Injectivity is a high-brow mathematical term:
Discussion
Loading...
anyway they mention netscape. this starts around 1995, which is when elgamal is the head of ssl at netscape https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0,_2.0,_and_3.0 specifically presiding over:
- v1, which was so bad it was never released
- v2, which was so bad it was immediately found to be broken and someone else took over the development
- v3, which had a broken cipher contributed by one of the RSA guys who also brought you DUAL_EC_DRBG
also moxie marlinspike has somehow SEOed himself to show up when you search wikipedia for SSL/TLS. he looks like a different kind of fuckboy now
i do really like the c-ares project from curl for async DNS resolves. really nice way to factor out code from other parts of curl
this is hero coded behavior https://c-ares.org/features/ if you write a description of your configurable caching heuristics as concise as this i will probably love you forever
the query name randomization feature is supported by google and vaguely seems to leak fingerprintable info maybe but kinda doubtful. anyway just to make the point it's disabled by default. stenberg has nice instincts. his namesearching is kind of silly but he's never exhibited behavior that really concerns me. really liked his handling of the rust tls library that sucked and didn't explain their divergence from the standards in test cases and eventually just gave up
pouting bc no one cares enough about my code to pwn it yet https://c-ares.org/vulns.html
1+ more replies (not shown)