Categories
Society

No, You’re Not a “Sigma Male”

“Sigma Male” is just the latest trend in pick-up artist/involuntary celibate/anti-feminist grifting.

Categories
Cryptography Software Security

Please Stop Encrypting with RSA Directly

RSA is for encrypting symmetric keys, not entire messages. Pass it on.

Categories
Furry Fandom

Welcome to the Furry Fandom

Welcome to the furry fandom, please enjoy your stay! ^w^

Categories
Cryptography

Block Cipher Structures: Ranked

An opinionated curation of different classes of block ciphers, ranked by an opinionated furry.

Categories
Online Privacy Technology

Masks Off for TheDonald.win

The server for thedonald.win is hosted at 167.114.145.140. Read on to learn how I discovered this.

Categories
Meta

The Story So Fur

A recap of Dhole Moments in the year 2020.

Categories
Cryptography

Cryptographic Wear-Out for Symmetric Encryption

As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you’ve used the same key to encrypt so much data that you should probably switch to a new key before you encrypt any more. Otherwise, […]

Categories
Cybercrime Social Media

Putting Scammers on Scan on Twitter

Earlier tonight, someone decided to change their Twitter handle and display name to impersonate a furry and solicit money to the scammer’s PayPal account. This is the same kind of lazy technique that script kiddies use to phish people for passwords, but more targeted. The goal is to dupe someone into sending the scammer money […]

Categories
Featured Furries

Opinionated Guides by Vega Deftwing

Vega of Opinionated Guides (OpGuides for short) recently asked to interview me for their website hosted on Github Pages. You can read the interview here if that strikes your fancy. Opinionated Guides is a quite excellent learning resource for various topics ranging from engineering to art, music, and philosophy. One thing I really like about […]

Categories
Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]

Categories
Cryptography Online Privacy

Going Bark: A Furry’s Guide to End-to-End Encryption

Governments are back on their anti-encryption bullshit again. Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia’s new anti-encryption law, it’s become clear that the authoritarians in office view online privacy as a threat to their existence. Normally, when the governments increase their anti-privacy sabre-rattling, technologists start talking more […]

Categories
Social Media

Deplatforming Hate and Harassment

How to more effectively report abuse to social media companies like Twitter.

Categories
Furry Fandom Meta Politics Society

You’re Not Alone; It Gets Better

We’ve more-or-less all been coping with the pandemic since early March. During this time, I’ve seen a lot of people stressed and depressed to their breaking points, usually while also blaming themselves for not being able to bottle their feelings up and believing no one else is at their limit. And that’s simply not true. […]

Categories
Cryptography Online Privacy Technology

A Brief Introduction to Deniability

Earlier this week, security researcher Ryan Castellucci published a blog post with a somewhat provocative title: DKIM: Show Your Privates. After reading the ensuing discussions on Hacker News and Reddit about their DKIM post, it seems clear that the importance of deniability in online communications seems to have been broadly overlooked. Security Goals, Summarized When […]

Categories
Cryptography

Bizarre Design Choices in Zoom’s End-to-End Encryption

Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers. This is a good move, especially for people living in countries with inept leadership that failed to address the COVID-19 pandemic and therefore need to conduct their work and schooling remotely through software like Zoom. I […]

Categories
Cryptography Furry Fandom Meta

Solving For “Why?”

Why blog about cryptography as a furry?

Categories
Furry Fandom Society

Nearly Everyone Underestimates the Importance of Good Friendships

If living through the COVID-19 pandemic has taught us anything–and it surely hasn’t–it would be the importance of friendship and community to our physical and emotional well-being. For more on the subject of People Who Ought to Know Better Not Learning the Obvious Lessons from Misfortune, one needs look no further than social media. Popularity […]

Categories
Furry Fandom

Commission Prices for Furries and Artists

A frequent source of confusion in the furry fandom is about commission pricing for furry art. This confusion is often driven by (usually younger) furries demanding free or severely cheap art from artists, and the aftermath of such exchanges. There’s a reason @SpicyFurryTakes posts so frequently. In the interest of not adding to the confusion, […]

Categories
Furry Fandom Politics

Politics? In My Fandom?

