Now, on the next project to audit OpenSSL v. 1.1 master. Pretty major refactoring: state machine, ASN.1, EVP, cleaner struct transparency…
-
-
Replying to @kennwhite
.
@kennwhite - ASN.1 will yield more exploitable attacks than any other caregiry, we predict. Non-symmetric, field-variant charset horrors...1 reply 1 retweet 1 like -
Replying to @cryptostorm_is
Kenn White Retweeted Kenn White
@cryptostorm_is it's a pretty good sized attack surface.https://twitter.com/kennwhite/status/452420723228033024 …Kenn White added,
1 reply 3 retweets 2 likes -
Replying to @kennwhite
.
@kennwhite - precisely. Sprawling, gratuitously complex, poorly documented, tends to silently fail open, & nomenclature-buried. Yikes.
1 reply 1 retweet 2 likes -
Replying to @cryptostorm_is
"…plausible enough to be widely implemented but complex enough to ensure crypto would forever be hamstrung by implementation bugs" ~
@agl__1 reply 0 retweets 1 like -
Replying to @cryptostorm_is
"this caused many to include the complexity of an ASN.1 parser inside signature validation & that let the bugs in." https://www.imperialviolet.org/2014/09/26/pkcs1.html …
2 replies 2 retweets 4 likes
@cryptostorm_is that’s totally BERserk!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.