Categories
Furry Fandom

The World Needs More Furry Bloggers

Despite the awesomeness and diversity that the furry fandom offers the world, there is a very narrow subset of furry content creation that has attained popular appeal within our community. If you want to create and share furry art, there are at least a half dozen furry websites dedicated to furry art (including FurAffinity). If […]

Categories
Featured Furries

Fuzzball Storytime – “The Fandom”: A Blast From the Past

Moonraiser from Fuzzballstorytime.com published a review of the documentary film made by Ash Coyote called “The Fandom”. One thing I like most about this film is its representation of the LGBT community. It is a community that has faced many challenges over the years, but with the help of the furry fandom LGBT members have […]

Categories
Cryptography Technology

How To Learn Cryptography as a Programmer

A question I get asked frequently is, “How did you learn cryptography?” I could certainly tell everyone my history as a self-taught programmer who discovered cryptography when, after my website for my indie game projects kept getting hacked, I was introduced to cryptographic hash functions… but I suspect the question folks want answered is, “How […]

Categories
Uncategorized

#PrideMonth

I rarely think about the labels that describe me. That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and we’ve been able to cultivate an environment where I’m not constantly reminded of why I don’t “belong”. (It took many grueling years to achieve that, […]

Categories
Furry Fandom Technology

Furward Momentum – Introduction

I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set the stage a bit. The Situation Today (By “Today”, I mean early May 2020, when I started writing this series.) In […]

Categories
Cryptography

Learning from LadderLeak: Is ECDSA Broken?

A paper was published on the IACR’s ePrint archive yesterday, titled LadderLeak: Breaking ECDSA With Less Than One Bit of Nonce Leakage. The ensuing discussion on /r/crypto led to several interesting questions that I thought would be worth capturing and answering in detail. What’s Significant About the LadderLeak Paper? This is best summarized by Table […]

Categories
Cryptography

Why AES-GCM Sucks

If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implementations of cryptography, and my years of experience in this field have led me to dislike AES-GCM. This post is about why I dislike AES-GCM’s design, not […]

Categories
Furry Fandom Online Privacy

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Update (2021-01-09): There’s a newer blog post that covers different CloudFlare deanonymization techniques (with a real world case study). Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission. Understandably, the photographers and fursuiters whose work was ripped off by […]

Categories
Cybercrime

Fraudulent Apps on the Google Play Store: COVID-19 Contact Tracing Edition

Cryptographers around the world are still designing privacy-preserving contact tracing systems for combating the spread of COVID-19. Even though some papers have been published (one using zero-knowledge proofs, another based on blockchain (sigh)), the ink is still very wet. The first framework designed by Apple and Google needs work but was surprisingly not god-awful. That […]

Categories
Cryptography

Putting the “Fun” in “Hash Function”

There are several different methods for securely hashing a password server-side for storage and future authentication. The most common one (a.k.a. the one that FIPS allows you to use, if compliance matters for you) is called PBKDF2. It stands for Password-Based Key Derivation Function #2. Why #2? It’s got nothing to do with pencils. There […]

Categories
Cryptography

Hedged Signatures with Libsodium using Dhole

In 2017, cryptography researchers from Kudelski Security demonstrated practical fault attacks against EdDSA (specifically Ed25519; RFC 8032). Their techniques are also applicable to Deterministic ECDSA (RFC 6979), and potentially work against any deterministic signature scheme (n.b. the Fiat-Shamir or Schnorr distinction isn’t meaningful in this context). Although that might seem alarming, fault attacks aren’t especially […]

Categories
Furry Fandom Humor

Furiosity Thrilled the Cat: Questions People Ask About the Furry Fandom

Art by Kyume. Search engines have this feature where if you start to type a question, it will attempt to predict your question based on what other people have asked. This has some hilarious consequences. Sometimes this feature gets gamed by large hordes of shitty people (read: 4chan) typing provocative questions into search engines. Let’s […]

Categories
Humor Software Security

Why Server-Side Input Validation Matters

Update (2020-04-29): Twitter has fixed their oversight. Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text. The original article follows after the separator. I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve […]

Categories
Cryptography

A Furry’s Guide to Digital Signature Algorithms

Let’s talk about digital signature algorithms. Digital signature algorithms are one of the coolest ideas to come out of asymmetric (a.k.a. public-key) cryptography, but they’re so simple and straightforward that most cryptography nerds don’t spend a lot of time thinking about them. Even though you are more likely to run into a digital signature as […]

Categories
Furry Fandom

Never Underestimate the Furry Fandom

My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs. …Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I […]

Categories
Video Games

What Your Favorite Video Game Genre Says About Your Moral Character

My friends play a lot of video games, and I sometimes join them, but more often I just observe. And over the years of observing, I’ve noticed a few things worth sharing. Every video game is somewhat different and the lines can sometimes be a bit blurry, but with a few exceptions, the concept of […]

Categories
Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]

Categories
Cryptography

Elliptic Curve Diffie-Hellman for Humans and Furries

Suppose you need to encrypt data between two peer-to-peer devices over an untrusted medium (i.e. the Internet), and you have an authenticated low-bandwidth channel that can be used to send and authenticate a few bytes (less than 100), but that channel isn’t itself encrypted (otherwise it’d be a chicken-and-egg problem). Aside: If it helps your […]

Categories
Cryptography

Authenticated Key Exchanges

Authenticated Key Exchanges are an interesting and important building block in any protocol that aims to allow people to communicate privately over an untrusted medium (i.e. the Internet). What’s an AKE? At their core, Authenticated Key Exchanges (AKEs for short) combine two different classes of protocol. An authentication mechanism, such as a MAC or a […]

Categories
Meta

Welcome to Soatok.blog

Hi, I’m Soatok! I’m a bit of what you might call a nerd. This will the future home of my musings, side projects, and research notes. You can expect less “here’s me explaining a thing I’m an expert in” and more “here’s me writing about learning new stuff”. I will also be writing about the […]