Twitter Feed: Post

Twitter FeedApr 4, 2023, 3:23 PM

@kennyog replied to a tweet by @kennyog:

Issue 1: using uninitialised keys. 😱
Issue 2: IV reuse in AES-GCM when a file is re-encrypted after an update. 😱😱
Issue 3: a malicious server can place a chosen key in a victim user's encrypted keystore; the user then rotates everything to that key on next login/update. 😱😱😱