Some recently exposed vulnerabilities in cryptographic software highlight an old problem. Software often fails when in "exotic and rarely used configurations.” The recently-published CVE-2022-0778 vulnerability, and the related CVE-2020-0601 vulnerability, both involve software that implements Elliptic Curve Cryptography (ECC) in digital certificates. One of the most common uses of digital certificates is in TLS, which is what HTTPS is built…
Article Link: An Analysis of Dangerous Curves