this post was submitted on 20 Mar 2026
18 points (95.0% liked)

Technology

82856 readers
3062 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
18
Cryptographers engage in war of words over RustSec bug reports and subsequent ban (www.theregister.com)
submitted 16 hours ago by floofloof@lemmy.ca to c/technology@lemmy.world
1 comments fedilink hide all child comments
 

cross-posted from: https://infosec.pub/post/43738524

Rust security maintainers contend Nadim Kobeissi's vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he's been dismissed, ignored, and banned from Rust security channels.…

top 1 comments
sorted by: hot top controversial new old
[–] Technus@lemmy.zip 14 points 15 hours ago* (last edited 15 hours ago)

"The nonce reuse issue seems to be a valid security issue, but it is by no means a critical vulnerability: it only affects applications that do more than four billion encryptions with a single HPKE setup," said Valsorda. "The average application does one."

No implementation should be using the same asymmetric keypair for a key exchange* more than once. This is such a non-issue that it's kind of hilarious. Sounds like the reporter was trying so desperately to get credit for anything they could put on their portfolio, and just wouldn't take "no" for an answer.