Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/ryanc/statuses/112756319206743404">Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 09-Jul-2024 20:34:51 JST</a><a href="https://infosec.exchange/@ryanc" title="ryanc@infosec.exchange"><img src="https://gnusocial.jp/avatar/174285-48-20231204225121.webp" width="48" height="48" alt="Ryan Castellucci :nonbinary_flag:" style="position: absolute; left: 0; top: 0;">Ryan Castellucci :nonbinary_flag:</a><div><a href="https://infosec.exchange/@varbin/112756271416139855" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@varbin">@varbin</a> Yeah.</p><p>Someone used 512 bit RSA, which was demonstrably breakable by a small org a quarter of a century ago, and is now practically breakable on a standard PC in under a week, and in hours using distributed computing.</p><p>The vendor is working to fix the issue, but it shouldn't have been possible for them to make the error in the first place without an obvious "please let me do dangerous things" opt-in.</p><p>Developers should not need to be cryptography experts to build secure systems, libraries should be task-oriented and opinionated - libsodium is a good example of this.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3350578#notice-6596378">In conversation</a><time datetime="2024-07-09T20:34:51+09:00" title="Tuesday, 09-Jul-2024 20:34:51 JST">about 5 months ago</time> <span>from <span><a href="https://gnusocial.jp/notice/6596378" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/6596378">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Tuesday, 09-Jul-2024 20:34:51 JSTRyan Castellucci :nonbinary_flag:
in reply to
- Varbin :arctic_fox: :gay_furr:
@varbin Yeah.
Someone used 512 bit RSA, which was demonstrably breakable by a small org a quarter of a century ago, and is now practically breakable on a standard PC in under a week, and in hours using distributed computing.
The vendor is working to fix the issue, but it shouldn't have been possible for them to make the error in the first place without an obvious "please let me do dangerous things" opt-in.
Developers should not need to be cryptography experts to build secure systems, libraries should be task-oriented and opinionated - libsodium is a good example of this.
In conversationabout 5 months ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice