Jack Lloyd
Jack Lloyd
There is a bug here wrt cross-compliation where the configure script guesses the location for a certificate bundle based on your machine, rather than the target machine. Probably on your...
I haven't checked the latest revisions of the Crystals algorithm specifications, I think things have changed a bit as the NIST competition as proceeded, but I would be in favor...
Is there any reason to prefer BLISS over Dilithium?
Ominously, Strongswan's BLISS implementation is still vulnerable to the bug identified in 2019/898. I'm generally very wary of Gaussian sampling in lattices as it seems both side channel prone and...
@hrantzsch Do you know if this relates in a direct way to https://thunderbird.topicbox.com/groups/planning/T5abbf135db2f3c1c/the-german-bsi-intends-to-sponsor-pqc-improvements-for-openpgp-in-thunderbird or is just a coincidence that Thunderbird uses RNP which uses Botan, and BSI wants PQ in...
Unfortunately(?) it looks like almost all of these are false positives or errors > Signed-Releases: Fail 0 > no releases found ?!? Where is it looking? Maybe we can tell...
Opened https://github.com/ossf/scorecard/issues/655 for the security policy since that's at least easy to fix.
Re packaging error, turns out that if we did use github CI to create release artifacts (which is absolutely never going to happen) https://github.com/ossf/scorecard/blob/main/checks/packaging.go#L86 only recognizes JS, Java and a...
It's not a security issue per se (we still have MD4 after all), though that was what pushed it over the edge to removal. The general goal is to reduce...
> So, the real point is: is anyone using Tiger, and if so where? Just wanted to followup here to say this was not a rhetorical question. If Tiger is...