You are viewing a single comment's thread from:
RE: The Same oddity comes up again in steem's encryption
I am looking at https://gist.github.com/inertia186/3e2949c1e5665f400a1e68c4554dfa7d
Which line numbers are you referring to, there is a lot of code there.
Run the ruby code. Author of the gist says it fails ~1 in 100 runs.
That is... BIZARRE. Since encryption should be rock-solid-consistent.
OMG! Sounds like a deliberately planted exploit for the software author to come back later.
This is exactly the type of thing I believe keeps happening in open source code. Contributors (we don't know everyone's motives) can purposely implant inconsistencies and milk them later anonymously without people knowing who exploited the code.
(..and since a lot of projects borrow existing code, it means an exploit can turn up in multiple projects....)
The amount of SSL related updates in the last 3 years drives me crazy.