Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why did your implementation have a case-sensitive check for a fixed list of algorithms, and why are you blacklisting vs. whitelisting acceptable algorithms? 'Old, stable' codebase or not... this is production code for a security product and seems like something that would be picked up during an audit.


Not the OP but, the sad truth is that code audits aren't that good at eradicating bugs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: