Categories
(Anti-)Social Media Cryptography Open Source

Towards End-to-End Encryption for Direct Messages in the Fediverse

As Twitter’s new management continues to nosedive the platform directly into the ground, many people are migrating to what seem like drop-in alternatives; i.e. Cohost and Mastodon. Some are even considering new platforms that none of us have heard of before (one is called “Hive”). Needless to say, these are somewhat chaotic times. One topic […]

Categories
(Anti-)Social Media The Furry Fandom

Contemplating the Future

What will become of the Internet, and the furry fandom, if Elon Musk kills Twitter?

Categories
Society

Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team?

A nuanced answer to the obvious question in response to Patreon firing an entire Security Team in 2022.

Categories
The Furry Fandom

Hobbies Don’t Need to be Policed

We don’t need stupid rules about fursuiting at furry conventions

Categories
Cryptography Software Security Vulnerability

Cryptographic Agility and Superior Alternatives

Cryptographic agility is a vaguely defined property, but is commonly understood to mean, “Able to quickly swap between cryptographic primitives in response to new attacks.” Wikipedia defines cryptographic agility as: Cryptographic agility is a practice paradigm in designing information security protocols and standards in a way so that they can support multiple cryptographic primitives and […]

Categories
Bullshit Cryptography

Burning Trust at the Quantum Village at DEFCON 30

feat. Vikram Sharma of QuintessenceLabs

Categories
Open Source

Introducing Cupcake

Form generating and processing library for PHP 8 projects

Categories
(Anti-)Social Media Society The Furry Fandom

A Greymuzzle’s Lament

On Puriteens, Furries, and the future of the LGBTQIA+ Community

Categories
Software Security Vulnerability

When Soatok Used Bugcrowd

and Got Banned for Doing the Right Thing

Categories
Cryptography

Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022

A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.

Categories
Badness Politics Society The Furry Fandom

Was the Buffalo Shooter A Furry?

Obviously, no, he wasn’t. But facts aren’t likely to change the minds of people who are already motivated to hate furries.

Categories
Badness The Furry Fandom

Bad Furries Aren’t Representative of the Entire Fandom

One bad furry doesn’t spoil hundreds of thousands of bunches.

Categories
Politics Society The Furry Fandom

The Dark Truth About the “Furry Protocol”

Do public schools really have a secret “furry protocol” to allow K-12 students that identify as cats to use litter boxes in restrooms? No.

Categories
Society The Furry Fandom

On the (In)security of Social Media Callouts

If your first instinct upon reading the title of this blog post was the Ctrl+F for the words “SJW”, “woke”, or “cancel culture”, you’re already assuming incorrectly about this post and the author’s positions. If “please don’t do that” is asking too much, maybe sit this one out? We like to think we live in […]

Categories
Cryptography Software Security

Using RSA Securely in 2022

If you really must support RSA in 2022, here’s some things to keep in mind.

Categories
Politics The Furry Fandom

That One Time Furries Saved a Library

The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.

Categories
Cryptography

The Controversy Surrounding Hybrid Cryptography

Who knew Hybrid Cryptography (which combines Post-Quantum Cryptography with Pre-Quantum Cryptography) would be controversial?

Categories
(Anti-)Social Media

Don’t Dunk the Gunk

How to Avoid Accidentally Amplifying Assholes on Twitter

Categories
(Anti-)Social Media

How to Remove Twitter Spaces

How to get rid of the Twitter feature nobody asked for, that takes up the top part of your screen, and nobody can dismiss.

Categories
Meta

For Your Infurmation

A recap of Dhole Moments in the year 2021.

Categories
Cryptography

Understanding HKDF

HKDF has poorly-understood subtleties. Let’s explore them in detail.

Categories
Meta

My Blog Isn’t a Platform for Internet Randos

Clearly explaining the Dhole Moments content policy.

Categories
Cryptography Online Privacy Software Security Vulnerability

Threema: Three Strikes, You’re Out

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Categories
Bullshit Cryptocurrency Technology

Against Web3 and Faux-Decentralization

Despite the hype, Web3 offers fake decentralization and builds upon technology you could build without cryptocurrency.

Categories
The Furry Fandom

Furry Porn Against NFTs: A Call to Forearms

In A Furry’s Guide to Cryptocurrency, I briefly mentioned that NFTs are a dumb idea and not a valid reason for anyone–but especially furries–to get involved with cryptocurrency. The legitimate reasons for furries to consider cryptocurrency are to protect porn artists and sex workers from the overreach of the conservative finance sector. To bank the […]

Categories
Bullshit Cryptography Cybercrime

The Bi-Symmetric Encryption Fraud

Crackpot cryptography, overconfidence, and attempts to defraud governments and private-sector startups.

Categories
Cryptography

Programmers Don’t Understand Hash Functions

Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function” in the title, you might have assumed this was going to be a blog post about password storage. (Passwords are the most common knee-jerk reaction […]

Categories
Cryptography Vulnerability

Timing Attack on SQL Queries Through Lobste.rs Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

Categories
Cryptography Vulnerability

Safer Illinois, Isn’t

Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway.

Categories
Cryptography Meta Society The Furry Fandom

Lightning Round

An assortment of topics that don’t quite deserve their own dedicated blog post.

Categories
Politics Society The Furry Fandom

Selfishness: The Pandemic We Can’t Develop a Vaccine Against

“You’re going to love this, trust me. What you’re seeing now is my normal state. This is a super-spreader. And this… This is what is known as a super-spreader that has ascended above a super-spreader. Or, you could just call this a super-spreader two. AND THIS. AND THIS IS TO GO EVEN FURTHER BEYOND!!” 2021 […]

Categories
Cryptography Software Security

Canonicalization Attacks Against MACs and Signatures

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]

Categories
(Anti-)Social Media Badness The Furry Fandom

Furry Amino Sucks at Art Attribution

Over the weekend, I decided to make an account on Furry Amino. My reasoning at the time was, “A lot of furries lurk there, I should see what it’s about.” That was a bad move that I’d like to discourage others from making. What’s Furry Amino? Furry Amino is a furry-centric community on the Amino […]

Categories
Badness Politics Society Technology

Blue Alerts: Security Theater and Copaganda

Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a […]

Categories
Technology The Furry Fandom

A Furry’s Guide to Telegram

A question I often get–especially from cryptography experts: What is it with furries and Telegram? No, they’re almost certainly not talking about that. Most furries use Telegram to keep in touch with other members of our community. This leads many to wonder, “Why Telegram of all platforms?” The answer is simple: Stickers. Telegram was the […]

Categories
Badness Cryptography Meta Society

On the Word “Nonce” in Cryptography and the UK

Earlier today, I made a Twitter shitpost that confused a lot of folks from the UK. Now, anyone can be forgiven for not knowing what AES-GCM-SIV is, or for being confused by the grammar of the meme. But the source of confusion was the word “nonce”. Let’s talk about what the word “nonce” means in […]

Categories
Cryptography Software Security Technology

Dead Ends in Cryptanalysis #2: Timing Side-Channels

Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of side-channel cryptanalysis is one of the subjects I’m deeply fascinated by, and it’s something you’ll hear me yap about a lot on this blog in the future. […]

Categories
Society The Furry Fandom

Why Furries Make Excellent Hackers

Briefly explaining the Infursec prevalence within InfoSec

Categories
(Anti-)Social Media Badness Technology

A Balanced Response to Allen Gwinn

Responding to “Our cybersecurity ‘industry best practices’ keep allowing breaches”

Categories
Badness Society

Avoiding the Frigid Hellscape of Online Marketing

An Internet Marketer Offered Me $100 to Betray Myself and My Community

Categories
The Furry Fandom

World Dhole Day 2021

Join us on May 28 for World Dhole Day in support of the Dhole Conservation Fund.

Categories
Society

Why I Chose to Be Vaccinated Against COVID-19

#WhyIGotVaxxed

Categories
Society

Against Hierarchies

One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game. Tier lists are just […]

Categories
Cryptocurrency Politics Society The Furry Fandom

A Furry’s Guide to Cryptocurrency

Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how […]

Categories
Society The Furry Fandom

The Furry / Sexuality Blog Post

Sexuality and the Furry Fandom.

Categories
Meta The Furry Fandom

No, It’s Not Just You That’s Having a Hard Time Lately

I’m not going to mince words on this one. No, it’s not just you. No, it’s not your fault. No, nobody knows what to do about it. Recently, a lot of furry artists and content creators have expressed a sentiment of frustration and listlessness with their own work. (Both privately and publicly.) This is usually […]

Categories
Cryptography

Understanding Extended-Nonce Constructions

How and why XSalsa20/XChaCha were designed, and why they’re secure.

Categories
Badness Society

No Gates, No Keepers

The technology industry is hurt at every level by toxic gatekeeping.

Categories
Cryptography Software Security

Cryptography Interface Design is a Security Concern

Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings the Hidden Number attack to finite field Diffie-Hellman in TLS? And while this sort of research is important and fun, most software developers have much […]

Categories
Badness Cryptography Software Security Vulnerability

On The Toxicity of Zed A. Shaw

Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)