Categories
Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]

Categories
Cryptography Online Privacy

Going Bark: A Furry’s Guide to End-to-End Encryption

Governments are back on their anti-encryption bullshit again. Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia’s new anti-encryption law, it’s become clear that the authoritarians in office view online privacy as a threat to their existence. Normally, when the governments increase their anti-privacy sabre-rattling, technologists start talking more […]

Categories
social media

Deplatforming Hate and Harassment

How to more effectively report abuse to social media companies like Twitter.

Categories
Furry Fandom Meta Politics Society

You’re Not Alone; It Gets Better

We’ve more-or-less all been coping with the pandemic since early March. During this time, I’ve seen a lot of people stressed and depressed to their breaking points, usually while also blaming themselves for not being able to bottle their feelings up and believing no one else is at their limit. And that’s simply not true. […]

Categories
Cryptography Online Privacy Technology

A Brief Introduction to Deniability

Earlier this week, security researcher Ryan Castellucci published a blog post with a somewhat provocative title: DKIM: Show Your Privates. After reading the ensuing discussions on Hacker News and Reddit about their DKIM post, it seems clear that the importance of deniability in online communications seems to have been broadly overlooked. Security Goals, Summarized When […]

Categories
Cryptography

Bizarre Design Choices in Zoom’s End-to-End Encryption

Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers. This is a good move, especially for people living in countries with inept leadership that failed to address the COVID-19 pandemic and therefore need to conduct their work and schooling remotely through software like Zoom. I […]

Categories
Cryptography Furry Fandom Meta

Solving For “Why?”

Why blog about cryptography as a furry?

Categories
Furry Fandom Society

Nearly Everyone Underestimates the Importance of Good Friendships

If living through the COVID-19 pandemic has taught us anything–and it surely hasn’t–it would be the importance of friendship and community to our physical and emotional well-being. For more on the subject of People Who Ought to Know Better Not Learning the Obvious Lessons from Misfortune, one needs look no further than social media. Popularity […]

Categories
Furry Fandom

Commission Prices for Furries and Artists

A frequent source of confusion in the furry fandom is about commission pricing for furry art. This confusion is often driven by (usually younger) furries demanding free or severely cheap art from artists, and the aftermath of such exchanges. There’s a reason @SpicyFurryTakes posts so frequently. In the interest of not adding to the confusion, […]

Categories
Furry Fandom Politics

Politics? In My Fandom?

I dislike politics in general. That doesn’t mean I don’t write about it when it’s relevant, but I’m always less happy with any of my writing that touches on these subjects. I usually feel obligated to condemn these pieces to Draft status in perpetuity. It’d be great if we lived in a world where I […]

Categories
Technology

Vanity, Vendors, and Vulnerabilities

Tonight on InfoSec Twitter, this gem was making the rounds: Hello cybersecurity and election security people,I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of you have a habit of swearing right in the middle of an otherwise deeply insightful tweet that I’d like to use. Please consider not doing this. Best,Joe Identity […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #1: Length Extension Attacks

This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis. Cryptography engineering is one of many specialties within the wider field of security engineering. Security engineering is a discipline that chiefly concerns itself with studying how systems fail in order to build better systems–ones that are […]

Categories
Furry Fandom Humor

Two Weebs and a Furry Walk into a Bar

Serious question: Why doesn’t the Furry Fandom have more comedians? I don’t mean racist loudmouth assholes who wouldn’t know a good joke if it cup-checked them every day after their second cup of coffee for a week straight (i.e. the racist birdbrain). I also don’t mean external comedians making lazy jokes at the expense of […]

Categories
Furry Fandom

Extinguishing a Flaming Pile of Bad Takes on My Doorstep

There’s an old adage on the Internet: “Don’t feed the trolls.” The reasoning for such an argument is kind of a proof by induction if you squint hard enough at its structure: If you don’t feed the trolls, they’ll have to look elsewhere to get the engagement they crave. If you iterate the advice and […]

Categories
Software Security

EduTech Spyware is Still Spyware: Proctorio Edition

Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware. Depending on your persuasion, the previous sentence sounds like either needless pedantry, or it reads like tautology. But we need to be clear on our terms. Educational spyware is […]

Categories
Cryptography

Designing New Cryptography for Non-Standard Threat Models

Since the IETF’s CFRG decided to recommend OPAQUE as a next-generation Password Authenticated Key Exchange, there has been a lot of buzz in the cryptography community about committing authenticated encryption (known to the more academically inclined as Random Key Robustness), because OPAQUE requires an RKR-secure AE scheme. Random Key Robustness is a property that some […]

Categories
Cryptography Software Security

Soatok’s Guide to Side-Channel Attacks

If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]

Categories
Furry Fandom

Amazing Furry Animators on YouTube

Being a furry is like: Every once in a while, you’ll stumble across an enormous contingent of the furry fandom that you were entirely unaware of for years. Sure, you’d expect artists to be furry, but when you’ve run down the checklist of possible hobbies or professions to the point that furry doctors, furry lawyers, […]

Categories
Politics Society

A Few Missing Lessons from American Education

As American students are preparing to return to the classroom during a pandemic–in flagrant disregard of everything ranging from our scientific understanding to matters of good taste–we keep hearing from politicians how essential education is. Of course, if they actually believed the words coming out of their mouth, you’d expect them to be a little […]

Categories
Furry Fandom

All About Dholes and Dhole Fursonas

Some of you may be surprised to learn that my fursona is not a fox, nor a wolf; nor is it a fictitious fox-wolf hybrid popular within the furry fandom (which is usually called a “folf”). No, my fursona is a dhole, which is a real species of endangered wild dogs from Southeast Asia. The […]

Categories
Cryptography

A Brief Opinionated Overview of NIST’s Post-Quantum Cryptography Round 3 Candidates

Earlier this week, NIST announced Round 3 of the Post-Quantum Cryptography project and published their rationale for selecting from the Round 2 candidates. NIST did something clever this time, and Round 3 was separated into two groups: Finalists and Alternative Candidates. Finalists are algorithms that NIST (and the majority of the cryptographers involved in NIST’s […]

Categories
Uncategorized

A Canned Response to My Viral Tweet

This is a bit different from my usual blog post, insofar as I don’t have much of a point except that I’m tired of repeating myself. The other day, I was frustrated about Pinterest clogging up the Google Image Search results and tweeted a really simple and well-known life-hack to counteract their search engine manipulation. […]

Categories
Technology

Dorking Your Way to Search Results That Don’t Suck

I recently needed to find an image that I didn’t have saved on my computer in order to share with a group chat. For laughs. Naturally, I did the first thing most of us do when that happens: I typed the query into Google’s Image Search. To my dismay, all of the first results were […]

Categories
Cryptocurrency

Kerlissions – Trivial Collisions in Iota’s Hash Function (Kerl)

Historical Context of Iota’s Hash Functions Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following: In response to this research, the Iota developers threatened to sue the researchers. Iota replaced Curl-P-27 with a […]

Categories
Cryptography

Comparison of Symmetric Encryption Methods

There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against each other. Today, we’re going to look at how some symmetric encryption methods stack up against each other. If you’re just looking for a short […]

Categories
Furry Fandom Meta

A Word on Anti-Furry Sentiments in the Tech Community

Sometimes my blog posts end up on social link-sharing websites with a technology focus, such as Lobste.rs or Hacker News. On a good day, this presents an opportunity to share one’s writing with a larger audience and, more importantly, solicit a wider variety of feedback from one’s peers. However, sometimes you end up with feedback […]

Categories
Cryptography Software Security

GNU: A Heuristic for Bad Cryptography

If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree. This is as true of GnuPG (and PGP in general) as it is of designs like the proposed GNU Name System (IETF draft) and cryptographic […]

Categories
Meta

Don’t Forget to Brush Your Fur

There are a lot of random topics I’ve wanted to write about since I started Dhole Moments, and for one reason or another, haven’t actually written about. I know from past experience with other projects that if you don’t occasionally do some housekeeping, your backlog eventually collapses under its own gravity and you can never […]

Categories
Featured Furries

Rhyner Writes – How to Chat with Furries

Rhyner has published a guide to chatting with furries and overcoming one’s anxiety and self-doubt. If you have a hard time starting up a conversation with furries, you’ll certainly find this helpful. Note that not all conversations have the same flow, and you definitely shouldn’t force yourself into the confines of [a] template structure. Keep […]

Categories
Politics

How and Why America Was Hit So Hard By COVID-19

As America prepares for record-breaking infection statistics on a daily basis, many of us are looking at other countries safely reopening and wondering, “Why can’t we have nice things?” Of course, everyone has their favorite target to blame for this catastrophe. Democrats blame Republicans. Republicans blame Democrats. I’m not interested in blame. Regardless of who […]

Categories
Furry Fandom

On Death and Subculture

This year (2020) has brought a lot of death. Friends, neighbors, coworkers, family members, and even some of the strangers you saw every day in your commute to work but never even stopped to learn their name. Of course, people dying isn’t exactly news. People in all of those groups have died all the time, […]

Categories
Furry Fandom

Resolving The Reoccurring Discourse on Furry Twitter

While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–usually sparked by someone saying or doing something shitty–and never actually lead to a productive result. Let’s look at a few of […]

Categories
Furry Fandom

The World Needs More Furry Bloggers

Despite the awesomeness and diversity that the furry fandom offers the world, there is a very narrow subset of furry content creation that has attained popular appeal within our community. If you want to create and share furry art, there are at least a half dozen furry websites dedicated to furry art (including FurAffinity). If […]

