FWIW, this small function had external audits several times and nobody spotted the algorithmic problem.
-
-
-
Thanks for the extra info. I'm a fan of rewriting legacy-free and using verification from the start. Amazon doing this with s2n.
-
Good luck decrypting your old data then.
-
hahah true. To be fair, this is what Google is doing with ECC-only e2e since most users have no prior data to decrypt.
End of conversation
New conversation -
-
-
REWRITING software is bad. Major REFACTORING software, though, is good, like LibreSSL and BoringSSL.
-
I think you might be saying that rewriting is bad _commercially_.
-
Can't do it all. It "throws away the baby with the bathwater", years of important lessons.
-
...though I'd grant you, if those doing the rewrite had already written an PGP library, then that'd be okay.
-
...just that in practice, those doing the rewrite haven't learned all the lessons, and would simply be learning new ones
-
I get what you’re saying, but I think the lessons must be built into components for even incompetent devs to use.
-
Components such as new, more secure libraries, better frameworks, better programming languages, etc.
End of conversation
New conversation -
-
-
Recoding may work but every major rewrite has flaws. I'd love to be proven wrong with a counter example. An audit is still needed.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.