Hacker News new | past | comments | ask | show | jobs | submit | grittygrease's comments login

It's harder to publish papers that attack a system that is already secure.


Wow. It looks like my image and voice were used in this study. I was never contacted.


This browser extension can help you guarantee e2e integrity in the meantime: https://blog.cloudflare.com/e2e-integrity/


The main problem with whitelisting Tor is that you open the door to abuse.

Cloudflare is working on a new solution to this problem that allows us to differentiate between abusive visitors and legitimate users without de-anonymizing them.

If you’re a Cloudflare user and want to sign up for this feature, email onion-beta@cloudflare.com for details.


Cloudflare has a Go implementation of SIDH with p751: https://blog.cloudflare.com/sidh-go/

Here’s an overview of the performance from a patch by Armando Faz Hernandez: https://github.com/cloudflare/p751sidh/pull/2


tls13.cloudflare.com now speaks draft 13


Good catch. CloudFlare's optimizations are often too good for their own good. Fixing.


The OpenSSL AES-GCM and P256 assembly code was also written by Vlad. There's no better person to write the Golang version.


Neat, I didn't even notice this.

Vlad Krasnov is also a co-author of this paper on state-of-the-art P256 implementation: https://eprint.iacr.org/2013/816.pdf.


That's a good argument. However (unless the changes get merged upstream) it is still one more crypto library for 'bad people' to find weaknesses in.


This is something more people should pay attention to when implementing forward secrecy. Session resumption counteracts forward secrecy when done incorrectly.


The key server only accepts mutually authenticated TLS 1.2 connections with a strong cipher suite. We also require both certificates to be signed by CloudFlare's internal Certificate Authority.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: