Tweets

You blocked @FiloSottile

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @FiloSottile

  1. Pinned Tweet

    Do you wish my cryptography threads had more depth, context, or nuance? I'm giving the newsletter thing a try. Subscribe to Cryptography Dispatches. 📧 

    Show this thread
    Undo
  2. , , and 3 others
    Undo
  3. The Christmas holiday security conferences have always been a struggle, huh?

    Undo
  4. Retweeted
    Jan 31

    Google's December FEC filing is up. Google made a $1500 political donation to Mitch McConnell on December 20

    Show this thread
    Undo
  5. I got to talk at about supply chain security and how Go tackles its challenges. made an excellent livetweeting thread.

    Undo
  6. Also, occasional reminder that office dog policies are anti-inclusive.

    Show this thread
    Undo
  7. I'm really glad I burned out of air travel before US society decided pet dogs are more important than humans with allergies 😕

    Show this thread
    Undo
  8. (This is for the Go 1.12.16 and Go 1.13.7 security releases, which only affect 32-bit architectures and unpatched Windows systems: )

    Show this thread
    Undo
  9. Today's session of git dark arts with and involved "go get"-ing a module version that doesn't exist yet. The lengths we'll go to make sure patches and releases are ready as soon as a vulnerability becomes public.

    Show this thread
    Undo
  10. 𝘴𝘸𝘪𝘯𝘨𝘴 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳

    Show this thread
    Undo
  11. Well, before I got distracted by this horror while writing tests... I had just completed a long-running quest: the generic chacha20poly1305 code now has ZERO allocations, opening the door to separate chacha20 and poly1305 assembly \o/

    Show this thread
    Undo
  12. It's Sunday night, I'm at , and I'm auditing uses of x/poly1305 to make a point. I'm terrified I'll find vulnerabilities in the process. Help?

    Show this thread
    Undo
  13. Why did we expose Poly1305 in x/crypto again? 𝘱𝘪𝘤𝘬𝘴 𝘶𝘱 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳

    Show this thread
    Undo
  14. Here's an even weirder quirk: if the message is empty, the tag is simply the second half of the key. Again makes sense because the tag will be 0 + s mod 2¹²⁸ which is fine because... ChaCha20Poly1305 derives the key from key + nonce and no one else uses Poly1305?

    Show this thread
    Undo
  15. TIL a Poly1305 tag with a zero key is always zero. So if you can fixate the key, you can make the tag verify for any message, like with X25519 low order points. It does make sense, at that point the tag is m * 0 + 0 mod 2¹³⁰ - 5

    Show this thread
    Undo
  16. Hey Mozilla friends. Sorry about the news :( Take the time you need for self-care. If you're in NYC and I can help, email me and let's get coffee. I'll also be in SF at the end of the month (for Enigma). If you're interested in the , let's talk.

    Undo
  17. I have now seen a PoC chain (from an external researcher) and it's indeed the simplest imaginable attack. Patch.

    Show this thread
    Undo
  18. Retweeted
    Jan 14
    Replying to

    Dropping a vuln like that directly after RWC when all cryptographers are sick with conference flu should be considered irresponsible disclosure.

    Undo
  19. Yep, ok, looks like the attack is changing the generator of the curve so you know the private key, and then confuse the validator by providing an alternative root (?) with the same public key but poisoned parameters.

    Show this thread
    Undo
  20. This is it for the fun part: if you can pick the parameters, you can pick a curve for which you know the private key of arbitrary public keys. The validation fail is still unclear, when does the library accept untrusted params for a trusted public key?

    Show this thread
    Undo
  21. I am home sick with the flu, and can't immediately decide if that's the best or the worst time for a catastrophic crypto vulnerability to drop.

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·