Tweetovi

Blokirali ste korisnika/cu @FiloSottile

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @FiloSottile

  1. Prikvačeni tweet

    Do you wish my cryptography threads had more depth, context, or nuance? I'm giving the newsletter thing a try. Subscribe to Cryptography Dispatches. 📧 

    Prikaži ovu nit
    Poništi
  2. “It's hypoallergenic.” That just means it's LESS LIKELY TO KILL ME. It's my risk assessment to make, not yours. Because I'm the one in the hospital if you are wrong. (Brought to you by the entitled lady next to me in the TSA queue.)

    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    , , i još njih 3
    Poništi
  4. , , i još njih 3
    Poništi
  5. The Christmas holiday security conferences have always been a struggle, huh?

    Poništi
  6. proslijedio/la je Tweet
    1. velj

    Google's December FEC filing is up. Google made a $1500 political donation to Mitch McConnell on December 20

    Prikaži ovu nit
    Poništi
  7. I got to talk at about supply chain security and how Go tackles its challenges. made an excellent livetweeting thread.

    Poništi
  8. Also, occasional reminder that office dog policies are anti-inclusive.

    Prikaži ovu nit
    Poništi
  9. I'm really glad I burned out of air travel before US society decided pet dogs are more important than humans with allergies 😕

    Prikaži ovu nit
    Poništi
  10. (This is for the Go 1.12.16 and Go 1.13.7 security releases, which only affect 32-bit architectures and unpatched Windows systems: )

    Prikaži ovu nit
    Poništi
  11. Today's session of git dark arts with and involved "go get"-ing a module version that doesn't exist yet. The lengths we'll go to make sure patches and releases are ready as soon as a vulnerability becomes public.

    Prikaži ovu nit
    Poništi
  12. 𝘴𝘸𝘪𝘯𝘨𝘴 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳

    Prikaži ovu nit
    Poništi
  13. Well, before I got distracted by this horror while writing tests... I had just completed a long-running quest: the generic chacha20poly1305 code now has ZERO allocations, opening the door to separate chacha20 and poly1305 assembly \o/

    Prikaži ovu nit
    Poništi
  14. It's Sunday night, I'm at , and I'm auditing uses of x/poly1305 to make a point. I'm terrified I'll find vulnerabilities in the process. Help?

    Prikaži ovu nit
    Poništi
  15. Why did we expose Poly1305 in x/crypto again? 𝘱𝘪𝘤𝘬𝘴 𝘶𝘱 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳

    Prikaži ovu nit
    Poništi
  16. Here's an even weirder quirk: if the message is empty, the tag is simply the second half of the key. Again makes sense because the tag will be 0 + s mod 2¹²⁸ which is fine because... ChaCha20Poly1305 derives the key from key + nonce and no one else uses Poly1305?

    Prikaži ovu nit
    Poništi
  17. TIL a Poly1305 tag with a zero key is always zero. So if you can fixate the key, you can make the tag verify for any message, like with X25519 low order points. It does make sense, at that point the tag is m * 0 + 0 mod 2¹³⁰ - 5

    Prikaži ovu nit
    Poništi
  18. Hey Mozilla friends. Sorry about the news :( Take the time you need for self-care. If you're in NYC and I can help, email me and let's get coffee. I'll also be in SF at the end of the month (for Enigma). If you're interested in the , let's talk.

    Poništi
  19. I have now seen a PoC chain (from an external researcher) and it's indeed the simplest imaginable attack. Patch.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    14. sij
    Odgovor korisniku/ci

    Dropping a vuln like that directly after RWC when all cryptographers are sick with conference flu should be considered irresponsible disclosure.

    Poništi
  21. Yep, ok, looks like the attack is changing the generator of the curve so you know the private key, and then confuse the validator by providing an alternative root (?) with the same public key but poisoned parameters.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·