Techly NewsGet the app

Get the latest tech news

Carelessness versus craftsmanship in cryptography


Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of cryptography

cryptography

Photo of Craftsmanship

Craftsmanship

Photo of Carelessness

Carelessness

Related news:

News photo

How the GNU C Compiler became the Clippy of cryptography

News photo

The State of OpenSSL for pyca/cryptography

News photo

Cryptography 101 with Alfred Menezes

« How Taalas “prints” LLM onto a chip?
Ask Slashdot: What's Your Boot Time? »