2018.01.12 22:16:44 (951925938891251713) from Daniel J. Bernstein, replying to "Deirdre Connolly¹ (@durumcrustulum)" (951816263273197569):
The claim of a bug in NaCl's Curve25519 implementation is completely incorrect. That code was never part of any NaCl release---precisely because it never passed NaCl's stringent review process.
2018.01.12 22:18:38 (951926419340300290) from Daniel J. Bernstein:
The Curve25519 code that's actually in NaCl, including the assembly code, _did_ pass NaCl's review process, and has also passed various followup verification and validation steps.
2018.01.12 22:22:01 (951927267395096577) from Daniel J. Bernstein:
Of course there's _massive_ value in automating manual verification procedures, but this shouldn't be accompanied by outright misinformation regarding the correctness of existing libraries.
2018.01.12 14:57:55 (951815507874926592) from "Deirdre Connolly¹ (@durumcrustulum)", replying to "Deirdre Connolly¹ (@durumcrustulum)" (951815055003316225):
Next up, HACL* in Mozilla Firefox. Final talk! #realworldcrypto
2018.01.12 14:58:17 (951815598664712193) from "Deirdre Connolly¹ (@durumcrustulum)", replying to "Deirdre Connolly¹ (@durumcrustulum)" (951815507874926592):
Formal methods and high assurance web applications on the web. #realworldcrypto
2018.01.12 15:00:14 (951816089427685376) from "Deirdre Connolly¹ (@durumcrustulum)", replying to "Deirdre Connolly¹ (@durumcrustulum)" (951815598664712193):
Functional correctness is difficult (integer overflow in OpenSSL's Poly1305, elliptic curve correctness bug in NSS). #realworldcrypto
2018.01.12 15:00:55 (951816263273197569) from "Deirdre Connolly¹ (@durumcrustulum)", replying to "Deirdre Connolly¹ (@durumcrustulum)" (951816089427685376):
😆 #realworldcrypto