A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.

Security engineer with a fursona. Ask me about dholes or Diffie-Hellman!
A cartoon wild canid on the Internet provides general guidance on elliptic curve cryptography parameter choices.
Obviously, no, he wasn’t. But facts aren’t likely to change the minds of people who are already motivated to hate furries.
One bad furry doesn’t spoil hundreds of thousands of bunches.
Do public schools really have a secret “furry protocol” to allow K-12 students that identify as cats to use litter boxes in restrooms? No.
If your first instinct upon reading the title of this blog post was the Ctrl+F for the words “SJW”, “woke”, or “cancel culture”, you’re already assuming incorrectly about this post and the author’s positions. If “please don’t do that” is asking too much, maybe sit this one out? We like to think we live in […]
If you really must support RSA in 2022, here’s some things to keep in mind.
The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.
Who knew Hybrid Cryptography (which combines Post-Quantum Cryptography with Pre-Quantum Cryptography) would be controversial?
How to Avoid Accidentally Amplifying Assholes on Twitter
How to get rid of the Twitter feature nobody asked for, that takes up the top part of your screen, and nobody can dismiss.
A recap of Dhole Moments in the year 2021.
HKDF has poorly-understood subtleties. Let’s explore them in detail.
Clearly explaining the Dhole Moments content policy.
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?
Despite the hype, Web3 offers fake decentralization and builds upon technology you could build without cryptocurrency.
In A Furry’s Guide to Cryptocurrency, I briefly mentioned that NFTs are a dumb idea and not a valid reason for anyone–but especially furries–to get involved with cryptocurrency. The legitimate reasons for furries to consider cryptocurrency are to protect porn artists and sex workers from the overreach of the conservative finance sector. To bank the […]
Crackpot cryptography, overconfidence, and attempts to defraud governments and private-sector startups.
Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function” in the title, you might have assumed this was going to be a blog post about password storage. (Passwords are the most common knee-jerk reaction […]
Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]
Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway.
An assortment of topics that don’t quite deserve their own dedicated blog post.
“You’re going to love this, trust me. What you’re seeing now is my normal state. This is a super-spreader. And this… This is what is known as a super-spreader that has ascended above a super-spreader. Or, you could just call this a super-spreader two. AND THIS. AND THIS IS TO GO EVEN FURTHER BEYOND!!” 2021 […]
Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]
Over the weekend, I decided to make an account on Furry Amino. My reasoning at the time was, “A lot of furries lurk there, I should see what it’s about.” That was a bad move that I’d like to discourage others from making. What’s Furry Amino? Furry Amino is a furry-centric community on the Amino […]
Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a […]
A question I often get–especially from cryptography experts: What is it with furries and Telegram? No, they’re almost certainly not talking about that. Most furries use Telegram to keep in touch with other members of our community. This leads many to wonder, “Why Telegram of all platforms?” The answer is simple: Stickers. Telegram was the […]
Earlier today, I made a Twitter shitpost that confused a lot of folks from the UK. Now, anyone can be forgiven for not knowing what AES-GCM-SIV is, or for being confused by the grammar of the meme. But the source of confusion was the word “nonce”. Let’s talk about what the word “nonce” means in […]
Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of side-channel cryptanalysis is one of the subjects I’m deeply fascinated by, and it’s something you’ll hear me yap about a lot on this blog in the future. […]
Briefly explaining the Infursec prevalence within InfoSec
Responding to “Our cybersecurity ‘industry best practices’ keep allowing breaches”
An Internet Marketer Offered Me $100 to Betray Myself and My Community
Join us on May 28 for World Dhole Day in support of the Dhole Conservation Fund.
#WhyIGotVaxxed
One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game. Tier lists are just […]
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how […]
Sexuality and the Furry Fandom.
I’m not going to mince words on this one. No, it’s not just you. No, it’s not your fault. No, nobody knows what to do about it. Recently, a lot of furry artists and content creators have expressed a sentiment of frustration and listlessness with their own work. (Both privately and publicly.) This is usually […]
How and why XSalsa20/XChaCha were designed, and why they’re secure.
The technology industry is hurt at every level by toxic gatekeeping.
Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings the Hidden Number attack to finite field Diffie-Hellman in TLS? And while this sort of research is important and fun, most software developers have much […]
Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)
Tales from the Crypt[ography].
The fatal flaw of Birdwatch’s current design and how it can be fixed.
“Sigma Male” is just the latest trend in pick-up artist/involuntary celibate/anti-feminist grifting.
RSA is for encrypting symmetric keys, not entire messages. Pass it on.
Welcome to the furry fandom, please enjoy your stay! ^w^
An opinionated curation of different classes of block ciphers, ranked by an opinionated furry.
The server for thedonald.win is hosted at 167.114.145.140. Read on to learn how I discovered this.
A recap of Dhole Moments in the year 2020.
As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you’ve used the same key to encrypt so much data that you should probably switch to a new key before you encrypt any more. Otherwise, […]