Categories
Cryptography

Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022

A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.

Categories
Badness Furry Fandom Society

Was the Buffalo Shooter A Furry?

Obviously, no, he wasn’t. But facts aren’t likely to change the minds of people who are already motivated to hate furries.

Categories
Badness Furry Fandom

Bad Furries Aren’t Representative of the Entire Fandom

One bad furry doesn’t spoil hundreds of thousands of bunches.

Categories
Furry Fandom Society

The Dark Truth About the “Furry Protocol”

Do public schools really have a secret “furry protocol” to allow K-12 students that identify as cats to use litter boxes in restrooms? No.

Categories
Furry Fandom Social Media Society

On the (In)security of Social Media Callouts

If your first instinct upon reading the title of this blog post was the Ctrl+F for the words “SJW”, “woke”, or “cancel culture”, you’re already assuming incorrectly about this post and the author’s positions. If “please don’t do that” is asking too much, maybe sit this one out? We like to think we live in […]

Categories
Cryptography Software Security

Using RSA Securely in 2022

If you really must support RSA in 2022, here’s some things to keep in mind.

Categories
Furry Fandom

That One Time Furries Saved a Library

The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.

Categories
Cryptography

The Controversy Surrounding Hybrid Cryptography

Who knew Hybrid Cryptography (which combines Post-Quantum Cryptography with Pre-Quantum Cryptography) would be controversial?

Categories
Social Media Society

Don’t Dunk the Gunk

How to Avoid Accidentally Amplifying Assholes on Twitter

Categories
Social Media

How to Remove Twitter Spaces

How to get rid of the Twitter feature nobody asked for, that takes up the top part of your screen, and nobody can dismiss.

Categories
Meta

For Your Infurmation

A recap of Dhole Moments in the year 2021.

Categories
Cryptography

Understanding HKDF

HKDF has poorly-understood subtleties. Let’s explore them in detail.

Categories
Meta

My Blog Isn’t a Platform for Internet Randos

Clearly explaining the Dhole Moments content policy.

Categories
Cryptography Software Security Vulnerability

Threema: Three Strikes, You’re Out

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Categories
Cryptocurrency Technology

Against Web3 and Faux-Decentralization

Despite the hype, Web3 offers fake decentralization and builds upon technology you could build without cryptocurrency.

Categories
Furry Fandom

Furry Porn Against NFTs: A Call to Forearms

In A Furry’s Guide to Cryptocurrency, I briefly mentioned that NFTs are a dumb idea and not a valid reason for anyone–but especially furries–to get involved with cryptocurrency. The legitimate reasons for furries to consider cryptocurrency are to protect porn artists and sex workers from the overreach of the conservative finance sector. To bank the […]

Categories
Cryptography

The Bi-Symmetric Encryption Fraud

Crackpot cryptography, overconfidence, and attempts to defraud governments and private-sector startups.

Categories
Cryptography

Programmers Don’t Understand Hash Functions

Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function” in the title, you might have assumed this was going to be a blog post about password storage. (Passwords are the most common knee-jerk reaction […]

Categories
Cryptography Vulnerability

Timing Attack on SQL Queries Through Lobste.rs Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

Categories
Cryptography Vulnerability

Safer Illinois, Isn’t

Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway.

Categories
Cryptography Furry Fandom Meta Society

Lightning Round

An assortment of topics that don’t quite deserve their own dedicated blog post.

Categories
Furry Fandom Society

Selfishness: The Pandemic We Can’t Develop a Vaccine Against

“You’re going to love this, trust me. What you’re seeing now is my normal state. This is a super-spreader. And this… This is what is known as a super-spreader that has ascended above a super-spreader. Or, you could just call this a super-spreader two. AND THIS. AND THIS IS TO GO EVEN FURTHER BEYOND!!” 2021 […]

Categories
Cryptography Software Security

Canonicalization Attacks Against MACs and Signatures

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]

Categories
Badness Furry Fandom Social Media

Furry Amino Sucks at Art Attribution

Over the weekend, I decided to make an account on Furry Amino. My reasoning at the time was, “A lot of furries lurk there, I should see what it’s about.” That was a bad move that I’d like to discourage others from making. What’s Furry Amino? Furry Amino is a furry-centric community on the Amino […]

