Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @FiloSottile
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @FiloSottile
-
Prikvačeni tweet
Do you wish my cryptography threads had more depth, context, or nuance? I'm giving the newsletter thing a try. Subscribe to Cryptography Dispatches.
https://buttondown.email/cryptography-dispatches …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
“It's hypoallergenic.” That just means it's LESS LIKELY TO KILL ME. It's my risk assessment to make, not yours. Because I'm the one in the hospital if you are wrong. (Brought to you by the entitled lady next to me in the TSA queue.)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Filippo Valsorda proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
The Christmas holiday security conferences have always been a struggle, huh?pic.twitter.com/3DKJh2vz9j
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Filippo Valsorda proslijedio/la je Tweet
Google's December FEC filing is up. Google made a $1500 political donation to Mitch McConnell on December 20pic.twitter.com/AtLrWLAVNC
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I got to talk at
#Enigma2020 about supply chain security and how Go tackles its challenges.@LeaKissner made an excellent livetweeting thread.https://twitter.com/LeaKissner/status/1221867850362548224 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Also, occasional reminder that office dog policies are anti-inclusive.https://twitter.com/FiloSottile/status/1116418872519929859 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm really glad I burned out of air travel before US society decided pet dogs are more important than humans with allergies
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
(This is for the Go 1.12.16 and Go 1.13.7 security releases, which only affect 32-bit architectures and unpatched Windows systems: https://groups.google.com/d/msg/golang-announce/-sdUB4VEQkA/2Jj-k4qjCwAJ …)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Today's session of git dark arts with
@katie_hockman and@dmitshur involved "go get"-ing a module version that doesn't exist yet. The lengths we'll go to make sure patches and releases are ready as soon as a vulnerability becomes public.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Well, before I got distracted by this horror while writing tests... I had just completed a long-running quest: the generic chacha20poly1305 code now has ZERO allocations, opening the door to separate chacha20 and poly1305 assembly \o/ https://go-review.googlesource.com/c/crypto/+/206977 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It's Sunday night, I'm at
@recursecenter, and I'm auditing uses of x/poly1305 to make a point. I'm terrified I'll find vulnerabilities in the process. Help?Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Why did we expose Poly1305 in x/crypto again? 𝘱𝘪𝘤𝘬𝘴 𝘶𝘱 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Here's an even weirder quirk: if the message is empty, the tag is simply the second half of the key. Again makes sense because the tag will be 0 + s mod 2¹²⁸ which is fine because... ChaCha20Poly1305 derives the key from key + nonce and no one else uses Poly1305?
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
TIL a Poly1305 tag with a zero key is always zero. So if you can fixate the key, you can make the tag verify for any message, like with X25519 low order points. It does make sense, at that point the tag is m * 0 + 0 mod 2¹³⁰ - 5
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hey Mozilla friends. Sorry about the news :( Take the time you need for self-care. If you're in NYC and I can help, email me and let's get coffee. I'll also be in SF at the end of the month (for Enigma). If you're interested in the
@RecurseCenter, let's talk.#MozillaLifeboatHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I have now seen a PoC chain (from an external researcher) and it's indeed the simplest imaginable attack. Patch.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Filippo Valsorda proslijedio/la je Tweet
Dropping a vuln like that directly after RWC when all cryptographers are sick with conference flu should be considered irresponsible disclosure.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Yep, ok, looks like the attack is changing the generator of the curve so you know the private key, and then confuse the validator by providing an alternative root (?) with the same public key but poisoned parameters.pic.twitter.com/6E2rLnwZEW
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.