Hacker News with Generative AI: Cryptography

Reviewing the cryptography used by Signal (soatok.blog)
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them.

Cryptography, Privacy, Security, Messaging Apps

167 points by todsacerdoti 2 days ago | 142 comments

Why Quantum Cryptanalysis is Bollocks [pdf] (auckland.ac.nz)

Quantum Computing, Cryptography, Security

127 points by commandersaki 6 days ago | 112 comments

Why cryptography is not based on NP-complete problems (blintzbase.com)
Cryptography is not based on NP-complete problems - let me explain why.

Cryptography, Computer Science, Complexity Theory

120 points by blintz 8 days ago | 55 comments

Questioning the Criteria for Evaluating Non-Cryptographic Hash Functions (cacm.acm.org)
Computing practitioners encounter hash functions almost every day, although they may not necessarily be the center of attention.

Hash Functions, Computer Science, Cryptography

47 points by todsacerdoti 8 days ago | 9 comments

Show HN: Steganographically encode messages with LLMs and Arithmetic Coding (github.com/shawnz)
Textcoder is a proof-of-concept tool for steganographically encoding secret messages such that they appear as ordinary, unrelated text.

Cryptography, Generative AI, Software, Proof-of-Concept

24 points by shawnz 8 days ago | 4 comments

Microsoft Go 1.24 FIPS changes (microsoft.com)
The Go 1.24 cryptography packages have been through a heavy refactoring to allow the Go standard library to be FIPS 140-3 compliant.

Security, Programming Languages, Go, FIPS, Cryptography

85 points by ingve 14 days ago | 63 comments

How to prove false statements? (Part 1) (cryptographyengineering.com)
If you’ve read my blog over the years, you should understand that I have basically two obsessions. One is my interest in building “practical” schemes that solve real problems that come up in the real world. The other is a weird fixation on the theoretical models that underpin (the security of) many of those same schemes.

Cryptography, Security, Proof, Theoretical Models

90 points by feross 16 days ago | 8 comments

Alan Turing's "Delilah" project (ieee.org)
A collection of documents was recently sold at auction for almost half a million dollars. The documents detail a top-secret voice-encryption project led by Alan Turing, culminating in the creation of the Delilah machine.

Cryptography, History, Artificial Intelligence, Computer Science, Auctions

208 points by pseudolus 16 days ago | 25 comments

Hell is overconfident developers writing encryption code (soatok.blog)
Overconfident developers that choose to write their own cryptography code have plagued the information security industry since before it was even an industry.

Security, Software Development, Cryptography

201 points by zdw 20 days ago | 238 comments

How many RTX 5090 do you need to find a SHA-1 collision in 2025? (drand.love)
First things first, if you’re still using the SHA-1 hashing algorithm in 2025, you are probably doing something wrong, or hopefully working on a very expensive Capture-the-flag (CTF) challenge. Exactly how expensive is what we’ll try to answer in today’s blog post.

Cryptography, Security, Hardware, Performance

17 points by ErickWa 20 days ago | 4 comments

Cardan grille (wikipedia.org)
The Cardan grille is a method of writing secret messages using a grid.

Cryptography, History, Security

44 points by Vigier 23 days ago | 8 comments

Best Practices for Key Derivation (trailofbits.com)
Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API signature forgery vulnerability is a famous example of misusing a hash function during key derivation.

Cryptography, Security, Best Practices, Key Management

3 points by tatersolid 23 days ago | 0 comments

If OpenSSL were a GUI (2022) (smallstep.com)
If OpenSSL were a GUI

Cryptography, Security, User Interfaces, Open Source

190 points by tambourine_man 25 days ago | 62 comments

Enigma Cipher Machine: An Object Oriented Python Implementation (christopherchmielewski.xyz)
This program is an objected oriented implementation of the Enigma cipher machine written in Python.

Cryptography, Python, Object-Oriented Programming

13 points by horeszko 28 days ago | 0 comments

If OpenSSL Were a GUI (smallstep.com)
If OpenSSL were a GUI

Cryptography, Security, User Interfaces, OpenSSL

10 points by MBCook 28 days ago | 0 comments

OpenSSL Position and Plans on Private Key Formats for Post-Quantum Algorithms (openssl-corporation.org)
The anticipated future arrival of cryptographically relevant quantum computers (CRQCs), that could undermine the algorithms that underlie the currently most widely used public key algorithms (ECDHE, ECDSA, DH and RSA), has led to the development and recent standardisation of new “post-quantum” (PQ) algorithms, that are believed to not be vulnerable to CRQC attack.

Cryptography, Security, Quantum Computing, Open Source

11 points by CaliforniaKarl 30 days ago | 2 comments

Don't use Session – Round 2 (soatok.blog)
Last week, I wrote a blog post succinctly titled, Don’t Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote about using Pollard’s rho to attack Session’s design (for which, I offered to write a proof of concept and report back with results), and Session wrote a blog claiming to rebut the claims made in that blog post.

