NRW.social

:openbsd: :vim: :lineageos2:<a href="https://cryptography.rs/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://cryptography.rs/</a><a href="https://fosstodon.org/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rust</a> <a href="https://fosstodon.org/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a>

F. Maury ⏚Hey cryptographers,this application is using the same symmetric secret to encrypt cookie values using AES-CBC: <a href="https://github.com/transloadit/uppy/issues/5705" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/transloadit/uppy/issues/5705</a>This will eventually wear-out the secret.I suggested deriving a different encryption key from the "secret" for every distinct document (i.e. a cookie value).Would it be "safe" to derive the key using the IV as the "info" parameter in HKDF?In "pseudocode", this would read like:``` aes_key = hkdf(salt=[0]*32, ikm=secret, info=iv, length=32) encrypt(aes_key, iv, plaintext) ```The idea of using the IV is to not add anything new to the cookie value. My understanding is that the info parameter is not supposed to be confidential, but how secure is it if it is attacker controlled? I don't see any attacks, but I am no specialist either...<a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://infosec.exchange/tags/help" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#help</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

SpaceLifeFormIf you lose your private key, you lose, and get to start over.6 day certificate expiration is security theatre. Why not 6 minutes?If you want to do this, use ECC, not RSA. Well, you should be using 25519 anyway.<a href="https://m.slashdot.org/story/440877" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://m.slashdot.org/story/440877</a><a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a>

Europa.blogQuantencomputer und die Zukunft der Verschlüsselung: Warum wir jetzt handeln müssen. <a href="https://europa.blog/de/quantencomputer-und-die-zukunft-der-verschluesselung-warum-wir-jetzt-handeln-muessen/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://europa.blog/de/quantencomputer-und-die-zukunft-der-verschluesselung-warum-wir-jetzt-handeln-muessen/</a> <a href="https://mastodon.social/tags/digitalisierung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#digitalisierung</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://mastodon.social/tags/emails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#emails</a> <a href="https://mastodon.green/@klute" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@klute</a> <a href="https://digitalcourage.social/@juergenklute" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@juergenklute</a>

NetzpalaverWie PKI in vier Schritten bereit für das Quantenzeitalter wird<a href="https://social.tchncs.de/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> @Keyfactor <a href="https://social.tchncs.de/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a> <a href="https://social.tchncs.de/tags/PostQuantumCryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PostQuantumCryptography</a> <a href="https://social.tchncs.de/tags/PQC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PQC</a> <a href="https://social.tchncs.de/tags/PublicKeyInfrastructure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PublicKeyInfrastructure</a> <a href="https://social.tchncs.de/tags/Quantencomputer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Quantencomputer</a> <a href="https://social.tchncs.de/tags/Verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Verschlüsselung</a><a href="https://netzpalaver.de/2025/04/14/wie-pki-in-vier-schritten-bereit-fuer-das-quantenzeitalter-wird/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://netzpalaver.de/2025/04/14/wie-pki-in-vier-schritten-bereit-fuer-das-quantenzeitalter-wird/</a>

Tedi HeriyantoWhy Rust is Perfect for Cryptography & Security: <a href="https://medium.com/@aannkkiittaa/why-rust-is-perfect-for-cryptography-security-e7938832f16d" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://medium.com/@aannkkiittaa/why-rust-is-perfect-for-cryptography-security-e7938832f16d</a><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rust</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a>

Compsci WeeklyPhysically Uncloneable Functions (PUFs)<a href="https://en.wikipedia.org/wiki/Physical_unclonable_function" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://en.wikipedia.org/wiki/Physical_unclonable_function</a>Discussions: <a href="https://discu.eu/q/https://en.wikipedia.org/wiki/Physical_unclonable_function" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://discu.eu/q/https://en.wikipedia.org/wiki/Physical_unclonable_function</a><a href="https://mastodon.social/tags/compsci" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#compsci</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a>

Peter N. M. Hansteenrpki-client 9.5 released <a href="https://www.undeadly.org/cgi?action=article;sid=20250412123402" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.undeadly.org/cgi?action=article;sid=20250412123402</a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openbsd</a> <a href="https://mastodon.social/tags/rpkiclient" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rpkiclient</a> <a href="https://mastodon.social/tags/rpki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rpki</a> <a href="https://mastodon.social/tags/bgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bgp</a> <a href="https://mastodon.social/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pki</a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#crypto</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/routing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#routing</a> <a href="https://mastodon.social/tags/bgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bgp</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networking</a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#freesoftware</a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#libresoftware</a>

