80 点作者 TwoFactor大约 3 年前

3 条评论

tptacek大约 3 年前

Submitted last night:<p><a href="https://news.ycombinator.com/item?id=31089216" rel="nofollow">https://news.ycombinator.com/item?id=31089216</a>

评论 #31103244 未加载

rwbhn大约 3 年前

This referenced article is better: <a href="https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/" rel="nofollow">https://neilmadden.blog/2022/04/19/psychic-signatures-in-jav...</a>

lallysingh大约 3 年前

> Madden points out that the affected versions of Java fail to check that two key variables in the ECDSA are not tested to ensure they’re non-zero.<p>Who writes this garbage? How many negations does a sentence need?

评论 #31096852 未加载

评论 #31096815 未加载

评论 #31097879 未加载

Java 15 introduced a cryptographic vulnerability

3 条评论

Java 15 introduced a cryptographic vulnerability

3 条评论