Hacker News with Generative AI: Cryptography

Hello users of Anubis (for fighting malicious bots), I created an alternative (github.com/Zirias)
The pow credentials checker is a special case: It provides a guest login with fixed username and password, but for using it, it requires the client's browser to solve a cryptographic puzzle.
Offical XRP NPM package has been compromised and key stealing malware introduced (aikido.dev)
At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads. We quickly confirmed the official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
Show HN: BioLight – Passive entropy engine: raw randomness and 0 post-processing (github.com/Ladaxia)
BioLight is a transparent entropy engine designed to passively accumulate high-quality entropy samples from raw input states.
What the hell is an elliptic curve? (onlynv.dev)
Have you ever been browsing the web and come across a term that made you go, "huh?" Well, if you're even slightly cryptographcally inclined, you might have stumbled upon the term elliptic curve and thought to yourself, "What the hell?" Don't worry, you're not alone in feeling a bit lost.
Syncing Keyhive (inkandswitch.com)
The last few lab notes have focused on the cryptographic components which support a local first access control system. Those being a capability based system for managing write access to documents, and a key agreement protocol for encrypting and decrypting writes (thus implementing read control). We now have to think about how to actually transfer this data between devices.
15,000 lines of verified cryptography now in Python (protzenko.fr)
In November 2022, I opened issue 99108 on Python’s GitHub repository, arguing that after a recent CVE in its implementation of SHA3, Python should embrace verified code for all of its hash-related infrastructure.
A New ASN.1 API for Python (trailofbits.com)
We’re changing that: with the help of funding from Alpha-Omega, we’re building an ASN.1 API for PyCA Cryptography that addresses three key shortcomings in the Python ecosystem today:
Shell-secrets – GPG-encrypted environment variables (github.com/waj)
This is a small tool to set environment variables from encrypted (with GPG) files
Notes on a claim that a mceliece348864 distinguisher uses only 2^529 operations [pdf] (mceliece.org)
Eccfrog512ck2: An Enhanced 512-Bit Weierstrass Elliptic Curve [pdf] (arxiv.org)
Whilst many key exchange and digital signature methods use the NIST P256 (secp256r1) and secp256k1 curves, there is often a demand for increased security.
Lifetimes of Cryptographic Hash Functions (valerieaurora.org)
I've written some cautionary articles on using cryptographic hashes to create content-based addresses (compare-by-hash). This page brings together everything I've written and keeps an updated table of the status of popular cryptographic hash functions.
Show HN: AES-256 brute force using structured logic (UUIDs and xy = x/y rule) (github.com/ElSolem)
A compact, field-logical decryption toolkit that tests brute-force cracking of UUID-encrypted AES-256-CBC files using an equality-based initialization principle: xy = x / y. This project demonstrates deterministic search behavior within defined entropy spaces.
AES and ChaCha (phase.dev)
A technical deep dive into how the ChaCha20 cipher is taking on AES as the gold standard for symmetric encryption, and a lesson about the power of simplicity in cryptographic design.
Show HN: I made a zero dependency Bitcoin math implementation in C (github.com/CambridgeStateMachines)
I started the bitcoin_math project in order to teach myself the basics of Bitcoin math from first principles, without having to wade through the source code of any of the crypto or "bignum" libraries on which standard Bitcoin implementations in Python depend.
Show HN: Signum – Kotlin Multiplatform Cryptography and PKI Library (github.com/a-sit-plus)
Kotlin Multiplatform Crypto/PKI Library with ASN1 Parser + Encoder
Decoding the 90s: Cryptography in Early Software Development (2023) (botanica.software)
A Hash160 Collision (cryptoguru.org)
This is a collision finders pool, because its main purpose is to find a hash160 collision. It may be necessary to describe in detail what a hash160 collision is. In order to understand the nomenclature here, you should have at least a basic knowledge about the bitcoin address generation process, i.e. how a BTC address is generated from a private key. This article in the Bitcoin wiki explains the process quite nice.
Show HN: StegaCube – Hide messages and files in scrambled Rubik's Cubes (cube.xtn.sh)
Enter message (a–z, space, . ! ? @ # : / ( )):
Two Attacks on Naive Tree Hashes (jacko.io)
FBI raids home of prominent computer scientist who has gone incommunicado (arstechnica.com)
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.
Bitcoin's God. Years of studying Satoshi led me to a new prime suspect (nymag.com)
If Satoshi Nakamoto, the pseudonymous inventor of bitcoin, was who I believed him to be, he was not going to acknowledge it. He probably wouldn’t talk to me. And seeing him was going to mean sitting on a plane for 20 hours and driving another eight. But I needed to try to have a conversation with him, and it had to be face-to-face.
NSA F9T53 Opsec Special Bulletin: Signal Vulnerability (scribd.com)
Show HN: I made a C program to create a vanity SHA-1 hash for a text file (github.com)
Web-based cryptography is always snake oil (devever.net)
Show HN: StoffelVM – A WIP VM for Multiparty Computation (github.com/Stoffel-Labs)
This repository contains the core crates of the Stoffel Virtual Machine, a virtual machine optimized for multiparty computation (MPC).
Entropy Attacks (cr.yp.to)
The conventional wisdom is that hashing more entropy sources can't hurt: if H is any modern cryptographic hash function then H(x,y,z) is at least as good a random number as H(x,y), no matter how awful z is. So we pile one source on top of another, hashing them all together and hoping that at least one of them is good.
Coding Theory and Cryptography [pdf] (ualberta.ca)
TLS Handshake on Sockets (C++) (medium.com)
There are numerous articles on the internet about the TLS handshake algorithm. However, many of them only provide a superficial description. In this article, we will explore a C++ implementation of a specific cipher. This source code relies solely on sockets for networking and utilizes the OpenSSL library exclusively for encryption (RSA, AES, SHA).
Post-quantum cryptography apocalypse will be televised in 10 years: UK's NCSC (theregister.com)
The UK's National Cyber Security Centre (NCSC) today started the post-quantum cryptography (PQC) countdown clock by claiming organizations have ten years to migrate to a safer future.
OpenSSL 3.1.2: FIPS 140-3 Validated (openssl-library.org)
The OpenSSL Corporation is pleased to announce that OpenSSL version 3.1.2 has achieved FIPS 140-3 validation, signifying its compliance with the rigorous cryptographic module security requirements set forth by the National Institute of Standards and Technology (NIST). This accomplishment marks a significant milestone in reinforcing trusted, standards-based encryption for organizations operating in regulated environments, including government agencies, healthcare institutions, and financial services.