Cryptography Vulnerability

Timing Attack on SQL Queries Through Password Reset

Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your account is at risk, good news: I didn’t publish it until after the vulnerability was mitigated, so you’re safe. You don’t need to change your passwords or anything. This write-up is purely for education […]

Social Media

Twitter’s Birdwatch is Fundamentally Flawed

The fatal flaw of Birdwatch’s current design and how it can be fixed.

Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]