"presenting a cornucopia of practical attacks".

These are my favorite words ever to have occurred in a cryptography paper.

You mean Professor Matilda Backendal! 😉

Security through transparency: ETH Zurich audits Bitwarden cryptography against malicious server scenarios | Bitwarden A new in-depth security report is available, continuing the Bitwarden commitment to transparency and trusted open source security. The audit, conducted by the prestigious Applied Cryptography Group at...

Check out the excellent responses by @bitwarden.bsky.social (bitwarden.com/blog/securit...), @dashlane.com (www.dashlane.com/blog/zero-kn...) and @lastpass.bsky.social (blog.lastpass.com/posts/detail...).

It was really great to working with these companies, and a uniquely smooth disclosure process!

Frog and Toad with a box illustration. Badly edited text. Frog put the KEY in a box. "There," he said. "Now we will not SIGN MALICIOUS MESSAGES." "But we can ASK THE HSM," said Toad. "That is true," said Frog.

I always assumed that #passwordmanagers were simple objects -- create a database, encrypt it, send it to the server, done. I could not have been more wrong!

At zkae.io, we take a look at all the hidden complexity in cloud password managers, and the #attacks that result from that. (ia.cr/2026/058)

Do you use a cloud-based password manager? So what's your threat model?

Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."

We decided to test this… 1/n

FYI, this is going live tomorrow morning! :)

We wanted a link to the full version for our camera-ready, without having to maintain a redirect (inevitably subject to bit rot). We cleared the submission with the eprint editors in advance (kudos Sofia and Matthias for being super responsive!).

The call for talks for CAW 2026 (a workshop affiliated with Eurocrypt) is out!

This year's motto is "cryptography under real-world constraints and threat models", but other applied cryptography is also very welcome.

All info is on: caw.cryptanalysis.fun.

This year, #CAW offers the option for remote participation to make our Eurocrypt workshop accessible to the members of our community that cannot or prefer not to travel to Madrid.

Register on our website before May 2 (free): caw.cryptanalysis.fun

The updated program is below.

Our latest work is out! Breaking and repairing Content-Defined Chunking, with impact across
multiple backup systems. Read Kien Tuong Truong’s blog here: blog.ktruong.dev/breaking-cdc