Cryptographers engage in war of words over RustSec bug reports and subsequent ban

Submitted ⁨⁨1⁩ ⁨day⁩ ago⁩ by ⁨floofloof@lemmy.ca⁩ to ⁨technology@lemmy.world⁩

https://www.theregister.com/2026/03/20/cryptographer_nadim_kobeissi_rustsec_ban/

cross-posted from: infosec.pub/post/43738524

Rust security maintainers contend Nadim Kobeissi’s vulnerability claims are too much Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to address what he says are critical bugs. For his efforts, he’s been dismissed, ignored, and banned from Rust security channels.…

source

Comments

Sort:hotnew top

Technus@lemmy.zip ⁨1⁩ ⁨day⁩ ago

“The nonce reuse issue seems to be a valid security issue, but it is by no means a critical vulnerability: it only affects applications that do more than four billion encryptions with a single HPKE setup,” said Valsorda. “The average application does one.”

No implementation should be using the same asymmetric keypair more than once. This is such a non-issue that it’s kind of hilarious. Sounds like the reporter was trying so desperately to get credit for anything they could put on their portfolio, and just wouldn’t take “no” for an answer.

source