Cryptographer hate for JWT
4 min read - Text OnlyIf alg=none was the only issue with this abomination of a standard, I could ignore it, and work around it. But the way this standard is used, it's almost impossible to build a secure JWT library
This vulnerability is a trifecta of things I hate: - JWT - Ruby OpenSSL extension - AES-GCM (great performance but so brittle) Expect years and years and years and years of ongoing JWT related vulnerabilities, with people continuing to claim "this isn't a problem with JWT!"
JWT is so bad that I find myself wondering what I was doing when it was being created and if I could have done something to stop it. Also, note that this HN thread is full of developers just now learning that JWTs only does signing. Except it can also do encryption. 🤷♂️
One of the most damning observations about JWT is that, whenever you introduce someone to a new way that you can shoot yourself in the foot, they automatically assume you're talking about some old way that you can shoot yourself in the foots.
This isn't an isolated incident. Every time someone talks about why JWT is bad, someone engages in a congruent fashion. "Blame the libraries, or the defaults. Don't blame the standard!" "The attack you're describing sounds like an old attack which was an implementation's fault"