@spastorino @mattetti it's a minor issue with no known attacks AFAIK. The AES key is reused as the HMAC key. (Not really) fixed in Rails 4
-
-
@bascule@spastorino@mattetti we don’t reuse the keys in 4, why do you say not really? -
@nzkoz@bascule@spastorino I don't think twitter the right place to talk about that :) -
@mattetti@bascule@spastorino twitter’s not really the place to throw stones you don’t understand either matt ;) -
@nzkoz@bascule@spastorino I think I do understand, Tony has a good point about information & potential reuse of the same key -
@mattetti@bascule@spastorino if you think “stay away from rails crypto” is a reasonable response then you *don’t* understand ;) -
@nzkoz@spastorino that's what@bascule was suggesting, not really an option for me tho. -
@mattetti@spastorino if the original source of the hyperbole is@bascule, then consider my gentle chiding directed at him. -
@nzkoz@mattetti@spastorino I just ran into this today as we were looking at merging some ActiveSupport::MessageEncryptor-based code - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.