Hacker News new | past | comments | ask | show | jobs | submit login

What is this... christmas trolling? This whole story sounds so unlikely: a definite rather than infinite NDA, and in an open-sourced project of this magnitude which welcomes an infinite number of people to peer through it (don't respond to this with "the best place to hide something is in plain sight", please...)

There should be a thousand pairs of eyes going through the current OCF and its historical states by now, so I guess the answer will be out in the blink of an eye.




A hundred thousand pairs of eyes might not spot a deliberate side channel inserted in a crypto implementation.


Yes, obviously. And given the OBSD team's track record on meticulousness and attention to detail in ironing out these specific creases, I think I know what the majority of bets on this one will be.


The OpenBSD team's track record has very little to do with intricate crypto vulnerabilities. This is a different kind of vulnerability research.


So what will find and fix vulnerabilities in crypto implementations?


Nothing we know of. Sleep tight!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: