Nothing-up-my-sleeve number
(wikipedia.org)
In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties.
In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties.
ChibiHash: Small, Fast 64 bit hash function
(nrk.neocities.org)
If you need a small and fast 64 bit hash function that can be copy-pasted easily, then here's one that I cooked up in an hour or so: chibihash64.h.
If you need a small and fast 64 bit hash function that can be copy-pasted easily, then here's one that I cooked up in an hour or so: chibihash64.h.
What to Use Instead of PGP
(soatok.blog)
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
TLS certificates were almost never particularly well verified
(utoronto.ca)
Recently there was a little commotion in the TLS world, as discussed in We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.
Recently there was a little commotion in the TLS world, as discussed in We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI.
What to Use Instead of PGP
(soatok.blog)
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
What to Use Instead of PGP
(soatok.blog)
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
How public key cryptography works, using only simple math
(quantamagazine.org)
The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.
The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.
Cyph – A cryptographically secure messaging and social networking service
(cyph.com)
Cyph is the most secure and easiest to use encryption app.
Cyph is the most secure and easiest to use encryption app.
The PGP Problem (2019)
(latacora.com)
Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away.
Cryptography engineers have been tearing their hair out over PGP’s deficiencies for (literally) decades. When other kinds of engineers get wind of this, they’re shocked. PGP is bad? Why do people keep telling me to use PGP? The answer is that they shouldn’t be telling you that, because PGP is bad and needs to go away.
What to Use Instead of PGP
(soatok.blog)
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.
New elliptic curve breaks 18-year-old record
(quantamagazine.org)
In August, a pair of mathematicians discovered an exotic, record-breaking curve. In doing so, they tapped into a major open question about one of the oldest and most fundamental kinds of equations in mathematics.
In August, a pair of mathematicians discovered an exotic, record-breaking curve. In doing so, they tapped into a major open question about one of the oldest and most fundamental kinds of equations in mathematics.
Timing-Sensitive Analysis in Python
(deepnote.com)
Time consistency is critical in many fields, especially in sensitive applications like cryptography.
Time consistency is critical in many fields, especially in sensitive applications like cryptography.
Implementing Signal's Double Ratchet algorithm (2020)
(nfil.dev)
I’ve been reading up on the Double Ratchet algorithm and its implementations lately, as it’s an exciting piece of crypto that offers some very nice guarantees: forward secrecy (ie. by breaking a key at some point you can’t read older messages), eventual break-in recovery (ie. by breaking a key you can only read a few messages before the protocol recovers), and of course confidentiality and deniability.
I’ve been reading up on the Double Ratchet algorithm and its implementations lately, as it’s an exciting piece of crypto that offers some very nice guarantees: forward secrecy (ie. by breaking a key at some point you can’t read older messages), eventual break-in recovery (ie. by breaking a key you can only read a few messages before the protocol recovers), and of course confidentiality and deniability.
HashML-DSA Considered Harmful
(keymaterial.net)
I mentioned ranted about this topic as a section of a previous blog post (at the very end), but the topic keeps coming up, so I am escalating to a full blog post, since obviously that will help with all these people who are wrong on the internet standardization.
I mentioned ranted about this topic as a section of a previous blog post (at the very end), but the topic keeps coming up, so I am escalating to a full blog post, since obviously that will help with all these people who are wrong on the internet standardization.
Hunt for Bitcoin's elusive creator Satoshi Nakamoto hits another dead-end
(bbc.com)
Stephen Mollah is the latest person to claim to be the mysterious inventor of Bitcoin
Stephen Mollah is the latest person to claim to be the mysterious inventor of Bitcoin
Breaking CityHash64, MurmurHash2/3, wyhash, and more
(orlp.net)
Hash functions are incredibly neat mathematical objects. They can map arbitrary data to a small fixed-size output domain such that the mapping is deterministic, yet appears to be random.
Hash functions are incredibly neat mathematical objects. They can map arbitrary data to a small fixed-size output domain such that the mapping is deterministic, yet appears to be random.
The sad tale of hype fanning fears modern cryptography was slain
(arstechnica.com)
There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently.
There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently.
Show HN: Super Simple CRC32 Implementation
(github.com/dch82)
super simple crc32 calculator written by dch82
super simple crc32 calculator written by dch82
I discovered mysterious hidden signals on a public radio channel (2013) [video]
(media.ccc.de)
How I discovered mysterious hidden signals on a public radio channel and eventually found out their meaning through hardware hacking, reverse engineering and little cryptanalysis.
How I discovered mysterious hidden signals on a public radio channel and eventually found out their meaning through hardware hacking, reverse engineering and little cryptanalysis.
Python PGP proposal poses packaging puzzles
(lwn.net)
Sigstore is a project that is meant to simplify and improve the process of signing, verifying, and protecting software.
Sigstore is a project that is meant to simplify and improve the process of signing, verifying, and protecting software.
Show HN: Satoshi9000 analog BTC key generator (mechanical)
(ycombinator.com)
I built this machine so I could generate Bitcoin keys that I could trust. Air-gapped and simple to use and understand (mechanical).<p>The Satoshi 9000 demo: https://youtu.be/bJiOia5PoGE<p>The key value proposition of the machine is that it generates analog randomness in the physical world and converts it into digital (1’s and 0’s) randomness. Seamlessly.
I built this machine so I could generate Bitcoin keys that I could trust. Air-gapped and simple to use and understand (mechanical).<p>The Satoshi 9000 demo: https://youtu.be/bJiOia5PoGE<p>The key value proposition of the machine is that it generates analog randomness in the physical world and converts it into digital (1’s and 0’s) randomness. Seamlessly.
Transitioning the Use of Cryptographic Algorithms and Key Lengths
(nist.gov)
NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance on transitioning to the use of stronger cryptographic keys and more robust algorithms.
NIST provides cryptographic key management guidance for defining and implementing appropriate key-management procedures, using algorithms that adequately protect sensitive information, and planning for possible changes in the use of cryptography because of algorithm breaks or the availability of more powerful computing techniques. This publication provides guidance on transitioning to the use of stronger cryptographic keys and more robust algorithms.
Breaking Bad: How Compilers Break Constant-Time~Implementations
(arxiv.org)
The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance.
The implementations of most hardened cryptographic libraries use defensive programming techniques for side-channel resistance.