Operationalizing Macaroons
24 points
1 year ago
| 3 comments
| fly.io
| HN
zamalek
1 year ago
[-]
> So I did the hipster thing and implemented Noise.

> [...]

> Out of laziness, we kept the Noise stuff, which means the interface to tkdb is now HTTP/Noise.

Yikes, I wager it was more difficult to get this thing working than HTTPS because they surely have an existing solution for nearly everything else. It smells more like a developer being reluctant to delete their own code. There's an unaudited cryptography stack in their authentication path.

You are not your code.

reply
pkhuong
1 year ago
[-]
One might assume the cryptographic code was somewhat audited by Thomas Ptacek.
reply
jmathai
1 year ago
[-]
I wasn’t super interested in the topic but enjoyed the style of writing and completed the article.

I learned a few things I hadn’t planned on learning :)

reply
KPGv2
1 year ago
[-]
I assume the token gets its name from figure one in this paper: https://www.ndss-symposium.org/wp-content/uploads/2017/09/04...

Which angers me, because that's a macaron, not a macaroon.

reply
viciousvoxel
1 year ago
[-]
Reminds me of the time I suggested to my cousin's new girlfriend (gentile) that she bring macaroons (a standard kosher-for-Passover dessert) to our Passover seder and instead she brought macarons (delicious but not kosher for Passover). We all had a laugh.
reply