{"version": "https://jsonfeed.org/version/1", "title": "/dev/posts/ - Tag index - ecdsa", "home_page_url": "https://www.gabriel.urdhr.fr", "feed_url": "/tags/ecdsa/feed.json", "items": [{"id": "http://www.gabriel.urdhr.fr/2026/06/27/ecdsa-jwt-malleability/", "title": "Malleability of ECDSA (and DSA) signatures, JWTs, etc.", "url": "https://www.gabriel.urdhr.fr/2026/06/27/ecdsa-jwt-malleability/", "date_published": "2026-06-27T00:00:00+02:00", "date_modified": "2026-06-27T00:00:00+02:00", "tags": ["computer", "security", "cryptography", "elliptic-curve", "jwt", "ecdsa"], "content_html": "<p>This blog posts explains that ECDSA and DSA signatures are malleable,\nthat JWTs can be malleable as well\nand how this can be used to bypass some broken implementations\nof JWT deny lists\n(for revocation of JWTs or anti-replay protection).</p>\n"}]}