I'm polishing my HotSec talk on the problems with today's Crypto APIs. Still room for some great last minute examples (will credit you!)
-
-
Replying to @matthew_d_green
@matthew_d_green https://www.cigital.com/justice-league-blog/2009/08/14/proper-use-of-javas-securerandom/ …1 reply 1 retweet 0 likes -
Replying to @matthew_d_green
@matthew_d_green You should have a whole section dedicated to bad PRNG APIs.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@dfaranha I think the lesson from PHP is "don't let people who have no idea what they're doing design crypto APIs"2 replies 0 retweets 1 like -
Replying to @bascule
@bascule@matthew_d_green What worries me is that APIs designed by experts also have all sorts of issues. See OpenSSL, for example.2 replies 0 retweets 0 likes
Replying to @dfaranha
@dfaranha @matthew_d_green OpenSSL feels more like a historical accident. The ciphers were there for implementing TLS and were then exposed
8:41 PM - 12 Aug 2013
1 reply
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.