Earlier today, I made a Twitter shitpost that confused a lot of folks from the UK. Now, anyone can be forgiven for not knowing what AES-GCM-SIV is, or for being confused by the grammar of the meme. But the source of confusion was the word “nonce”. Let’s talk about what the word “nonce” means in […]
Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of side-channel cryptanalysis is one of the subjects I’m deeply fascinated by, and it’s something you’ll hear me yap about a lot on this blog in the future. […]
Briefly explaining the Infursec prevalence within InfoSec
Responding to “Our cybersecurity ‘industry best practices’ keep allowing breaches”
An Internet Marketer Offered Me $100 to Betray Myself and My Community
Join us on May 28 for World Dhole Day in support of the Dhole Conservation Fund.
One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game. Tier lists are just […]
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how […]
Sexuality and the Furry Fandom.
I’m not going to mince words on this one. No, it’s not just you. No, it’s not your fault. No, nobody knows what to do about it. Recently, a lot of furry artists and content creators have expressed a sentiment of frustration and listlessness with their own work. (Both privately and publicly.) This is usually […]
How and why XSalsa20/XChaCha were designed, and why they’re secure.
The technology industry is hurt at every level by toxic gatekeeping.
Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings the Hidden Number attack to finite field Diffie-Hellman in TLS? And while this sort of research is important and fun, most software developers have much […]
Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)
Tales from the Crypt[ography].
The fatal flaw of Birdwatch’s current design and how it can be fixed.
“Sigma Male” is just the latest trend in pick-up artist/involuntary celibate/anti-feminist grifting.
RSA is for encrypting symmetric keys, not entire messages. Pass it on.
Welcome to the furry fandom, please enjoy your stay! ^w^
An opinionated curation of different classes of block ciphers, ranked by an opinionated furry.
The server for thedonald.win is hosted at 184.108.40.206. Read on to learn how I discovered this.
A recap of Dhole Moments in the year 2020.
As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you’ve used the same key to encrypt so much data that you should probably switch to a new key before you encrypt any more. Otherwise, […]
Earlier tonight, someone decided to change their Twitter handle and display name to impersonate a furry and solicit money to the scammer’s PayPal account. This is the same kind of lazy technique that script kiddies use to phish people for passwords, but more targeted. The goal is to dupe someone into sending the scammer money […]
Vega of Opinionated Guides (OpGuides for short) recently asked to interview me for their website hosted on Github Pages. You can read the interview here if that strikes your fancy. Opinionated Guides is a quite excellent learning resource for various topics ranging from engineering to art, music, and philosophy. One thing I really like about […]
Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]
Governments are back on their anti-encryption bullshit again. Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia’s new anti-encryption law, it’s become clear that the authoritarians in office view online privacy as a threat to their existence. Normally, when the governments increase their anti-privacy sabre-rattling, technologists start talking more […]
How to more effectively report abuse to social media companies like Twitter.
We’ve more-or-less all been coping with the pandemic since early March. During this time, I’ve seen a lot of people stressed and depressed to their breaking points, usually while also blaming themselves for not being able to bottle their feelings up and believing no one else is at their limit. And that’s simply not true. […]
Earlier this week, security researcher Ryan Castellucci published a blog post with a somewhat provocative title: DKIM: Show Your Privates. After reading the ensuing discussions on Hacker News and Reddit about their DKIM post, it seems clear that the importance of deniability in online communications seems to have been broadly overlooked. Security Goals, Summarized When […]
Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers. This is a good move, especially for people living in countries with inept leadership that failed to address the COVID-19 pandemic and therefore need to conduct their work and schooling remotely through software like Zoom. I […]
Why blog about cryptography as a furry?
If living through the COVID-19 pandemic has taught us anything–and it surely hasn’t–it would be the importance of friendship and community to our physical and emotional well-being. For more on the subject of People Who Ought to Know Better Not Learning the Obvious Lessons from Misfortune, one needs look no further than social media. Popularity […]
A frequent source of confusion in the furry fandom is about commission pricing for furry art. This confusion is often driven by (usually younger) furries demanding free or severely cheap art from artists, and the aftermath of such exchanges. There’s a reason @SpicyFurryTakes posts so frequently. In the interest of not adding to the confusion, […]
I dislike politics in general. That doesn’t mean I don’t write about it when it’s relevant, but I’m always less happy with any of my writing that touches on these subjects. I usually feel obligated to condemn these pieces to Draft status in perpetuity. It’d be great if we lived in a world where I […]
Tonight on InfoSec Twitter, this gem was making the rounds: Hello cybersecurity and election security people,I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of you have a habit of swearing right in the middle of an otherwise deeply insightful tweet that I’d like to use. Please consider not doing this. Best,Joe Identity […]
This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis. Cryptography engineering is one of many specialties within the wider field of security engineering. Security engineering is a discipline that chiefly concerns itself with studying how systems fail in order to build better systems–ones that are […]
Serious question: Why doesn’t the Furry Fandom have more comedians? I don’t mean racist loudmouth assholes who wouldn’t know a good joke if it cup-checked them every day after their second cup of coffee for a week straight (i.e. the racist birdbrain). I also don’t mean external comedians making lazy jokes at the expense of […]
There’s an old adage on the Internet: “Don’t feed the trolls.” The reasoning for such an argument is kind of a proof by induction if you squint hard enough at its structure: If you don’t feed the trolls, they’ll have to look elsewhere to get the engagement they crave. If you iterate the advice and […]
Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware. Depending on your persuasion, the previous sentence sounds like either needless pedantry, or it reads like tautology. But we need to be clear on our terms. Educational spyware is […]
Since the IETF’s CFRG decided to recommend OPAQUE as a next-generation Password Authenticated Key Exchange, there has been a lot of buzz in the cryptography community about committing authenticated encryption (known to the more academically inclined as Random Key Robustness), because OPAQUE requires an RKR-secure AE scheme. Random Key Robustness is a property that some […]
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]
Being a furry is like: Every once in a while, you’ll stumble across an enormous contingent of the furry fandom that you were entirely unaware of for years. Sure, you’d expect artists to be furry, but when you’ve run down the checklist of possible hobbies or professions to the point that furry doctors, furry lawyers, […]
As American students are preparing to return to the classroom during a pandemic–in flagrant disregard of everything ranging from our scientific understanding to matters of good taste–we keep hearing from politicians how essential education is. Of course, if they actually believed the words coming out of their mouth, you’d expect them to be a little […]
Some of you may be surprised to learn that my fursona is not a fox, nor a wolf; nor is it a fictitious fox-wolf hybrid popular within the furry fandom (which is usually called a “folf”). No, my fursona is a dhole, which is a real species of endangered wild dogs from Southeast Asia. The […]
Earlier this week, NIST announced Round 3 of the Post-Quantum Cryptography project and published their rationale for selecting from the Round 2 candidates. NIST did something clever this time, and Round 3 was separated into two groups: Finalists and Alternative Candidates. Finalists are algorithms that NIST (and the majority of the cryptographers involved in NIST’s […]
This is a bit different from my usual blog post, insofar as I don’t have much of a point except that I’m tired of repeating myself. The other day, I was frustrated about Pinterest clogging up the Google Image Search results and tweeted a really simple and well-known life-hack to counteract their search engine manipulation. […]
I recently needed to find an image that I didn’t have saved on my computer in order to share with a group chat. For laughs. Naturally, I did the first thing most of us do when that happens: I typed the query into Google’s Image Search. To my dismay, all of the first results were […]
Historical Context of Iota’s Hash Functions Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following: In response to this research, the Iota developers threatened to sue the researchers. Iota replaced Curl-P-27 with a […]