Why? (re: previous tweet) Because we feel it's safer to raise, and thus the "dangerous" version is the one that doesn't raise
-
-
@bascule tl;dr ;) is the verify! method not public? fwiw we got a CVE for a non-public method in MessageEncryptor enabling padding oracle -
@nzkoz well, it's not there yet, and arguably of dubious value. Chime in on the PR. It's not possible to have padding oracles with NaCl -
@bascule sure my point was more if you have a method which is public but not meant for users, some moron will use it and get pwned -
@nzkoz the intent of the PR is for it to be public. Whether or not it should exist at all is up for debate
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.