Max Maass :donor:I love the fact that I am working in an industry where people write stuff like „If you’re using a standard AEAD mode in such a setup (wherein multiple keys are used), and you aren’t including key-commitment in your protocol design, you’re almost certainly prone to Invisible Salamanders.“It sounds like we‘re magicians. „Be careful with your spells, apprentice! One wrong syllable and you might be afflicted with a plague of invisible salamanders until the next full moon.“<a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a>

LeanpubSecurity Linux Toolkit <a href="https://leanpub.com/b/securitylinuxtoolkit" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://leanpub.com/b/securitylinuxtoolkit</a> by GitforGits | Asian Publishing House is the featured bundle of ebooks 📚 on the Leanpub homepage! <a href="https://leanpub.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://leanpub.com</a> <a href="https://mastodon.social/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://mastodon.social/tags/Networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Networking</a> <a href="https://mastodon.social/tags/Resiliency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Resiliency</a> <a href="https://mastodon.social/tags/ComputerSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComputerSecurity</a> <a href="https://mastodon.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://mastodon.social/tags/books" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#books</a> <a href="https://mastodon.social/tags/ebooks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ebooks</a>

Aaron Toponce ⚛️:debian:Great read on benchmarking the POSIX getentropy() function versus RAND_bytes() found in OpenSSL and forks for getting cryptographically secure random numbers.I'm not running the exact system that <a href="https://mendeddrum.org/@fanf" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fanf</a> is, but I'm seeing very different BoringSSL benchmark numbers (if I'm reading it correctly):$ ./bentropy-boring init openssl 48852 len entropy openssl 16 691 7156 64 758 6931 256 1362 7037 1024 5549 7707<a href="https://dotat.at/@/2024-10-01-getentropy.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://dotat.at/@/2024-10-01-getentropy.html</a><a href="https://fosstodon.org/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a>

UK<a href="https://www.europesays.com/uk/6166/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.europesays.com/uk/6166/</a> Quantum computing threat demands urgent CISO action plan <a href="https://pubeurope.com/tags/Australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Australia</a>(Australian) <a href="https://pubeurope.com/tags/BorderlessCS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BorderlessCS</a> <a href="https://pubeurope.com/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://pubeurope.com/tags/Computing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Computing</a> <a href="https://pubeurope.com/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://pubeurope.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://pubeurope.com/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataSecurity</a> <a href="https://pubeurope.com/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Encryption</a> <a href="https://pubeurope.com/tags/QuantumComputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#QuantumComputing</a> <a href="https://pubeurope.com/tags/Risk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Risk</a>&Compliance <a href="https://pubeurope.com/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RiskManagement</a> <a href="https://pubeurope.com/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://pubeurope.com/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UK</a> <a href="https://pubeurope.com/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UnitedKingdom</a>

Taffer 🇨🇦 :godot:I’m at ICMC in Toronto this week, anybody else here?This would probably get more action if I was on infosec.exchange… 😅<a href="https://mastodon.gamedev.place/tags/icmc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icmc</a> <a href="https://mastodon.gamedev.place/tags/icmc2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#icmc2025</a> <a href="https://mastodon.gamedev.place/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://mastodon.gamedev.place/tags/postquantum" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#postquantum</a> <a href="https://mastodon.gamedev.place/tags/postquantumcryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#postquantumcryptography</a>

WenIt is not really progress, but the Home Office a notoriously cavalier and badly run organisation (remember Windrush amongst others) needs to be held to public account. There is nothing they would like more than absolute secrecy, a cowed press and a frightened and subdued opopulation. <a href="https://www.theguardian.com/politics/2025/apr/07/uk-home-office-loses-attempt-to-keep-legal-battle-with-apple-secret" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theguardian.com/politics/2025/apr/07/uk-home-office-loses-attempt-to-keep-legal-battle-with-apple-secret</a>Governments of all shades have encouraged them to act in this way since they were established. <a href="https://mastodon.scot/tags/Secrecy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Secrecy</a> <a href="https://mastodon.scot/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://mastodon.scot/tags/HomeOffice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HomeOffice</a> <a href="https://mastodon.scot/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://mastodon.scot/tags/UkPol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UkPol</a> <a href="https://mastodon.scot/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Apple</a>

