cryptography Dispatches.
https://buttondown.email/cryptography-dispatches …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
The Christmas holiday security conferences have always been a struggle, huh?pic.twitter.com/3DKJh2vz9j
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Filippo Valsorda Retweeted
Google's December FEC filing is up. Google made a $1500 political donation to Mitch McConnell on December 20pic.twitter.com/AtLrWLAVNC
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I got to talk at
#Enigma2020 about supply chain security and how Go tackles its challenges.@LeaKissner made an excellent livetweeting thread.https://twitter.com/LeaKissner/status/1221867850362548224 …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Also, occasional reminder that office dog policies are anti-inclusive.https://twitter.com/FiloSottile/status/1116418872519929859 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I'm really glad I burned out of air travel before US society decided pet dogs are more important than humans with allergies
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
(This is for the Go 1.12.16 and Go 1.13.7 security releases, which only affect 32-bit architectures and unpatched Windows systems: https://groups.google.com/d/msg/golang-announce/-sdUB4VEQkA/2Jj-k4qjCwAJ …)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Today's session of git dark arts with
@katie_hockman and@dmitshur involved "go get"-ing a module version that doesn't exist yet. The lengths we'll go to make sure patches and releases are ready as soon as a vulnerability becomes public.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Well, before I got distracted by this horror while writing tests... I had just completed a long-running quest: the generic chacha20poly1305 code now has ZERO allocations, opening the door to separate chacha20 and poly1305 assembly \o/ https://go-review.googlesource.com/c/crypto/+/206977 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
It's Sunday night, I'm at
@recursecenter, and I'm auditing uses of x/poly1305 to make a point. I'm terrified I'll find vulnerabilities in the process. Help?Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Why did we expose Poly1305 in x/crypto again? 𝘱𝘪𝘤𝘬𝘴 𝘶𝘱 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Here's an even weirder quirk: if the message is empty, the tag is simply the second half of the key. Again makes sense because the tag will be 0 + s mod 2¹²⁸ which is fine because... ChaCha20Poly1305 derives the key from key + nonce and no one else uses Poly1305?
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
TIL a Poly1305 tag with a zero key is always zero. So if you can fixate the key, you can make the tag verify for any message, like with X25519 low order points. It does make sense, at that point the tag is m * 0 + 0 mod 2¹³⁰ - 5
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Hey Mozilla friends. Sorry about the news :( Take the time you need for self-care. If you're in NYC and I can help, email me and let's get coffee. I'll also be in SF at the end of the month (for Enigma). If you're interested in the
@RecurseCenter, let's talk.#MozillaLifeboatThanks. Twitter will use this to make your timeline better. UndoUndo -
I have now seen a PoC chain (from an external researcher) and it's indeed the simplest imaginable attack. Patch.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Filippo Valsorda Retweeted
Dropping a vuln like that directly after RWC when all cryptographers are sick with conference flu should be considered irresponsible disclosure.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Yep, ok, looks like the attack is changing the generator of the curve so you know the private key, and then confuse the validator by providing an alternative root (?) with the same public key but poisoned parameters.pic.twitter.com/6E2rLnwZEW
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
This is it for the fun part: if you can pick the parameters, you can pick a curve for which you know the private key of arbitrary public keys. The validation fail is still unclear, when does the library accept untrusted params for a trusted public key?https://twitter.com/Dennis__Jackson/status/1217155490205065217 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I am home sick with the flu, and can't immediately decide if that's the best or the worst time for a catastrophic crypto vulnerability to drop.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.