Why browser-based crypto sucks: MEGApwn bookmarklet shows just how easy it is to get access to your MEGA private key http://nzkoz.github.io/MegaPWN/
@dan_crowley @BrendanEich @ashk4n @dakami yeah, through a hash collision, requiring a state-level attacker
-
-
@bascule@BrendanEich@ashk4n@dakami Yes, it was quite a piece of work. Just noting that crypto is never in a vacuum. -
@dan_crowley@bascule@BrendanEich@ashk4n that's the point, the state level attacker hewed precisely to Stevens/Sotirov.
End of conversation
New conversation -
-
-
@bascule@dan_crowley@BrendanEich@ashk4n requiring the precise hash collision that was run at CCC, no more and no less -
@dakami@bascule@dan_crowley@BrendanEich@ashk4n Marc Stevens says its a different attack. http://www.cwi.nl/news/2012/cwi-cryptanalist-discovers-new-cryptographic-attack-variant-in-flame-spy-malware … same end result though. -
@jjarmoc@bascule@dan_crowley@BrendanEich@ashk4n very different methodology. Hewed precisely to open capabilities.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.