#cryptography
These are public posts tagged with #cryptography. You can interact with them if you have an account anywhere in the fediverse.
@MixMistressAlice@todon.eu"Governments around the world have frequently proposed technical mechanisms to bypass encryption and allow access to messages for investigations. Cryptographers and technologists have repeatedly and definitively warned, though, that any backdoor created to access end-to-end encrypted communications could be exploited by hackers or authoritarian governments, compromising everyone’s safety. Additionally, it is likely that criminals would find ways to continue to use self-made encryption tools to conceal their messages, meaning that backdoors in mainstream products would succeed at undermining protections for the public without eliminating its use by bad actors."—Matt Burgess
A New Era of Attacks on Encryption Is Starting to Heat Up >
https://www.wired.com/story/a-new-era-of-attacks-on-encryption-is-starting-to-heat-up/
#privacy #encryption #PrivacyRights #cryptography #GDPR vs #ChatControl #backdoor #authoritarianism #technocracy #EU
Post Quantum Migration of Tor. It will be interesting to see when the Tor Project starts implementing #PQC in arti and tor:
https://eprint.iacr.org/2025/479.pdf #cryptography #tor #privacy
Constant-Time Code: The Pessimist Case
https://eprint.iacr.org/2025/435
Discussions: https://discu.eu/q/https://eprint.iacr.org/2025/435
This note discusses the problem of writing cryptographic…
IACR Cryptology ePrint ArchiveЛюдей можно подкупить, заставить, чтобы получить данные, но математику не подкупить, не замучать, цифры не лгут, помните это.
Please DO NOT ask me to comment on this newly published "proof" of P != NP.
P vs NP problem is the most important unresolved…
IACR Cryptology ePrint ArchiveStatus Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process
https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8545.pdf
Discussions: https://discu.eu/q/https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8545.pdf
NIST selects HQC as backup post
quantum cryptography algorithm in case there are issues with ML-KEM.
#cryptography #standards #nist #cryptomeanscryptography
#quantum #technology
The new algorithm will serve as a backup for the general…
NISTIn a brave act of selecting things, #NIST finally lands on a fifth post-quantum #encryption algorithm, because apparently four wasn't enough to confuse everyone. 
Meanwhile, the internet collectively yawns while pretending to read about cryptographic acronyms that sound like bad WiFi passwords. 
https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption #postquantum #cryptography #cybersecurity #technews #HackerNews #ngated
The new algorithm will serve as a backup for the general…
NIST
As a developer with only enough #cryptography and #CyberSecurity experience to know I don't know enough to trust my own judgements...
If I wanted to add offline functionality to a browser app via PWA mechanisms... (even not offline, local caching to aid performance and save server calls)
Is there anything fundamentally wrong with using the user's password (or some in memory key derived from the password) and web-crypto for the encryption of the data before it goes into local storage?
Google's Tink crypto lib: EdDSA potentially exploitable implementation
https://x.com/kostascrypto/status/1897619742413791353
Discussions: https://discu.eu/q/https://x.com/kostascrypto/status/1897619742413791353
A security tip to @Google’s team behind the Tink Java…
X (formerly Twitter)seems my #introduction didn't migrate so here we are.
hello. i used to be on fosstodon at @jabster28@fosstodon.org, but running my own seemed fun so now i'm on my own #sharkey instance at mace.lol
i'm currently in university for a computer science degree (no i won't be homeless.). i do a lot of #programming and like to mess around with general #devops stuff (containerisation and networking mostly) in my free time, a lot of my mini projects revolve around automating this or that and making it work with everything else i have in my own ecosystem.
i #selfhost a lot of services for ephemeral file sharing and password management etc.
my main languages are #javascript / #typescript and #rust but i've been wanting to learn some #cpp or c# recently (i don't always want a program that's 1000% correct, cargo.)