Security, Cryptography, Software

36 points by todsacerdoti 31 days ago | 9 comments

Looking at some claims that quantum computers won't work (cr.yp.to)
Should you be investing time and effort in upgrading to post-quantum cryptography?

Quantum Computing, Cryptography

68 points by gjvc 33 days ago | 53 comments

Let's talk about AI and end-to-end encryption (cryptographyengineering.com)
Recently I came across a fantastic new paper by a group of NYU and Cornell researchers entitled “How to think about end-to-end encryption and AI.” I’m extremely grateful to see this paper, because while I don’t agree with every one of it’s conclusions, it’s a good first stab at an incredibly important set of questions.

Artificial Intelligence, Cryptography, Security, Research Papers

269 points by chmaynard 35 days ago | 127 comments

Bypassing disk encryption on systems with automatic TPM2 unlock (oddlama.org)
Have you setup automatic disk unlocking with TPM2 and systemd-cryptenroll or clevis? Then chances are high that your disk can be decrypted by an attacker who just has brief physical access to your machine - with some preparation, 10 minutes will suffice. In this article we will explore how TPM2 based disk decryption works, and understand why many setups are vulnerable to a kind of filesystem confusion attack.

Security, Hardware, Operating Systems, Cryptography

212 points by arjvik 35 days ago | 129 comments

Cracking a 512-bit DKIM key for less than $8 in the cloud (dmarcchecker.app)
In our study on the SPF, DKIM, and DMARC records of the top 1M websites, we were surprised to uncover more than 1,700 public DKIM keys that were shorter than 1,024 bits in length.

Security, Cryptography, Cloud Computing, Cybersecurity

799 points by awulf 43 days ago | 406 comments

Ask HN: How Do Google Willow's Results Affect Quantum Computing Timelines? (ycombinator.com)
As a model question, I think it is most interesting to consider when RSA-2048 will be factored using a quantum computer.

Quantum Computing, Google, RSA Encryption, Cryptography, Technology

8 points by danielkweber 45 days ago | 2 comments

Show HN: Generate random colors from text with SHA-256 (hashue.link)

Show HN, Color Generation, Cryptography

5 points by Kharacternyk 49 days ago | 2 comments

Benchmarking RSA Key Generation (filippo.io)
RSA key generation is both conceptually simple, and one of the worst implementation tasks of the field of cryptography engineering. Even benchmarking it is tricky, and involves some math: here’s how we generated a stable but representative “average case” instead of using the ordinary statistical approach.

Cryptography, Benchmarking, Security, Math

49 points by mfrw 51 days ago | 32 comments

Ask HN: TLS 1.3 and Post-Quantum Encryption for HN? (ycombinator.com)
Could HN benefit from a TLS upgrade, as it's currently at TLS v1.2, (not e.g.: v1.3) (for me, at least)? Also could it benefit from being a leader in implementing post-quantum cryptography?

Security, Cryptography, Hacker News, TLS, Post-Quantum Cryptography

15 points by Azerty9999 52 days ago | 12 comments

Using Kernel TLS (kTLS) (2023) (delthas.fr)
Traditionally, the data path for sending HTTPS traffic is:

Security, Networking, TLS, Cryptography

25 points by 1vuio0pswjnm7 55 days ago | 5 comments

Programming Lewis Carroll's Memoria Technica (ztoz.blog)
Charles Dodgson (pen name Lewis Carroll) had difficulty remembering numbers, such as dates. He developed a cipher to help him remember numbers by embedding them in couplets or phrases. For example, the couplet “Brass trumpet and brazen bassoon, will speedily mark you a tune” encodes the specific gravity of brass (8.39) in the last four consonants: r k t n (y is treated as a vowel).

Programming, Cryptography, History

25 points by ingve 55 days ago | 1 comments

Show HN: PQC.club – Post-Quantum Cryptography Tools and Alternatives (pqc.club)
A collection of the best Post-Quantum Cryptography Tools and Alternatives to switch from software using legacy encryption.

Cryptography, Security, Post-Quantum Cryptography, Software

6 points by merlin_sh 56 days ago | 0 comments

Monocypher – Boring crypto that simply works (monocypher.org)
Monocypher is an easy-to-use crypto library.

Cryptography, Security, Libraries, Software

3 points by gjvc 56 days ago | 0 comments

Unforgeable Quantum Tokens Delivered over Fiber Network (ieee.org)
When Chinese researchers’ announced in May last year they had used a quantum computer to crack RSA encryption, a widely used method to secure private data transmission, it caused a stir in the information security community.

Quantum Computing, Security, Networks, Cryptography

63 points by pseudolus 60 days ago | 25 comments