Mini-thread on this latest Lucky13 research which includes two issues found in our Open Source Amazon s2n implementation of SSL/TLS ...https://twitter.com/IACRePrint/status/1030417029747146753 …
I hope that topic gets more research! It's a hard trade-off to balance. OpenSSL's CT approach also broke, leading to LuckyMinus20, arguably a more serious issue than the one it was meant to fix. The real answer is to use algorithms designed for CT! Thankfully AES-GCM is better.
-
-
Last tweet for now! PR for our SHA384 changes:https://github.com/awslabs/s2n/pull/824 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.