Categories
Featured Furries

Fuzzball Storytime – “The Fandom”: A Blast From the Past

Moonraiser from Fuzzballstorytime.com published a review of the documentary film made by Ash Coyote called “The Fandom”. One thing I like most about this film is its representation of the LGBT community. It is a community that has faced many challenges over the years, but with the help of the furry fandom LGBT members have […]

Categories
Cryptography Technology

How To Learn Cryptography as a Programmer

A question I get asked frequently is, “How did you learn cryptography?” I could certainly tell everyone my history as a self-taught programmer who discovered cryptography when, after my website for my indie game projects kept getting hacked, I was introduced to cryptographic hash functions… but I suspect the question folks want answered is, “How […]

Categories
Uncategorized

#PrideMonth

I rarely think about the labels that describe me. That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and we’ve been able to cultivate an environment where I’m not constantly reminded of why I don’t “belong”. (It took many grueling years to achieve that, […]

Categories
Furry Fandom Technology

Furward Momentum – Introduction

I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set the stage a bit. The Situation Today (By “Today”, I mean early May 2020, when I started writing this series.) In […]

Categories
Cryptography

Learning from LadderLeak: Is ECDSA Broken?

A paper was published on the IACR’s ePrint archive yesterday, titled LadderLeak: Breaking ECDSA With Less Than One Bit of Nonce Leakage. The ensuing discussion on /r/crypto led to several interesting questions that I thought would be worth capturing and answering in detail. What’s Significant About the LadderLeak Paper? This is best summarized by Table […]

Categories
Cryptography

Why AES-GCM Sucks

If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implementations of cryptography, and my years of experience in this field have led me to dislike AES-GCM. This post is about why I dislike AES-GCM’s design, not […]

Categories
Furry Fandom Online Privacy

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by this website are upset and would like to exercise their legal recourse (i.e. DMCA takedown emails) of the scam […]

Categories
Cybercrime

Fraudulent Apps on the Google Play Store: COVID-19 Contact Tracing Edition

Cryptographers around the world are still designing privacy-preserving contact tracing systems for combating the spread of COVID-19. Even though some papers have been published (one using zero-knowledge proofs, another based on blockchain (sigh)), the ink is still very wet. The first framework designed by Apple and Google needs work but was surprisingly not god-awful. That […]

Categories
Cryptography

Putting the “Fun” in “Hash Function”

There are several different methods for securely hashing a password server-side for storage and future authentication. The most common one (a.k.a. the one that FIPS allows you to use, if compliance matters for you) is called PBKDF2. It stands for Password-Based Key Derivation Function #2. Why #2? It’s got nothing to do with pencils. There […]

Categories
Cryptography

Hedged Signatures with Libsodium using Dhole

In 2017, cryptography researchers from Kudelski Security demonstrated practical fault attacks against EdDSA (specifically Ed25519; RFC 8032). Their techniques are also applicable to Deterministic ECDSA (RFC 6979), and potentially work against any deterministic signature scheme (n.b. the Fiat-Shamir or Schnorr distinction isn’t meaningful in this context). Although that might seem alarming, fault attacks aren’t especially […]

Categories
Furry Fandom Humor

Furiosity Thrilled the Cat: Questions People Ask About the Furry Fandom

Art by Kyume. Search engines have this feature where if you start to type a question, it will attempt to predict your question based on what other people have asked. This has some hilarious consequences. Sometimes this feature gets gamed by large hordes of shitty people (read: 4chan) typing provocative questions into search engines. Let’s […]

Categories
Humor Software Security

Why Server-Side Input Validation Matters

Update (2020-04-29): Twitter has fixed their oversight. Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text. The original article follows after the separator. I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve […]

Categories
Cryptography

A Furry’s Guide to Digital Signature Algorithms

Let’s talk about digital signature algorithms. Digital signature algorithms are one of the coolest ideas to come out of asymmetric (a.k.a. public-key) cryptography, but they’re so simple and straightforward that most cryptography nerds don’t spend a lot of time thinking about them. Even though you are more likely to run into a digital signature as […]

Categories
Furry Fandom

Never Underestimate the Furry Fandom

My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs. …Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I […]

Categories
Video Games

What Your Favorite Video Game Genre Says About Your Moral Character

My friends play a lot of video games, and I sometimes join them, but more often I just observe. And over the years of observing, I’ve noticed a few things worth sharing. Every video game is somewhat different and the lines can sometimes be a bit blurry, but with a few exceptions, the concept of […]

Categories
Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]

Categories
Cryptography

Elliptic Curve Diffie-Hellman for Humans and Furries

Suppose you need to encrypt data between two peer-to-peer devices over an untrusted medium (i.e. the Internet), and you have an authenticated low-bandwidth channel that can be used to send and authenticate a few bytes (less than 100), but that channel isn’t itself encrypted (otherwise it’d be a chicken-and-egg problem). Aside: If it helps your […]