A thread in which @sockpuppet.org presents some of the juiciest morsels from our paper at zkae.io :

A very nice blogpost explaining our work - slices right through the marketing from the vendors: medium.com/reading-sh/y...

We didn’t go as deep on 1password as the others. Probably some interesting things still to be found there.

@dashlane.com advisory: support.dashlane.com/hc/en-us/art...

Password managers less secure than promised Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored pas...

ETH news article abkut the work: ethz.ch/en/news-and-...

Now we can finally tell you about all 27 of them: zkae.io

Paper to appear at USENIX Security 2026: eprint.iacr.org/2026/058

Joint work with Matilda Backendal, Matteo Scarlata, Giovanni Torrisi

In this "malicious server" threat model, we found a total of 27 vulnerabilities across Bitwarden, Dashlane, LastPass and 1Password.

More than half of them lead to compromise of your passwords.

Do you use a cloud-based password manager? So what's your threat model?

Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."

We decided to test this… 1/n

Miracle of miracles: Deutsche
Bahn runs almost on time!

Almost in Karlsruhe for this talk. Looking forward to some great discussions with the KIT crypto and security community.

Degree-Off

"The heroes of my fields have slain one of the four horsemen of the apocalypse, while the heroes of your field gathered in the desert to create a new one" is such a clear, brutal rebuttal to Manhattan Project mythology, and now the most venal idiots alive are bringing back diseases because they can.

The sun still rises. And it will continue to do so. Long after the fascists are gone.

Submission week for the Cryptographic Application Workshop (CAW), an affiliated event at Eurocrypt'26 in Rome! Please submit your talk proposals on constructive real-world crypto using the following instructions before Jan 23, 2026 AoE. All infos on: caw.cryptanalysis.fun.

I insisted that Nadhim Zahawi delete this tweet before joining us, because one of our rules is that everyone in Reform UK has to pretend that I’m not racist.

Achievement unlocked: I finished the Private Eye Christmas cryptic crossword (#820). It’s a right corker, thanks to Cyclops for providing the much appreciated Yuletide mental gymnastics! @privateeyenews.bsky.social

Cat sitting on a wall with a doubtful look on its face.

Doubting Tomcat.

Some great talks to come at #RWC026 including 5 (!) from the Applied Cryptography research group @csateth.bsky.social on topics including Signal’s security, designing SecureDrop Next Generation, fuzzing of crypto libraries…. and one mystery topic still under embargo.

Winter sun on Zuriberg.

Nah, I just need more coffee!

When I read “was” I feared the worst. Glad to hear Alfred is alive and kicking (and still having impact).

Two carved wooden heads on a Swiss bridge, both looking startled.

Catching up on recent posts on the CFRG mailing list.

Good luck - hope everything goes smoothly and the course is a hit!

I like it! New mascot for the group.

Do I let this guy stay in the garage or gently remove him to a nice damp bit of garden?

Curve25519 is a false friend. Also isn’t it “defence” rather than “defense”? 🇬🇧

Would it be too salty to say how reassuring it is to find so many new experts in quantum computing and post quantum cryptography suddenly popping up over on LinkedIn?

New reading material dropped.

RWC 2026 call for papers Real World Crypto Symposium

The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...