Categories
(Anti-)Social Media Meta-blog The Furry Fandom

This Would Be More Professionally Useful If Not For the Furry Art

The people afraid to show their peers or bosses my technical writing because it also contains furry art are some of the dumbest cowards in technology. Considering the recent events at ApeFest, a competitive level of stupidity is quite impressive. To be clear, the exhibited stupidity in question is their tendency to project their own […]

Categories
The Furry Fandom

Aural Alliance – Furry Music to Wag / Pounce to

Dhole Moments is not a music blog. I will not pretend to be an expert on music, music theory, or music appreciation. But it goes even further than that: I am so untalented at music that I exert a vacuum pressure on musicians who cross my path at furry conventions. Regular readers of my blog […]

Categories
Open Source

A Plan for Multicast Support in Noise-based Protocols

If you’ve paid attention to Hacker News or various technology subreddits in recent years, you may have noticed the rise of VPN companies like Tailscale and ZeroTier. At the core of their networking products is a Noise-based Protocol (often WireGuard). If you haven’t been paying attention to Hacker News or Reddit, that’s probably healthy. Keep […]

Categories
Meta-blog

I Don’t Care if Strangers Can Take Me Seriously

A few days ago, I wrote a personal blurb about my experience with Return-to-Office, Forced Relocation, and top-down Corporate Bullshit. This was a departure from my usual fare in two ways: I had figured that quick write-up would fill the void while I work on the more ambitious technical blog posts I have planned for […]

Categories
Meta-blog Security Industry Society

Return to Office Is Bullshit And Everyone Knows It

I quit my job towards the end of last month. When I started this blog, I told myself, “Don’t talk about work.” Since my employment is in the rear view mirror, I’m going to bend that rule for once. And most likely, only this one time. Why? Since I wrote a whole series about how […]

Categories
Security Community Security Industry

DEFCON Quantum Village 2: Electric Boogaloo

Last year, I went to the Quantum Village and encountered some absolute bullshit, which I proceeded to call out. This year, while I was walking around the Crypto + Privacy Village at DEFCON 31 in fursuit, a wild Cendyne approached me and asked, “There are going to be some debates at the Quantum Village; do […]

Categories
Society The Furry Fandom

On Furries and the Media

Recently, there has been a lot of misinformation and propaganda flying around the American news media about the furry fandom. Unfortunately, this seems to be increasing with time. Consequently, there are a lot of blanket statements and hot takes floating around social media right now about whether or not furries should talk with journalists. That […]

Categories
(Anti-)Social Media Meta-blog

Something to Always Keep in Mind

Regular readers of Dhole Moments should always keep this in mind:

Categories
Cryptography

Asymmetric Cryptographic Commitments

Recently, it occurred to me that there wasn’t a good, focused resource that covers commitments in the context of asymmetric cryptography. I had covered confused deputy attacks in my very short (don’t look at the scroll bar) blog post on database cryptography., and that’s definitely relevant. I had also touched on the subject of commitment […]

Categories
Cryptography

Database Cryptography Fur the Rest of Us

An introduction to database cryptography.

Categories
(Anti-)Social Media The Furry Fandom

Dogwhistles and Other Falsehoods Uttered About Furries

A quick reference to anti-furry dog-whistles for busy journalists and investigative reporters.

Categories
Security Community

How You Respond to Security Researchers Says Everything About You

Tails from the Cryptographic Side of Security Research

Categories
Meta-blog

Hindsight is 2022

A recap of this blog and its author in 2022

Categories
Cryptography

What We Do in the /etc/shadow – Cryptography with Passwords

Ever since the famous “Open Sesame” line from One Thousand and One Nights, humanity was doomed to suffer from the scourge of passwords. Even in a world where we use hardware tokens with asymmetric cryptography to obviate the need for passwords in modern authentication protocols, we’ll still need to include “something you know” for legal […]

Categories
Cryptography

Extending the AES-GCM Nonce Without Nightmare Fuel

When it comes to AES-GCM, I am not a fan. Most of my gripes fall into one of two categories: However, one of my gripes technically belongs in both categories: The small nonce size, which is caused by AES’s block size, limits the amount of data you can safely encrypt with a single symmetric key. […]

Categories
(Anti-)Social Media

Security Research on Twitter: Before and After Musk’s Takeover

I got banned for criticizing Twitter’s security, as I’ve done often in the past without repercussion.

Categories
(Anti-)Social Media Cryptography Open Source

Towards End-to-End Encryption for Direct Messages in the Fediverse

As Twitter’s new management continues to nosedive the platform directly into the ground, many people are migrating to what seem like drop-in alternatives; i.e. Cohost and Mastodon. Some are even considering new platforms that none of us have heard of before (one is called “Hive”). Needless to say, these are somewhat chaotic times. One topic […]

Categories
(Anti-)Social Media Society The Furry Fandom

Contemplating the Future

What will become of the Internet, and the furry fandom, if Elon Musk kills Twitter?

Categories
Society

Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team?

A nuanced answer to the obvious question in response to Patreon firing an entire Security Team in 2022.

