Most crypto errors I've seen stem from this fallacy: "It's all ciphertext, therefore it's all encrypted and safe."
-
-
Replying to @DefuseSec
Just because an attacker is only getting the output of some crypto function, even with strong key, does NOT mean it's safe. Lots more to it.
1 reply 0 retweets 1 like -
Replying to @DefuseSec
@DefuseSec or is that evidence of a bad crypto function?1 reply 0 retweets 0 likes -
Replying to @DefuseSec
@DefuseSec I think that most developers either want "encrypt my stuff" or "make a secure connection". The API should hide most of the rest.1 reply 0 retweets 1 like -
Replying to @DefuseSec
@DefuseSec The NaCl API doesn’t prevent users from reusing (key, nonce) pairs.1 reply 0 retweets 0 likes -
Replying to @jedisct1
@jedisct1@DefuseSec How do you without saving state of old nonces?1 reply 0 retweets 0 likes -
-
Replying to @jedisct1
@jedisct1@DefuseSec Heh, ok. I misunderstood prevent to mean something more than render as improbable as a birthday collision1 reply 0 retweets 0 likes
@voodooKobra @DefuseSec crypto_box() nonces are 192 bits.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.