"RSA key generation was done incorrectly, leading to very insecure keys." I think you misspelled "we implemented double-ROT13 instead of RSA". https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc … #NeverRollYourOwnCrypto
-
-
This Tweet is unavailable.
-
-
-
-
Who could have possible known that some value to the power of one is itself? I mean really. We're programmers, not mathematicians.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I love the dev's response: "This is actually encryption done correctly, there's no reason 1 is invalid even though its not quite prime" >.<
-
Priceless response
End of conversation
New conversation -
-
-
I was the one who reported that one. Funny thing though, it wasn't the most severe vulnerability of that batch :D
-
I tried really hard to explain that bug clearly, but in the end I'm not sure I succeeded. Had to move on, I was just evaluating the software for hobby use anyway...
- Show replies
New conversation -
-
-
That indicates other problems with their key generator. Key generators have to find p and q such that e does not divide lcm(p-1, q-1). I guess it could check whether gcd(lcm(p-1, q-1), e) = 1 which would've passed.
-
It's M2Crypto, which wraps OpenSSL's RSA_generate_key_ex. So score another point for OpenSSL? News at 11.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.