(also css is genuinely an a tier language. insanely fit for purpose.)
i do some #networking and find it pretty fun mostly
i play a lot of #splatoon in my free time. i'm also fond of #mahjong, #minesweeper, and #tetris (modern tetris (usually techmino), not the official app) to sink my time into if i'm on my phone or something.
some more stuff i'm into that's probably more fringe:
#wikipedia editing is pretty fun, though it's rare that i'll get a chance to correct/add to an article that i know about and can source. doing coi requests is cool, though, you see some really interesting people
i'd love to be able to do #cooking faster but i feel that's only possible with enough time or money to cook when you don't need to (i have neither)
#libraries are really cool and i'd love to go to more of them and document them. working at one seems fun also
slightly related but i wouldn't mind getting better at #photography at some point (maybe make a pixelfed account?)
my only major political stance on here would probably be that #privacy is a fundamental human right, and a lot of things online right now don't let you control that as well as you should
i guess that leads into me liking #monero, there's not many other ways you can transfer wealth to someone without anyone else snooping. no, b*tcoin doesn't count, it's simply not fit for purpose.
that also goes into #cryptography i suppose. the mathematics inside things like ecdh is pretty beautiful. one of the reasons i'm going to university is to eventually be able to fully understand elliptic curves and a lot of the cryptography we use nowadays.
that's it, thanks for coming to my ted talk. make sure to smash that like button, subscribe, and hit the red bell to get notifications when i upload. also be sure to donate to my patreon and ko-fi, link's in the description. you can also buy the product from this video's spons-
okay i'm done
you should do a random act of kindness today. maybe tomorrow. or not, i'm not your mom.
#AI #art #cryptography #DunningKruger
'Near the CIA headquarters in Langley, Virginia, there is a sculpture known as Kryptos. It has been there since 1990 and contains four secret codes—three of which have been solved. The final one has gone 35 years without being decrypted. And, according to a report from Wired, the sculptor responsible wants everyone to know that you are not solving the damn thing with a chatbot.'
Please give Jim Sanborn some peace.
GizmodoGizmodo: Chatbots Convinced Idiots They Cracked the Code on a Sculpture in the CIA’s Backyard. “Near the CIA headquarters in Langley, Virginia, there is a sculpture known as Kryptos. It has been there since 1990 and contains four secret codes—three of which have been solved. The final one has gone 35 years without being decrypted. And, according to a report from Wired, the sculptor […]
One of my major complaints about existing software systems that claim to be "E2EE" is that they often don't provide a clear description to how their key management actually works.
This is a mistake. This information must be readily available to the users of these systems, as understanding what and where their keys are is critical for preserving both the security and availability of their private data.
One possibility is that your password could be your key to end-to-end encryption, if your service provider does it right.
Most authentication systems don't do it right, making this proposition untenable for many/most existing password database deployments.
I made a password hash function that automatically preserves the possibility of using passwords as keys so long as it is deployed as a client-side prehash function:
https://hackage.haskell.org/package/g3p-hash-2.0.0.0
Most authentication systems see plaintext versions of the password as part of the authentication process. If a plaintext password has ever been disclosed to your authentication server, using that password as a cryptographic key is not ideal.
The better thing to do is to encourage users to change to a random passphrase as part of the migration, and ensure that your authentication servers never see those newly generated passphrases.
My latest "Bringing PGP to the 21st Century" update:
I’ve set up WKD for all my "public-facing" identities, with both direct and advanced methods working across the relevant domains. I’ve also uploaded all my keys to Keybase, OpenPGP, and Ubuntu keyservers. I even even generated a QR code with the openPGP4FPR URI scheme: https://openpgpkey.accioly.social/
PGP experts, am I missing anything?
#WKD #PGP #OpenPGP #EmailSecurity #DigitalSecurity #Encryption #Cryptography
Combined Crypto, Anglo-American Style - If you think about military crypto machines, you probably think about the infamous... - https://hackaday.com/2025/03/06/combined-crypto-anglo-american-style/ #cryptography #history
If you think about military crypto machines, you probably…
Hackaday@sebsauvage @titaniumbiscuit not all classic e-mail providers work equally well but many do. Since #chatmail entered the global e-mail server network 14 months ago, and we introduced instant-onboarding april 2024, we de-emphasize #gmail #outlook and #iCloud and don't perform "free" work to help them continue to dominate. Instead we put our energy into growing the chatmail server network which does away with spam/rate-limit problems by design. Everything is based on #interoperable #cryptography .