Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The ability to decrypt depends on figuring out that the sharing scheme has your pieces covered, and knowing that you have in fact covered the right thing because of a bug like this is hard to do. There are some ways to test the sharing scheme that might have caught this, and looking at example shares carefully should have, but it's a bit more subtle to make generic tests.
 help



Ok but my understanding from the article was that the bug is "it always allows what shouldn't be allowed", therefore any negative outcome test should have failed (or at least a very very simple one). Again I'm sure I'm misunderstanding something about the context here.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: