On Wednesday, 1 July 2020 at 07:19:11 UTC, Cym13 wrote:
Here's what you should know if you are a user:
RSA, as implemented in the library, is still very much broken.
I do not recommend using it. The confidentiality and integrity
of all messages exchanged using this library must be
questionned: if you exchanged sensitive information such as
passwords using it I recommend to change them since their
security is not guaranteed.
[snip]
Thanks for the article. IMO it was as clear for non-professionals
as crypto can be: Even I (non-crypographer) understood what's the
problem with padding with only one byte.
It also illustrates what's the prolem with cryptography: it's
like coding without ability to test. Who could even dream to get
that right the first or even the second time? I think there a
shortcoming in the "don't roll your own crypto" - advice: One
could think it only applies to the algorithms, not the
implementation. That's what I did when I first heard it.
If one needs to use cryptography, would redundancy help? I mean,
encode and decode the message with say three different algorithms
from different libraries, so that the attacker would need to find
a weakness in all of them?
