Categories
Cryptography Software Security

Cryptographic Agility and Superior Alternatives

Cryptographic agility is a vaguely defined property, but is commonly understood to mean, “Able to quickly swap between cryptographic primitives in response to new attacks.” Wikipedia defines cryptographic agility as: Cryptographic agility is a practice paradigm in designing information security protocols and standards in a way so that they can support multiple cryptographic primitives and […]

Categories
Software Security

When Soatok Used Bugcrowd

and Got Banned for Doing the Right Thing

Categories
Cryptography Software Security

Threema: Three Strikes, You’re Out

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Categories
Cryptography

Timing Attack on SQL Queries Through Lobste.rs Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

Categories
Badness Cryptography Software Security

On The Toxicity of Zed A. Shaw

Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)