While using AES-256-CFB is not "rolling their own crypto", Steel has some other ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ludbb on Oct 19, 2015 \| parent \| context \| favorite \| on: Steel – Open-source command-line password manager While using AES-256-CFB is not "rolling their own crypto", Steel has some other functionality around (see https://gitlab.com/Rosvall/steel/blob/master/crypto.c) which provides bad implementations, namely generate_pass which seeds from timestamp and verify_hmac which is not a constant time comparison function.

stouset on Oct 19, 2015 [–]

Yes, it absolutely is[0] for essentially the exact examples you cite.

[0]: http://www.cs.berkeley.edu/~daw/teaching/cs261-f12/misc/if.h...).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact