I spot no test or comment in the code on why this assertion is important. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MrBuddyCasino on April 21, 2022 \| parent \| context \| favorite \| on: Psychic Signatures in Java I spot no test or comment in the code on why this assertion is important.

bertman on April 21, 2022 [–]

It's literally what the whole bug is about. From OP's article:

>This is why the very first check in the ECDSA verification algorithm is to ensure that r and s are both >= 1. Guess which check Java forgot?

MrBuddyCasino on April 21, 2022 | [–]

Yes I just think it’s insane they fixed it without adding a test or comment.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact