| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHk-=wiaj8SMSQTWAx2cUFqzRWRqBspO5YV=qA8M+QOC2vDorw@mail.gmail.com>
Date: Wed, 4 May 2022 12:51:49 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: Andy Shevchenko <andriy.shevchenko@...el.com>,
Stafford Horne <shorne@...il.com>,
Mikulas Patocka <mpatocka@...hat.com>,
Andy Shevchenko <andy@...nel.org>,
device-mapper development <dm-devel@...hat.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Mike Snitzer <msnitzer@...hat.com>,
Mimi Zohar <zohar@...ux.ibm.com>,
Milan Broz <gmazyland@...il.com>
Subject: Re: [PATCH v2] hex2bin: make the function hex_to_bin constant-time
On Wed, May 4, 2022 at 12:43 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
>
> א.cc is correct. If you can't load it, your browser or something in
> your stack is broken.
It's just google-chrome.
And honestly, the last thing I want to ever see is non-ASCII URL's.
Particularly from a security person. It's a *HORRIBLE* idea with
homoglyphs, and personally I think any browser that refuses to look it
up would be doing the right thing.
But I don't think that it's the browser, actually. Even 'nslookup'
refuses to touch it with
** server can't find א.cc: SERVFAIL
and it seems it's literally the local dns caching (dnsmasq?)
> Choosing a non-ASCII domain like that clearly a
> bad decision because people with broken stacks can't load it?
No. It's a bad idea. Full stop. Don't do it.
Linus
Powered by blists - more mailing lists