|
|
|
|
|
|
by tptacek
6011 days ago
|
|
|
Negotiation in cryptosystems is usually a bad idea. It's a bad idea here. Anything that would make that feature useful would be an abuse or a threat. One of the worst ideas Simon is getting from Reddit right now is that he needs to make this system more sophisticated. Version the cryptosystem! Use truncated SHA256! Revoke messages on MAC failures! Use random sleeps! Automatically expire keys! Look at this NIST standard I found! What they need to do is what every other web framework does, because every other framework has been inspected already. |
|
|