Travis Cross
Travis Cross
This issue affects the Django tutorial/example in tree (`examples/tutorials/django`). If, e.g., our default umask is `0077` and so the directory is `chmod 700`, then: ``` $ cd examples/tutorials/django $ chmod...
This seems likely to trip up everyone with a 0077 umask, and people just getting started with vagga are unlikely to intuit the problem. It probably deserves a short section...
Werner Dittmann wrote: > you are right with the Hash chain and the keys until it comes to H0 > which is transmitted encrypted in the confirm packets. And at...
Yes; a downgrade attack was my very first thought when this came up. However I now believe this is infeasible against a wary implementation. The responder Hello has to be...
Any way you do it you have to forge a Hello from one (and only one) party. To that party you must send the other party's actual Hello and a...
In other words, if you only downgrade one peer the negotiation will fail. You can't downgrade both peers without either forging a message you can't forge or forging a message...
In short, yes. A couple days ago I wrote the following in an email to Werner and others. As I recall, I discussed these same points with Phil many months...
Neither of those attacks is particularly scary. The SAS signing attack may prevent the use of that feature. As best I know, however, no one actually uses it, so there...
Thanks for you interest. Unfortunately using timers like that does not add enough entropy to meaningfully enhance security. Werner: Is using ZRTPCPP on Windows without OpenSSL even supported? If so,...
The problem here is that this is a *correctness* lint. If we wanted to express that this pattern is simply *ugly*, then that would need to be a *style* lint...