I'm polishing my HotSec talk on the problems with today's Crypto APIs. Still room for some great last minute examples (will credit you!)
-
-
Replying to @matthew_d_green
@matthew_d_green https://www.cigital.com/justice-league-blog/2009/08/14/proper-use-of-javas-securerandom/ …1 reply 1 retweet 0 likes -
Replying to @matthew_d_green
@matthew_d_green You should have a whole section dedicated to bad PRNG APIs.1 reply 0 retweets 0 likes -
Replying to @matthew_d_green
@matthew_d_green@dfaranha I think the lesson from PHP is "don't let people who have no idea what they're doing design crypto APIs"2 replies 0 retweets 1 like -
Replying to @bascule
@bascule@matthew_d_green What worries me is that APIs designed by experts also have all sorts of issues. See OpenSSL, for example.2 replies 0 retweets 0 likes -
Replying to @dfaranha
@dfaranha@matthew_d_green I'm not sure OpenSSL really qualifies as being designed by "experts" ;)1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@matthew_d_green They may not be the very best, but are certainly regarded as experts by the broad community of coders. :-)2 replies 0 retweets 0 likes
@dfaranha @matthew_d_green wasn't slighting the authors, but rather the way the library came to be the way it is today
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.