Holy crap! Recent Java runtimes have a completely broken ECDSA signature checking and no one noticed for years!
Makes you wonder about the old adage, “don’t roll your own crypto”, but even the “experts” didn’t get this one right.
I guess this is why everyone uses Bouncy Castle for cryptography implementations.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!