Discussion
Loading...

Post

Log in
  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Soatok Dreamseeker
Soatok Dreamseeker
@soatok@furry.engineer  ·  activity timestamp 22 hours ago

Oof. Big oof.

https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

The Trail of Bits Blog

Carelessness versus craftsmanship in cryptography

Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.
  • Copy link
  • Flag this post
  • Block

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.2-alpha.29 no JS en
Automatic federation enabled
Log in
  • Explore
  • About
  • Members
  • Code of Conduct