Comment by tetris11
2 months ago
Are there any security implications of NaN-Boxing?
If I encode data into the exponent of these NaN values, propagate them around the internet, and decode them elsewhere.... is that a security risk? Or this just falls into the category of "weird encryption"
Define security risk. Obviously this data could come from untrusted sources. Another consideration is that this data may not serialize correctly: most text serialization protocols will not distinguish different NaN values. It's possible for there to be some data confusion in your pipeline as well, if you don't control all the code that touches those bytes.
I'd be surprised. It's surprisingly difficult to setialize NaN values. Can't do it on JSON, for example.
Lots of formats just put the IEEE-754 bytes on the wire, as-is. For example, Protocol Buffers: https://protobuf.dev/programming-guides/encoding/