EPFL⚛️ 🔒Professor Thomas Vidick joined EPFL in late 2024. He works on problems at the interface of quantum information, theoretical computer science and cryptography.<a href="https://social.epfl.ch/tags/QuantumInformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#QuantumInformation</a> <a href="https://social.epfl.ch/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://social.epfl.ch/tags/TechResearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechResearch</a> Read more: <a href="https://go.epfl.ch/kwA-en" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://go.epfl.ch/kwA-en</a>

Sven Ruppert<a href="https://mastodon.social/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Java</a> Cryptography Architecture (JCA) - An Overview Provider-based crypto framework enables secure hashing, digital signatures, key management & more — all modular, extensible, and ready for real-world security needs. <a href="https://mastodon.social/tags/JavaSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JavaSecurity</a> <a href="https://mastodon.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptography</a> <a href="https://mastodon.social/tags/JCA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JCA</a> <a href="https://mastodon.social/tags/SecureCoding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecureCoding</a> <a href="https://svenruppert.com/2025/04/03/java-cryptography-architecture-jca-an-overview/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://svenruppert.com/2025/04/03/java-cryptography-architecture-jca-an-overview/</a>

Alexander Hansen FærøyThis is undoubtedly the most promising Post-Quantum TLS deployment situation I have seen for <a href="https://mastodon.social/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a> since we started discussing it more actively in the team. Very exciting!I hope that OpenSSL 3.5, when released, will make it into <a href="https://mastodon.social/tags/Debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Debian</a> Trixie. That would make deployment of this so much more snappy and easy for the Tor network to upgrade, but that may be dreaming. The timelines here look quite difficult for that to happen, but let's hope.<a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://mastodon.social/tags/pqc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pqc</a> <a href="https://mastodon.social/tags/pqcrypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pqcrypto</a>

F. Maury ⏚I just published two cryptography attacks on Uppy Companion, a tool for downloading/uploading documents from various cloud storage providers.<a href="https://github.com/transloadit/uppy/issues/5705" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/transloadit/uppy/issues/5705</a><a href="https://github.com/transloadit/uppy/issues/5706" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/transloadit/uppy/issues/5706</a>These attacks allow the recovery of the access tokens/refresh tokens of the various cloud provider, enabling an attacker having access to a stolen encrypted cookie value to get access to the cloud storage.Once again, people: do not roll your own crypto! 😮‍💨 Using plain AES-CBC, deriving secrets with SHA256 and the sign-then-encrypt paradigm are not best practices.<a href="https://infosec.exchange/tags/uppy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#uppy</a> <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://infosec.exchange/tags/aes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aes</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/disclosure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disclosure</a>

Nick MathewsonWhat's the current consensus on whether I should worry about Grover's algorithm when choosing symmetric cryptography?<a href="https://abyssdomain.expert/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a> <a href="https://abyssdomain.expert/tags/quantum" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#quantum</a>

Compsci WeeklyflAIrng-NG - AI powered quantum safe random flair generator, get your random flair today!<a href="https://docs.google.com/spreadsheets/d/e/2PACX-1vTd0FcP81kpoauk6JTYwGaC964XMGlfoisnFVg_mVkYLGfncn_jhaU12e1l7Jc5ROcHI73TohEsEvqt/pubhtml" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://docs.google.com/spreadsheets/d/e/2PACX-1vTd0FcP81kpoauk6JTYwGaC964XMGlfoisnFVg_mVkYLGfncn_jhaU12e1l7Jc5ROcHI73TohEsEvqt/pubhtml</a>Discussions: <a href="https://discu.eu/q/https://docs.google.com/spreadsheets/d/e/2PACX-1vTd0FcP81kpoauk6JTYwGaC964XMGlfoisnFVg_mVkYLGfncn_jhaU12e1l7Jc5ROcHI73TohEsEvqt/pubhtml" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://discu.eu/q/https://docs.google.com/spreadsheets/d/e/2PACX-1vTd0FcP81kpoauk6JTYwGaC964XMGlfoisnFVg_mVkYLGfncn_jhaU12e1l7Jc5ROcHI73TohEsEvqt/pubhtml</a><a href="https://mastodon.social/tags/compsci" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#compsci</a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cryptography</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#cryptography