I dislike politics in general. That doesn’t mean I don’t write about it when it’s relevant, but I’m always less happy with any of my writing that touches on these subjects. I usually feel obligated to condemn these pieces to Draft status in perpetuity. It’d be great if we lived in a world where I […]

Categories
Technology

Vanity, Vendors, and Vulnerabilities

Tonight on InfoSec Twitter, this gem was making the rounds: Hello cybersecurity and election security people,I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of you have a habit of swearing right in the middle of an otherwise deeply insightful tweet that I’d like to use. Please consider not doing this. Best,Joe Identity […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #1: Length Extension Attacks

This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis. Cryptography engineering is one of many specialties within the wider field of security engineering. Security engineering is a discipline that chiefly concerns itself with studying how systems fail in order to build better systems–ones that are […]

Categories
Furry Fandom Humor

Two Weebs and a Furry Walk into a Bar

Serious question: Why doesn’t the Furry Fandom have more comedians? I don’t mean racist loudmouth assholes who wouldn’t know a good joke if it cup-checked them every day after their second cup of coffee for a week straight (i.e. the racist birdbrain). I also don’t mean external comedians making lazy jokes at the expense of […]

Categories
Furry Fandom

Extinguishing a Flaming Pile of Bad Takes on My Doorstep

There’s an old adage on the Internet: “Don’t feed the trolls.” The reasoning for such an argument is kind of a proof by induction if you squint hard enough at its structure: If you don’t feed the trolls, they’ll have to look elsewhere to get the engagement they crave. If you iterate the advice and […]

Categories
Software Security

EduTech Spyware is Still Spyware: Proctorio Edition

Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware. Depending on your persuasion, the previous sentence sounds like either needless pedantry, or it reads like tautology. But we need to be clear on our terms. Educational spyware is […]

Categories
Cryptography

Designing New Cryptography for Non-Standard Threat Models

Since the IETF’s CFRG decided to recommend OPAQUE as a next-generation Password Authenticated Key Exchange, there has been a lot of buzz in the cryptography community about committing authenticated encryption (known to the more academically inclined as Random Key Robustness), because OPAQUE requires an RKR-secure AE scheme. Random Key Robustness is a property that some […]

Categories
Cryptography Software Security

Soatok’s Guide to Side-Channel Attacks

If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]

Categories
Furry Fandom

Amazing Furry Animators on YouTube

Being a furry is like: Every once in a while, you’ll stumble across an enormous contingent of the furry fandom that you were entirely unaware of for years. Sure, you’d expect artists to be furry, but when you’ve run down the checklist of possible hobbies or professions to the point that furry doctors, furry lawyers, […]

Categories
Politics Society

A Few Missing Lessons from American Education

As American students are preparing to return to the classroom during a pandemic–in flagrant disregard of everything ranging from our scientific understanding to matters of good taste–we keep hearing from politicians how essential education is. Of course, if they actually believed the words coming out of their mouth, you’d expect them to be a little […]

Categories
Furry Fandom

All About Dholes and Dhole Fursonas

Some of you may be surprised to learn that my fursona is not a fox, nor a wolf; nor is it a fictitious fox-wolf hybrid popular within the furry fandom (which is usually called a “folf”). No, my fursona is a dhole, which is a real species of endangered wild dogs from Southeast Asia. The […]

Categories
Cryptography

A Brief Opinionated Overview of NIST’s Post-Quantum Cryptography Round 3 Candidates

Earlier this week, NIST announced Round 3 of the Post-Quantum Cryptography project and published their rationale for selecting from the Round 2 candidates. NIST did something clever this time, and Round 3 was separated into two groups: Finalists and Alternative Candidates. Finalists are algorithms that NIST (and the majority of the cryptographers involved in NIST’s […]

Categories
Uncategorized

A Canned Response to My Viral Tweet

This is a bit different from my usual blog post, insofar as I don’t have much of a point except that I’m tired of repeating myself. The other day, I was frustrated about Pinterest clogging up the Google Image Search results and tweeted a really simple and well-known life-hack to counteract their search engine manipulation. […]

Categories
Technology

Dorking Your Way to Search Results That Don’t Suck

I recently needed to find an image that I didn’t have saved on my computer in order to share with a group chat. For laughs. Naturally, I did the first thing most of us do when that happens: I typed the query into Google’s Image Search. To my dismay, all of the first results were […]

Categories
Cryptocurrency

Kerlissions – Trivial Collisions in Iota’s Hash Function (Kerl)

Historical Context of Iota’s Hash Functions Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following: In response to this research, the Iota developers threatened to sue the researchers. Iota replaced Curl-P-27 with a […]

Categories
Cryptography

Comparison of Symmetric Encryption Methods

There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against each other. Today, we’re going to look at how some symmetric encryption methods stack up against each other. If you’re just looking for a short […]

Categories
Furry Fandom Meta

A Word on Anti-Furry Sentiments in the Tech Community

Sometimes my blog posts end up on social link-sharing websites with a technology focus, such as Lobste.rs or Hacker News. On a good day, this presents an opportunity to share one’s writing with a larger audience and, more importantly, solicit a wider variety of feedback from one’s peers. However, sometimes you end up with feedback […]