Categories
The Furry Fandom

Hobbies Don’t Need to be Policed

We don’t need stupid rules about fursuiting at furry conventions

Categories
Cryptography Software Security Vulnerability

Cryptographic Agility and Superior Alternatives

Cryptographic agility is a vaguely defined property, but is commonly understood to mean, “Able to quickly swap between cryptographic primitives in response to new attacks.” Wikipedia defines cryptographic agility as: Cryptographic agility is a practice paradigm in designing information security protocols and standards in a way so that they can support multiple cryptographic primitives and […]

Categories
Bullshit Cryptography

Burning Trust at the Quantum Village at DEFCON 30

feat. Vikram Sharma of QuintessenceLabs

Categories
Open Source

Introducing Cupcake

Form generating and processing library for PHP 8 projects

Categories
(Anti-)Social Media Society The Furry Fandom

A Greymuzzle’s Lament

On Puriteens, Furries, and the future of the LGBTQIA+ Community

Categories
Software Security

When Soatok Used Bugcrowd

and Got Banned for Doing the Right Thing

Categories
Cryptography

Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022

A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.

Categories
Badness Society The Furry Fandom

Was the Buffalo Shooter A Furry?

Obviously, no, he wasn’t. But facts aren’t likely to change the minds of people who are already motivated to hate furries.

Categories
Badness The Furry Fandom

Bad Furries Aren’t Representative of the Entire Fandom

One bad furry doesn’t spoil hundreds of thousands of bunches.

Categories
Society The Furry Fandom

The Dark Truth About the “Furry Protocol”

Do public schools really have a secret “furry protocol” to allow K-12 students that identify as cats to use litter boxes in restrooms? No.

Categories
Society The Furry Fandom

On the (In)security of Social Media Callouts

If your first instinct upon reading the title of this blog post was the Ctrl+F for the words “SJW”, “woke”, or “cancel culture”, you’re already assuming incorrectly about this post and the author’s positions. If “please don’t do that” is asking too much, maybe sit this one out? We like to think we live in […]

Categories
Cryptography Software Security

Using RSA Securely in 2022

If you really must support RSA in 2022, here’s some things to keep in mind.

Categories
The Furry Fandom

That One Time Furries Saved a Library

The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.

Categories
Cryptography

The Controversy Surrounding Hybrid Cryptography

Who knew Hybrid Cryptography (which combines Post-Quantum Cryptography with Pre-Quantum Cryptography) would be controversial?

Categories
(Anti-)Social Media Society

Don’t Dunk the Gunk

How to Avoid Accidentally Amplifying Assholes on Twitter

Categories
(Anti-)Social Media

How to Remove Twitter Spaces

How to get rid of the Twitter feature nobody asked for, that takes up the top part of your screen, and nobody can dismiss.

Categories
Meta-blog

For Your Infurmation

A recap of Dhole Moments in the year 2021.

Categories
Cryptography

Understanding HKDF

HKDF has poorly-understood subtleties. Let’s explore them in detail.

Categories
Meta-blog

My Blog Isn’t a Platform for Internet Randos

Clearly explaining the Dhole Moments content policy.

Categories
Cryptography Software Security Vulnerability

Threema: Three Strikes, You’re Out

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Categories
Bullshit

Against Web3 and Faux-Decentralization

Despite the hype, Web3 offers fake decentralization and builds upon technology you could build without cryptocurrency.

Categories
The Furry Fandom

Furry Porn Against NFTs: A Call to Forearms

In A Furry’s Guide to Cryptocurrency, I briefly mentioned that NFTs are a dumb idea and not a valid reason for anyone–but especially furries–to get involved with cryptocurrency. The legitimate reasons for furries to consider cryptocurrency are to protect porn artists and sex workers from the overreach of the conservative finance sector. To bank the […]

Categories
Bullshit Cryptography

The Bi-Symmetric Encryption Fraud

Crackpot cryptography, overconfidence, and attempts to defraud governments and private-sector startups.

Categories
Cryptography

Programmers Don’t Understand Hash Functions

Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function” in the title, you might have assumed this was going to be a blog post about password storage. (Passwords are the most common knee-jerk reaction […]

Categories
Cryptography Vulnerability

Timing Attack on SQL Queries Through Lobste.rs Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

Categories
Cryptography

Safer Illinois, Isn’t

Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway.

Categories
Cryptography Meta-blog Society The Furry Fandom

Lightning Round

An assortment of topics that don’t quite deserve their own dedicated blog post.

Categories
Society The Furry Fandom

Selfishness: The Pandemic We Can’t Develop a Vaccine Against

“You’re going to love this, trust me. What you’re seeing now is my normal state. This is a super-spreader. And this… This is what is known as a super-spreader that has ascended above a super-spreader. Or, you could just call this a super-spreader two. AND THIS. AND THIS IS TO GO EVEN FURTHER BEYOND!!” 2021 […]

Categories
Cryptography Software Security

Canonicalization Attacks Against MACs and Signatures

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]

Categories
(Anti-)Social Media Badness The Furry Fandom

Furry Amino Sucks at Art Attribution

Over the weekend, I decided to make an account on Furry Amino. My reasoning at the time was, “A lot of furries lurk there, I should see what it’s about.” That was a bad move that I’d like to discourage others from making. What’s Furry Amino? Furry Amino is a furry-centric community on the Amino […]

Categories
Badness Society

Blue Alerts: Security Theater and Copaganda

Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a […]