Categories
Badness Society

Blue Alerts: Security Theater and Copaganda

Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a […]

Categories
Furry Fandom

A Furry’s Guide to Telegram

A question I often get–especially from cryptography experts: What is it with furries and Telegram? No, they’re almost certainly not talking about that. Most furries use Telegram to keep in touch with other members of our community. This leads many to wonder, “Why Telegram of all platforms?” The answer is simple: Stickers. Telegram was the […]

Categories
Badness Cryptography Meta Society

On the Word “Nonce” in Cryptography and the UK

Earlier today, I made a Twitter shitpost that confused a lot of folks from the UK. Now, anyone can be forgiven for not knowing what AES-GCM-SIV is, or for being confused by the grammar of the meme. But the source of confusion was the word “nonce”. Let’s talk about what the word “nonce” means in […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #2: Timing Side-Channels

Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of side-channel cryptanalysis is one of the subjects I’m deeply fascinated by, and it’s something you’ll hear me yap about a lot on this blog in the future. […]

Categories
Furry Fandom Society

Why Furries Make Excellent Hackers

Briefly explaining the Infursec prevalence within InfoSec

Categories
Badness Social Media

A Balanced Response to Allen Gwinn

Responding to “Our cybersecurity ‘industry best practices’ keep allowing breaches”

Categories
Badness Society

Avoiding the Frigid Hellscape of Online Marketing

An Internet Marketer Offered Me $100 to Betray Myself and My Community

Categories
Furry Fandom

World Dhole Day 2021

Join us on May 28 for World Dhole Day in support of the Dhole Conservation Fund.

Categories
Society

Why I Chose to Be Vaccinated Against COVID-19

#WhyIGotVaxxed

Categories
Society

Against Hierarchies

One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game. Tier lists are just […]

Categories
Furry Fandom Society

A Furry’s Guide to Cryptocurrency

Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how […]

Categories
Furry Fandom Society

The Furry / Sexuality Blog Post

Sexuality and the Furry Fandom.

Categories
Furry Fandom Meta Society

No, It’s Not Just You That’s Having a Hard Time Lately

I’m not going to mince words on this one. No, it’s not just you. No, it’s not your fault. No, nobody knows what to do about it. Recently, a lot of furry artists and content creators have expressed a sentiment of frustration and listlessness with their own work. (Both privately and publicly.) This is usually […]

Categories
Cryptography

Understanding Extended-Nonce Constructions

How and why XSalsa20/XChaCha were designed, and why they’re secure.

Categories
Badness Society

No Gates, No Keepers

The technology industry is hurt at every level by toxic gatekeeping.

Categories
Cryptography Software Security

Cryptography Interface Design is a Security Concern

Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings the Hidden Number attack to finite field Diffie-Hellman in TLS? And while this sort of research is important and fun, most software developers have much […]

Categories
Badness Cryptography Software Security Vulnerability

On The Toxicity of Zed A. Shaw

Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)

Categories
Cryptography

Crackpot Cryptography and Security Theater

Tales from the Crypt[ography].

Categories
Social Media

Twitter’s Birdwatch is Fundamentally Flawed

The fatal flaw of Birdwatch’s current design and how it can be fixed.

Categories
Society

No, You’re Not a “Sigma Male”

“Sigma Male” is just the latest trend in pick-up artist/involuntary celibate/anti-feminist grifting.

Categories
Cryptography Software Security

Please Stop Encrypting with RSA Directly

RSA is for encrypting symmetric keys, not entire messages. Pass it on.

Categories
Furry Fandom

Welcome to the Furry Fandom

Welcome to the furry fandom, please enjoy your stay! ^w^

Categories
Cryptography

Block Cipher Structures: Ranked

An opinionated curation of different classes of block ciphers, ranked by an opinionated furry.

Categories
Badness Vulnerability

Masks Off for TheDonald.win

The server for thedonald.win is hosted at 167.114.145.140. Read on to learn how I discovered this.

Categories
Meta

The Story So Fur

A recap of Dhole Moments in the year 2020.

Categories
Cryptography

Cryptographic Wear-Out for Symmetric Encryption

As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you’ve used the same key to encrypt so much data that you should probably switch to a new key before you encrypt any more. Otherwise, […]