Categories
Cryptography Software Security

GNU: A Heuristic for Bad Cryptography

If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree. This is as true of GnuPG (and PGP in general) as it is of designs like the proposed GNU Name System (IETF draft) and cryptographic […]

Categories
Meta

Don’t Forget to Brush Your Fur

There are a lot of random topics I’ve wanted to write about since I started Dhole Moments, and for one reason or another, haven’t actually written about. I know from past experience with other projects that if you don’t occasionally do some housekeeping, your backlog eventually collapses under its own gravity and you can never […]

Categories
Featured Furries

Rhyner Writes – How to Chat with Furries

Rhyner has published a guide to chatting with furries and overcoming one’s anxiety and self-doubt. If you have a hard time starting up a conversation with furries, you’ll certainly find this helpful. Note that not all conversations have the same flow, and you definitely shouldn’t force yourself into the confines of [a] template structure. Keep […]

Categories
Politics

How and Why America Was Hit So Hard By COVID-19

As America prepares for record-breaking infection statistics on a daily basis, many of us are looking at other countries safely reopening and wondering, “Why can’t we have nice things?” Of course, everyone has their favorite target to blame for this catastrophe. Democrats blame Republicans. Republicans blame Democrats. I’m not interested in blame. Regardless of who […]

Categories
Furry Fandom

On Death and Subculture

This year (2020) has brought a lot of death. Friends, neighbors, coworkers, family members, and even some of the strangers you saw every day in your commute to work but never even stopped to learn their name. Of course, people dying isn’t exactly news. People in all of those groups have died all the time, […]

Categories
Furry Fandom

Resolving The Reoccurring Discourse on Furry Twitter

While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–usually sparked by someone saying or doing something shitty–and never actually lead to a productive result. Let’s look at a few of […]

Categories
Furry Fandom

The World Needs More Furry Bloggers

Despite the awesomeness and diversity that the furry fandom offers the world, there is a very narrow subset of furry content creation that has attained popular appeal within our community. If you want to create and share furry art, there are at least a half dozen furry websites dedicated to furry art (including FurAffinity). If […]

Categories
Featured Furries

Fuzzball Storytime – “The Fandom”: A Blast From the Past

Moonraiser from Fuzzballstorytime.com published a review of the documentary film made by Ash Coyote called “The Fandom”. One thing I like most about this film is its representation of the LGBT community. It is a community that has faced many challenges over the years, but with the help of the furry fandom LGBT members have […]

Categories
Cryptography Technology

How To Learn Cryptography as a Programmer

A question I get asked frequently is, “How did you learn cryptography?” I could certainly tell everyone my history as a self-taught programmer who discovered cryptography when, after my website for my indie game projects kept getting hacked, I was introduced to cryptographic hash functions… but I suspect the question folks want answered is, “How […]

Categories
Uncategorized

#PrideMonth

I rarely think about the labels that describe me. That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and we’ve been able to cultivate an environment where I’m not constantly reminded of why I don’t “belong”. (It took many grueling years to achieve that, […]

Categories
Furry Fandom Technology

Furward Momentum – Introduction

I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set the stage a bit. The Situation Today (By “Today”, I mean early May 2020, when I started writing this series.) In […]

Categories
Cryptography

Learning from LadderLeak: Is ECDSA Broken?

A paper was published on the IACR’s ePrint archive yesterday, titled LadderLeak: Breaking ECDSA With Less Than One Bit of Nonce Leakage. The ensuing discussion on /r/crypto led to several interesting questions that I thought would be worth capturing and answering in detail. What’s Significant About the LadderLeak Paper? This is best summarized by Table […]

Categories
Cryptography

Why AES-GCM Sucks

If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implementations of cryptography, and my years of experience in this field have led me to dislike AES-GCM. This post is about why I dislike AES-GCM’s design, not […]

Categories
Furry Fandom Online Privacy

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Update (2021-01-09): There’s a newer blog post that covers different CloudFlare deanonymization techniques (with a real world case study). Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by […]

Categories
Cybercrime

Fraudulent Apps on the Google Play Store: COVID-19 Contact Tracing Edition

Cryptographers around the world are still designing privacy-preserving contact tracing systems for combating the spread of COVID-19. Even though some papers have been published (one using zero-knowledge proofs, another based on blockchain (sigh)), the ink is still very wet. The first framework designed by Apple and Google needs work but was surprisingly not god-awful. That […]