Cryptographer Nadim Kobeissi has been in a months-long dispute with RustSec advisory database maintainers and Cryspen, a cryptographic software firm, over what he claims are critical vulnerabilities in Rust cryptography libraries including hpke-rs. Kobeissi alleges a nonce-reuse vulnerability enabling full AES-GCM plaintext

6m read timeFrom go.theregister.com
Post cover image
Table of contents
The critical vulnerability of open source?

Sort: