Hacker News with Generative AI: Cryptography

Hello users of Anubis (for fighting malicious bots), I created an alternative (github.com/Zirias)
The pow credentials checker is a special case: It provides a guest login with fixed username and password, but for using it, it requires the client's browser to solve a cryptographic puzzle.

Security, Software, Cryptography

4 points by Zirias 19 hours ago | 1 comments

Offical XRP NPM package has been compromised and key stealing malware introduced (aikido.dev)
At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

Security, Cryptography, Cryptocurrency, Software, Malicious Software

55 points by flxga 4 days ago | 17 comments

Show HN: BioLight – Passive entropy engine: raw randomness and 0 post-processing (github.com/Ladaxia)
BioLight is a transparent entropy engine designed to passively accumulate high-quality entropy samples from raw input states.

Hardware, Security, Open Source, Cryptography

6 points by ladaxia 5 days ago | 0 comments

What the hell is an elliptic curve? (onlynv.dev)
Have you ever been browsing the web and come across a term that made you go, "huh?" Well, if you're even slightly cryptographcally inclined, you might have stumbled upon the term elliptic curve and thought to yourself, "What the hell?" Don't worry, you're not alone in feeling a bit lost.

Cryptography, Mathematics, Security

65 points by thecommieaxo 6 days ago | 34 comments

Syncing Keyhive (inkandswitch.com)
The last few lab notes have focused on the cryptographic components which support a local first access control system. Those being a capability based system for managing write access to documents, and a key agreement protocol for encrypting and decrypting writes (thus implementing read control). We now have to think about how to actually transfer this data between devices.

Cryptography, Privacy, Security, Local First, Data Synchronization

18 points by erlend_sh 7 days ago | 0 comments

15,000 lines of verified cryptography now in Python (protzenko.fr)
In November 2022, I opened issue 99108 on Python’s GitHub repository, arguing that after a recent CVE in its implementation of SHA3, Python should embrace verified code for all of its hash-related infrastructure.

Cryptography, Python, Security, Open Source

481 points by todsacerdoti 8 days ago | 156 comments

A New ASN.1 API for Python (trailofbits.com)
We’re changing that: with the help of funding from Alpha-Omega, we’re building an ASN.1 API for PyCA Cryptography that addresses three key shortcomings in the Python ecosystem today:

Python, ASN.1, Cryptography, Security, APIs

171 points by woodruffw 8 days ago | 124 comments

Shell-secrets – GPG-encrypted environment variables (github.com/waj)
This is a small tool to set environment variables from encrypted (with GPG) files

Security, Cryptography, Programming, Linux, Tools

93 points by mgarciaisaia 9 days ago | 42 comments

Notes on a claim that a mceliece348864 distinguisher uses only 2^529 operations [pdf] (mceliece.org)

Cryptography, Security, Research, Mathematics

13 points by nabla9 9 days ago | 1 comments

Eccfrog512ck2: An Enhanced 512-Bit Weierstrass Elliptic Curve [pdf] (arxiv.org)
Whilst many key exchange and digital signature methods use the NIST P256 (secp256r1) and secp256k1 curves, there is often a demand for increased security.

Cryptography, Elliptic Curves, Security, Mathematics

45 points by bikenaga 10 days ago | 16 comments

Lifetimes of Cryptographic Hash Functions (valerieaurora.org)
I've written some cautionary articles on using cryptographic hashes to create content-based addresses (compare-by-hash). This page brings together everything I've written and keeps an updated table of the status of popular cryptographic hash functions.

Cryptography, Security, Computer Science, Web Development

5 points by kretaceous 10 days ago | 1 comments

Show HN: AES-256 brute force using structured logic (UUIDs and xy = x/y rule) (github.com/ElSolem)
A compact, field-logical decryption toolkit that tests brute-force cracking of UUID-encrypted AES-256-CBC files using an equality-based initialization principle: xy = x / y. This project demonstrates deterministic search behavior within defined entropy spaces.

Cryptography, Security, Programming, Open Source

11 points by polymetron 11 days ago | 0 comments

AES and ChaCha (phase.dev)
A technical deep dive into how the ChaCha20 cipher is taking on AES as the gold standard for symmetric encryption, and a lesson about the power of simplicity in cryptographic design.

Cryptography, Security, Encryption, Computer Science

40 points by nimishk 12 days ago | 10 comments

Show HN: I made a zero dependency Bitcoin math implementation in C (github.com/CambridgeStateMachines)
I started the bitcoin_math project in order to teach myself the basics of Bitcoin math from first principles, without having to wade through the source code of any of the crypto or "bignum" libraries on which standard Bitcoin implementations in Python depend.

Bitcoin, Cryptography, Programming Languages, Open Source, Education

26 points by csmachines 12 days ago | 15 comments

Show HN: Signum – Kotlin Multiplatform Cryptography and PKI Library (github.com/a-sit-plus)
Kotlin Multiplatform Crypto/PKI Library with ASN1 Parser + Encoder

Kotlin, Cryptography, Security, Libraries, Programming

10 points by JesusMcCloud 17 days ago | 0 comments

Decoding the 90s: Cryptography in Early Software Development (2023) (botanica.software)

Cryptography, Software Development, History, 90s

130 points by mu0n 19 days ago | 39 comments

A Hash160 Collision (cryptoguru.org)
This is a collision finders pool, because its main purpose is to find a hash160 collision. It may be necessary to describe in detail what a hash160 collision is. In order to understand the nomenclature here, you should have at least a basic knowledge about the bitcoin address generation process, i.e. how a BTC address is generated from a private key. This article in the Bitcoin wiki explains the process quite nice.

Bitcoin, Cryptography, Security, Blockchain

6 points by vlugorilla 21 days ago | 4 comments

Show HN: StegaCube – Hide messages and files in scrambled Rubik's Cubes (cube.xtn.sh)
Enter message (a–z, space, . ! ? @ # : / ( )):

Cryptography, Security, Creative Projects, Programming

4 points by xtncl 24 days ago | 0 comments

Two Attacks on Naive Tree Hashes (jacko.io)

Cryptography, Security, Data Structures

6 points by oconnor663 26 days ago | 0 comments

FBI raids home of prominent computer scientist who has gone incommunicado (arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Cryptography, Cybersecurity, Privacy, Law Enforcement, Academia

1008 points by JaimeThompson 27 days ago | 467 comments

Bitcoin's God. Years of studying Satoshi led me to a new prime suspect (nymag.com)
If Satoshi Nakamoto, the pseudonymous inventor of bitcoin, was who I believed him to be, he was not going to acknowledge it. He probably wouldn’t talk to me. And seeing him was going to mean sitting on a plane for 20 hours and driving another eight. But I needed to try to have a conversation with him, and it had to be face-to-face.

Bitcoin, Cryptography, Investigations, Biography, Technology

19 points by jc_811 28 days ago | 6 comments

NSA F9T53 Opsec Special Bulletin: Signal Vulnerability (scribd.com)

Security, Government, Cryptography

37 points by stefankuehnel 28 days ago | 21 comments

Show HN: I made a C program to create a vanity SHA-1 hash for a text file (github.com)

Programming, Security, Cryptography, Show HN, C

58 points by keepamovin 29 days ago | 24 comments

Web-based cryptography is always snake oil (devever.net)

Cryptography, Security, Web Development

11 points by sanj 29 days ago | 8 comments

Show HN: StoffelVM – A WIP VM for Multiparty Computation (github.com/Stoffel-Labs)
This repository contains the core crates of the Stoffel Virtual Machine, a virtual machine optimized for multiparty computation (MPC).

Cryptography, Multiparty Computation, Software, Open Source

6 points by badcryptobitch 30 days ago | 2 comments

Entropy Attacks (cr.yp.to)
The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good.

Cryptography, Security, Entropy, Hash Functions

102 points by todsacerdoti 32 days ago | 32 comments

Coding Theory and Cryptography [pdf] (ualberta.ca)

Cryptography, Coding Theory, Computer Science, Mathematics

15 points by ibobev 35 days ago | 1 comments

TLS Handshake on Sockets (C++) (medium.com)
There are numerous articles on the internet about the TLS handshake algorithm. However, many of them only provide a superficial description. In this article, we will explore a C++ implementation of a specific cipher. This source code relies solely on sockets for networking and utilizes the OpenSSL library exclusively for encryption (RSA, AES, SHA).

Cryptography, C++, Networking

6 points by paketick 35 days ago | 0 comments

Post-quantum cryptography apocalypse will be televised in 10 years: UK's NCSC (theregister.com)
The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.

Cybersecurity, Cryptography, Government, Technology, Future

8 points by rntn 37 days ago | 0 comments

OpenSSL 3.1.2: FIPS 140-3 Validated (openssl-library.org)
The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST). This accomplishment marks a significant milestone in reinforcing trusted, standards-based encryption for organizations operating in regulated environments, including government agencies, healthcare institutions, and financial services.

Security, Cryptography, OpenSSL, NIST, FIPS

4 points by gslin 38 days ago | 0 comments