Comment by tetris11
1 day ago
Are there any security implications of NaN-Boxing?
If I encode data into the exponent of these NaN values, propagate them around the internet, and decode them elsewhere.... is that a security risk? Or this just falls into the category of "weird encryption"
Define security risk. Obviously this data could come from untrusted sources. Another consideration is that this data may not serialize correctly: most text serialization protocols will not distinguish different NaN values. It's possible for there to be some data confusion in your pipeline as well, if you don't control all the code that touches those bytes.
I'd be surprised. It's surprisingly difficult to setialize NaN values. Can't do it on JSON, for example.