|
|
|
|
|
|
by eliasmacpherson
4496 days ago
|
|
|
Is there a reference implementation for SSH? I don't think so. By your standards then SSH is broken, which is false. I don't want to have it both ways.
I think if you are running a money service that you should not rely on variables that were known to be malleable since 2011. There's even a wiki page about it, on a site the guy owned, since Jan 2013.
Either they run someone elses code and made sure it worked, or run their own code and made sure it worked - and by worked I meant worked the way they needed it to, not the way they expected it to. |
|
|
However, it's quite clear that this is a bug, and it could have affected them, and they could be telling the truth, contrary to what the original article says.