Egregoros · Phoenix Framework

Timeline

Post

Remote status

Context

Soatok Dreamseeker

@soatok@furry.engineer remote

Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:

Personally I would actively avoid the check,

Hmm. What a weird thing to say.

Loup-Vaillant wrote a cryptography library called Monocypher, which famously had an EdDSA vulnerability mostly caused by their insistence on rolling their own custom EdDSA variant to avoid SHA512.

"I wonder how Monocypher holds up in 2026?"

Who said that? Well, anyway:

https://github.com/LoupVaillant/Monocypher/issues/285

Inex Code

@inex@pony.social remote

@soatok making input validation (with many preconditions and requiring specific knowledge) a user's responsibility sounds like a recipe for disaster

lain, author of the quixote

@lain@lain.com remote

@inex @soatok
> The absence of input validation is core to the design of Monocypher

???? why???

Replying to @lain@lain.com

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange remote

@lain @soatok @inex

That's not uncommon in C. The Java Native Interface has a design rationale document that says that it doesn't, for example, check null pointers because it's impossible to check for the general case of invalid pointers.

I don't really agree with this philosophy, but it did provide a nice showcase for CHERI (the JNI was explicitly designed to not be a trust boundary, so being able to turn it into a defensible one was great).

Replies

Fetching replies…