Recent searches
Search options
So how embarrassingly bad? Not reusing salt values is covered in any introductory text on the topic.
Now think: these folks also make autonomous killing machines.
https://twitter.com/matthew_d_green/status/1495935700545454084?s=20&t=_rObBXFCJSvZdXXT2bCOLA
TwitterMatthew Green on Twitter“Ugh god. Serious flaws in the way Samsung phones encrypt key material in TrustZone and it’s embarrassingly bad. They used a single key and allowed IV re-use. https://t.co/XteB3kc8cH”
In case you’re wondering if I’m exaggerating… No, I’m not: https://en.m.wikipedia.org/wiki/SGR-A1
en.m.wikipedia.orgSGR-A1 - Wikipedia
@aral there's basically no tech company of a certain size that doesn't.
️ 
@aral When cryptography gets hardwired it often eventually turns out to be bad, and can't then be fixed. So although hardware private key storage theoretically is the best situation, in practice I'm always skeptical about the implementations.