En sårbarhet har identifierats i Google Keyczar av kryptogurun Nate Lawson. Nate skriver på sin blogg:

”I recently found a security flaw in the Google Keyczar crypto library. The impact was that an attacker could forge signatures for data that was “signed” with the SHA-1 HMAC algorithm (the default algorithm).”

För mer info se: rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library