Twitter | Pretraživanje | |
thaidn
XorOps at a high-wage Walmart, contributing to Tink and Wycheproof. SSL attack trilogy: BEAST, CRIME, PODDLE. Opinions are Alice's and Bob's.
924
Tweetovi
256
Pratim
1.850
Osobe koje vas prate
Tweetovi
thaidn 1. velj
. Flights from/to Taiwan are also unbanned. Safe flights home my friends!
Reply Retweet Označi sa "sviđa mi se"
thaidn 19. sij
It was a long time ago, and it wasn't my interview, but I was shadowing a coworker who asked the interviewee "If you were an animal what would you be?" I was like, WTF, why am I even here?!
Reply Retweet Označi sa "sviđa mi se"
thaidn 16. sij
Odgovor korisniku/ci @tqbf
I can't just fathom the fact the key to the security of the whole Internet is 1. Think about it!!
Reply Retweet Označi sa "sviđa mi se"
thaidn 15. sij
CVE-2020-0601 supports the Too Much Crypto camp, and should be branded Too Many Certs, Ain't Nobody Got Time for Verifying Them All!
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Pascal Junod 15. sij
History repeats itself: after padding oracles, another attack discovered by Serge becomes a practical threat many, many years after its publication.
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Cas Cremers 15. sij
Odgovor korisniku/ci @CasCremers
1. Find an ecc root cert C 2. Create C' with the same public key and curve but set the generator to the public key of C 3. Create a normal signing cert C'' with key pair (pk'',sk'') and sign software/cert with sk'' 4. Sign C'' with sk=1 5. Ship software/cert with C'' and C'
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Saleem Rashid 15. sij
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Zest 15. sij
Reply Retweet Označi sa "sviđa mi se"
thaidn 15. sij
Odgovor korisniku/ci @randomoracle
Because ECDSA verification is slow?
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Scott Arciszewski 14. sij
Odgovor korisniku/ci @MisterGlass @XorNinja
Thomas's write-up on HN, for anyone following this thread:
Reply Retweet Označi sa "sviđa mi se"
thaidn 14. sij
Odgovor korisniku/ci @tqbf
There must be something that triggered me to hunt for these bugs. I can't recall that event, but my search yielded nothing interesting
Reply Retweet Označi sa "sviđa mi se"
thaidn 14. sij
Odgovor korisniku/ci @CiPHPerCoder
I mean UnnamedCurve
Reply Retweet Označi sa "sviđa mi se"
thaidn 14. sij
Odgovor korisniku/ci @CiPHPerCoder
It already has. Search for NamedCurve in
Reply Retweet Označi sa "sviđa mi se"
thaidn 14. sij
Odgovor korisniku/ci @XorNinja
I can't remember why, but I spent some time finding bad libraries that blindly trust specified curve parameters. I couldn't find anything. Wycheproof also has test vectors. "NamedCurve"
Reply Retweet Označi sa "sviđa mi se"
thaidn 14. sij
Wow. So this is not a boring parsing bug. My guess is that Windows blindly trusted curve parameters from a rogue certificate. This is interesting because states that " This choice [specified curve parameters] MUST NOT be used"
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Lea Kissner 14. sij
Odgovor korisniku/ci @LeaKissner
But the fundamental reason why I'm worried about shaking the ads ecosystem too hard, too fast: news media largely relies on ads right now and their business models are already very shaky. If media can't make money, we're left with media that doesn't need to make money.
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Justin Schuh 🤬 14. sij
Just to be very clear on this point: This is not about blocking a subset of 3P cookies via lists and/or heuristics. This announcement is that we are going to remove 3P cookies and related tracking mechanisms entirely.
Reply Retweet Označi sa "sviđa mi se"
thaidn proslijedio/la je tweet
Nick Sullivan 10. sij
Odgovor korisniku/ci @XorNinja
One way to create secure and private ads is to remove tracking altogether. Pay for placement, like in newspapers. The societal problems from online advertising come from the fact that it's extra profitable and effective to use personal information for targeting.
Reply Retweet Označi sa "sviđa mi se"
thaidn 9. sij
Odgovor korisniku/ci @david__nunez
Great question. Bob must send Alice a single bit.
Reply Retweet Označi sa "sviđa mi se"
thaidn 9. sij
To celebrate and HACS, here's the latest installation of the Internet of broken protocols series
Reply Retweet Označi sa "sviđa mi se"