-
>Simply concatenating variable-length, possibly attacker controlled values as the
>I-D suggests is dangerous. For example, the (idA, idB) pairs ("ax", "b") and
>("a", "xb") would result equivalent…
-
https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-3.1
Argon 2 Provides the user with the ability to add a "secret value" or "key" to the hash, in addition to the already existing salt. …
-
The draft spec is at https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv. One version of the paper describing one version of the construct (which might not be what's in the draft) is at https://eprint.…
-
We are working to extend the OPRF draft IETF standard (https://github.com/chris-wood/draft-sullivan-cfrg-oprf/blob/master/draft-sullivan-cfrg-oprf.md) in order to address the accessibility use case. …
-
It is not possible to save sample PDF from https://shattered.io/. Only the first one is uploaded as they have the same SHA1.
There is some other news about SHA1: https://mailarchive.ietf.org/arch/m…
-
See: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-spake2-26
[BoringSSL has implemented it](https://github.com/google/boringssl/blob/master/crypto/curve25519/spake25519.c), and it's being u…
-
Per https://datatracker.ietf.org/doc/draft-ietf-tls-esni/
-
Good work implementing this, and with sensible defaults.
One thing, I briefly looked at the implementation, and I'm not sure H' satisfies the requirements in the draft (which talks about using has…
-
### Describe the issue
input file: https://www.ietf.org/archive/id/draft-irtf-cfrg-vrf-15.xml
running `xmlrfc --text`, it hangs. hit Ctrl-C and here's the end of the Traceback:
```
File "/usr/lo…
-
Cookie encryption currently only supports AES-256 with GCM cipher
this is better: https://eprint.iacr.org/2017/697.pdf
Alternatively (or in addition), we might favor cookie secret key rotation...