undefined | Better HN

0 pointsanaganisk4y ago0 comments

So fixed right?

0 comments

So it seems: https://schollz.com/blog/croc9/

You should be wary of projects that claim to be secure but have a history of game over vulnerabilities.

Crypto is hard, it doesn't wrongly claim its secure. Its a one man show. Isn't that where beauty of open-source lies? Some students were able to get a bug(purposeful) into linux to show how easy it was. Or even the example of Openssl after heart bleed. Some fresh set of eyes look into the code, things get fixed. We have a log of it, developers learn something, and project moves ahead.

psanford4y ago

As I was saying... another vulnerability was found in croc's Spake implementation in the last day: https://mailarchive.ietf.org/arch/msg/cfrg/icl1AGo62iq8vQM3-...

j / k navigate · click thread line to collapse

0 comments

basemi4y ago

So it seems: https://schollz.com/blog/croc9/

psanford4y ago

You should be wary of projects that claim to be secure but have a history of game over vulnerabilities.

anaganiskOP4y ago

psanford4y ago

As I was saying... another vulnerability was found in croc's Spake implementation in the last day: https://mailarchive.ietf.org/arch/msg/cfrg/icl1AGo62iq8vQM3-...

j / k navigate · click thread line to collapse