Is anyone even paying attention to this project?

Feb 15, 2016 at 2:38 AM
Edited Feb 15, 2016 at 2:43 AM

You have a jBCrypt port in C#, for which some offered to fix an often remotely exploitable cryptographic side-channel in your project two years ago and it hasn't been merged or discussed at all?

What the fuck. This is negligence.

(Yes, I know remote timing attacks aren't practical with bcrypt hashes. The fact that it was completely ignored is terrible, however.)