There's something about this Windows/ECC vuln that bugs me. I had known this feature for custom curves exists. My opinion on it was "This looks like useless complexity and asking for trouble, nobody should ever implement it".
-
Prikaži ovu nit
-
I am not sure if I ever wrote about this anywhere. So I can't even say "told ya so". But I'm sure this is not my private opinion, I'm sure you could ask any random person familiar with TLS and chances are they'd share that opinion.
1 reply 1 proslijeđeni tweet 14 korisnika označava da im se sviđaPrikaži ovu nit -
Yet it seems Microsoft has implemented this relatively recently. Why? Has noone told them "this is useless complexity and asking for trouble"? And should we have done that?
0 proslijeđenih tweetova 7 korisnika označava da im se sviđaPrikaži ovu nit -
I mean should I have written a paper "This looks like useless complexity and asking for trouble"? It would be a pretty short paper, but I could say "told ya so" now if I had written it.
1 proslijeđeni tweet 13 korisnika označava da im se sviđaPrikaži ovu nit
See https://cr.yp.to/newelliptic/nistecc-20160106.pdf … (from @hyperelliptic and me), which says in §1 that "unnecessary complexity in ECC implementations" creates "ECC security failures", and says in §11 that allowing run-time curve choices causes "obvious damage to implementation simplicity". Told ya so.
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.