Comments URL: https://news.ycombinator.com/item?id=47692097

Points: 2

# Comments: 0

Comments URL: https://news.ycombinator.com/item?id=46813090

Points: 3

# Comments: 1

You are absolutely correct. However, that's the mechanism that Frank has made available, and that's what the comment I was replying to was asking, so I was just connecting the dots between the question and answer.

Yes, but it was a breadth-first search sourced from the ianix webpage, so I certainly missed some details somewhere. I'll continue to search over the coming weeks in my spare time (if I can get any).

If you didn't receive an email from me, either your implementation isn't listed on https://ianix.com/pub/ed25519-deployment.html, I somehow missed it, or you're safe.

  If libsodium is useful to you, please keep in mind that it is maintained by one person, for free, in time I could spend with my family or on other projects. The best way to help the project would be to consider sponsoring it, which helps me dedicate more time to improving it and making it great for everyone, for many more years to come.

Hope that helps.

I'm planning to spend my evening checking every other Ed25519 implementation I can find to see if this check is missing any where else in the open source ecosystem.

Comments URL: https://news.ycombinator.com/item?id=45927664

Points: 5

# Comments: 0

https://hackerone.com/paragonie/hacktivity?type=team

The policy was immediate full disclosure, until people decided to flood us with racist memes. Those didn't get published.

Some notable stinkers:

https://hackerone.com/reports/149369

https://hackerone.com/reports/244836

https://hackerone.com/reports/115271

https://hackerone.com/reports/180074

Comments URL: https://news.ycombinator.com/item?id=41843672

Points: 5

# Comments: 0

https://scottarc.blog/2024/10/14/trust-rules-everything-arou...

But, this touches on a particular hobby horse of mine. It involves some old conflicts too, but I don't want to ruminate on them.

From about 2016 to 2019, I was heavily involved with trying to remedy what I considered an existential threat to the Internet: WordPress's auto-updater.

https://core.trac.wordpress.org/ticket/25052 + https://core.trac.wordpress.org/ticket/39309

If that sounds alarming, consider the enormity of WordPress's market share. Millions of websites. W3Techs estimates it powers about 43% of websites whose server-side stack is detectable. At the time, it was a mere 33%.

https://w3techs.com/technologies/overview/content_management

For the longest time, the auto-updater would pull an update file from WordPress.org, and then install it. There was no code-signing of any form until I got involved. So if you pop one server, you get access to potentially millions.

Now imagine all of those webservers conscripted into a DDoS botnet.

Thus, existential threat to the Internet.

Eventually, we solved the immediate risk and then got into discussing the long tail of getting theme and plugin updates signed too.

https://paragonie.com/blog/2019/05/wordpress-5-2-mitigating-...

https://core.trac.wordpress.org/ticket/49200

You can read my ideas to solve this problem for WordPress (and the PHP ecosystem at large) here: https://gossamer.tools

Here's the part that delves into old drama: Mullenweg was so uncooperative that I wrote a critical piece called #StopMullware (a pun on "malware") due to his resistance to even commit to solving the damn problem. On my end, I reimplemented all of libsodium in pure PHP (and supported all the way back to 5.2.4 just to cater to WordPress's obsession with backwards compatibility to the lowest common denominator), and just needed them to be willing to review and accept patches. Even though I was shouldering as much of the work as I logically could, that wasn't enough for Matt. After he responded to my criticism, I took it down, since he committed in writing to actually solving the problem. (You can read his response at https://medium.com/@photomatt/wordpress-and-update-signing-5... if you care to.)

The reason I'm bringing this old conflict up isn't to reopen old wounds. It's that this specific tactic that Mullenweg employed would have been mitigated by solving the supply chain risk that I was so incandescent about in 2016.

(If you read my proposals from that era, you'll notice that I cared a lot about the developers controlling their keys, not WordPress.)

I don't keep up-to-date on Internet drama, so maybe someone already raised this point elsewhere. I just find it remarkable that the unappreciated work for WordPress/PHP I did over the years is relevant to Mullenweg's current clusterfuck. Incredible.

Since my knowledge on the background noise that preceded this public conflict is pretty much nil, I have no reason to believe WP Engine hold any sort of moral high ground. And I don't really care either way.

Rather, I'd like to extend an open invitation: If anyone is serious about leading the community to fork off WordPress, as I've heard in recent weeks, I'm happy to talk at length about my ideas for security enhancements and technical debt collection. If nothing else comes of this, I'd like to minimize the amount of pain experienced by the community built around WordPress, even if its leadership is frustrating and selfish.

This is reasonable, but runs contrary to the stance taken by CNSA 2.0.

Consider this an additional data point, then: https://paragonie.com/blog/2019/10/against-agility-in-crypto...

In the years since I wrote that, several people have pointed out that "versioned protocols" are just a safe form of "crypto agility". However, when people say "crypto agility', they usually mean something like what JWT does.

What JWT does is stupid, and has caused a lot of issues: https://www.howmanydayssinceajwtalgnonevuln.com/

If you want to use JWT securely, you have to go out of your way to do so: https://scottarc.blog/2023/09/06/how-to-write-a-secure-jwt-l...

> But if the protocol is not yet broken, then being agile isn't a concern, and if/when the protocol does become broken, then you can remove support for the broken protocol, which is what you'd be forced to do anyway, so a flexible approach just seems like a more gradual way to achieve that future transition.

This makes sense in situations where you have versioned protocols :)

This doesn't work if you're required to support RSA with PKCS1v1.5 padding until the heat death of the universe.

Comments URL: https://news.ycombinator.com/item?id=40601356

Points: 42

# Comments: 3

And especially thanks for taking the time to share your experiences and observations with me. That's how I improve as a writer.

Comments URL: https://news.ycombinator.com/item?id=40583793

Points: 1

# Comments: 0

This is a crypto nerd blog post though. The whole point is to talk about cryptographic library design!