Simon Willison’s Weblog

Side-Channel Attacks and Security Theatre. “In order to mount most of these attacks the attacker must be local [...] every good security person knows that if your attacker has the ability to run stuff on your machine, it is game over, so why are we even caring about these attacks?” # 2nd August 2007, 12:30 pm

OpenID (and TypeKey) using native OpenSSL functions in PHP. Wez Furlong shows how a small patch to PHP’s OpenSSL support makes it a whole lot easier to perform the cryptography behind OpenID (at the moment you need to use the bc or gmp modules). # 10th February 2007, 10:49 pm