-
-
Replying to @jrmithdobbs
@jrmithdobbs and in the absence of a native implementation is full of timing sidchannels that can be used to recover private keys4 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule Think the real issue comes in bootstrapping the environment and it being forced to be tied to x509/TLS in the real world right now.1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule combined with the semantics of JS scoping you never REALLY know what code's running. Timing side channels seem resovable in comp1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule thankfully w3c determined to ensure this never gets improved. Lol web crypto or whatever they called that worthless shit.2 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@jrmithdobbs are you literally arguing "Fuck WebCrypto, let's just implement everything ourselves in JavaScript?"1 reply 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule and that I don't think the timing issues are the only, let alone worst, parts of the problem.2 replies 0 retweets 0 likes -
Replying to @jrmithdobbs
@bascule and pointing out that maybe harping on the timing issues isn't the best issue to use to discourage this inanity.1 reply 0 retweets 0 likes
@jrmithdobbs if you're downplaying the severity of timing sidechannels please put the crypto down and walk away slowly
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.