This is the tweet to link to, to end this silly debate.https://twitter.com/tqbf/status/996056901514420224 …
-
It’s a critical failure being returned as a mostly untyped non-blocking comment.
Lies. Both an incorrect MDC and the lack of an MDC return DECRYPTION_FAILED, FAILURE, and a nonzero exit status. That's three different ways you know stuff went wrong, including the standard for shell commands. Ignoring exit status is terrible practice.pic.twitter.com/PlOnadkznV
-
-
Ok well, what was the success rate of your claimed API defense?
-
This would've literally happened to *any* API with a streaming design. All the available error signaling mechanisms were used. It doesn't matter if it's text or C functions. If the caller chooses to ignore error codes, that's the caller's fault.
- Show replies
New conversation -
-
-
This is the whole documentation for DECRYPTION_FAILED from doc/DETAILS: "The symmetric decryption failed - one reason could be a wrong passphrase for a symmetrical encrypted message." How would an implementor know that it is dangerous to use the emitted plaintext?
-
I don't know, because decryption failed? Why *would* you use emitted plaintext if you got an error code for the operation as a whole?
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.