Dhole Moments, Soa Talks, and Other Bad Puns…

Cryptographic Wear-Out for Symmetric Encryption

As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you’ve used the same key to encrypt so much data that you should probably switch to a new key before you encrypt any more. Otherwise, […]

Putting Scammers on Scan on Twitter

Earlier tonight, someone decided to change their Twitter handle and display name to impersonate a furry and solicit money to the scammer’s PayPal account. This is the same kind of lazy technique that script kiddies use to phish people for passwords, but more targeted. The goal is to dupe someone into sending the scammer money […]

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]


Something went wrong. Please refresh the page and/or try again.

Follow My Blog

Get new content delivered directly to your inbox.