What is Nostr?
arcanicanis /
npub1pmt…d4ts
2024-02-11 03:43:31

arcanicanis on Nostr: Did you know: when you verify the signature on a digest, you should probably verify ...

Did you know: when you verify the signature on a digest, you should probably verify that the presented content (that the digest is supposedly of) actually hashes to same value as the signed digest?

I’m just increasingly disgusted that it seems like the majority of developers are just collectively drugged, high, intoxicated, or some combination thereof, because I don’t understand how I keep stumbling into these things when I’m not even trying to pentest anything. Worse is that this is in a library that people are just blindly importing and trusting.
Author Public Key
npub1pmt6lj9sff80t4fvzn75d3j7g5kk9jjs537keafg0mfgykndymms5wd4ts