Posted by todsacerdoti 4 days ago
Operationalizing Macaroons
fly.io
24
5
zamalek 1 day ago

> So I did the hipster thing and implemented Noise.

> [...]

> Out of laziness, we kept the Noise stuff, which means the interface to tkdb is now HTTP/Noise.

Yikes, I wager it was more difficult to get this thing working than HTTPS because they surely have an existing solution for nearly everything else. It smells more like a developer being reluctant to delete their own code. There's an unaudited cryptography stack in their authentication path.

You are not your code.

1 reply
pkhuong 1 day ago

One might assume the cryptographic code was somewhat audited by Thomas Ptacek.

jmathai 4 days ago

I wasn’t super interested in the topic but enjoyed the style of writing and completed the article.

I learned a few things I hadn’t planned on learning :)

KPGv2 2 days ago

I assume the token gets its name from figure one in this paper: https://www.ndss-symposium.org/wp-content/uploads/2017/09/04...

Which angers me, because that's a macaron, not a macaroon.

1 reply
viciousvoxel 1 day ago

Reminds me of the time I suggested to my cousin's new girlfriend (gentile) that she bring macaroons (a standard kosher-for-Passover dessert) to our Passover seder and instead she brought macarons (delicious but not kosher for Passover). We all had a laugh.