The Joy of Cryptography!

joyofcryptography.com

A copy of Cryptography Engineering by Ferguson, Schneier, and Kohno with a sticker on it reading “Warning! Memetic Hazard. Artifact contains virulent information capable of infecting human thought. Artifact cannot be accessed without proper security protocols active at all times. ALL EXPERIMENTATION PROHIBITED. SCP#: pending. Class: Keter. Omega Threat: Y [ ] N [X]. WARNING: MAC-Then-Encrypt Considered Harmful”

After a stern scolding from a cryptographer colleague, my copy of his followup now sports this warning label

Holy fuck, enough of this.

If you're in Arizona, contact your lawmakers.

Allowing shitty regions to dictate the law for the entire Internet is going to ruin the one thing we still (kinda) have left.

Fight this.

Also it's incredibly obvious, and has been from the beginning, that lawmakers are going to latch onto this hard as a way to erode privacy.

Safety is almost always an excuse.

Carelessness versus craftsmanship in cryptography Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.

"aes-js and pyaes provide a default IV in their AES-CTR API"

*screams*

blog.trailofbits.com/2026/02/18/carelessness-...

Verification Theatre: False Assurance in Formally Verified Cryptographic Libraries Every formally verified system embeds a verification boundary: the interface between code with machine-checked proofs and code that is trusted without them. We study what happens when this boundary is...

MASSIVE rewrite of my Verification Theatre paper now on ePrint with added:

- Three new bugs that are *inside* libcrux's verified core,
- Comparison to Amazon's verified LibCrypto components,
- Many additional sections, discussion and details!

Huge rewrite! Go read it! eprint.iacr.org/2026/192

The showed us cute missing dogs & we consented to turning our doorbell cameras into a mass human tracking system.

Mark my words, Ring's Search Party will become the next Flock.

Only instead of just being sketchy cameras installed in parking lots, it will be everywhere. That's their play.

He came alive 😱

Guys if you see observers thank them. There’s real stress and burnout in the ranks right now. People understand they are waking up every day to chase and monitor federal thugs who can execute them. But they keep doing it nonstop to protect their neighbors

What is to give light must endure burning.

— Viktor Frankl

Seems unfair that you only get to use the bouncy slide to get off a plane when things have gone wrong. The bouncy slide should be a treat they give to the best passengers who did the flight correctly.

The pink people on this website just need to all get together and stop playing prisoner’s dilemma games.

yeah. let’s serialize pointer offsets, send them over the network to other people, then fix them up when they get back. what’s the worst that could happen. live a little

candle on wood

Happy solstice! ❄️🌲

Lessons Learned from a Typosquatted Audit Report - Least Authority We identified and addressed a typosquatting issue promptly, but the incident reinforced why authenticity and provenance matter deeply in security reporting.

We recently discovered an unauthorized, modified version of one of our audit reports shared online via a deceptive URL. While we quickly resolved the issue, it served as a reminder of the importance of authenticity and provenance in security reporting. leastauthority.com/blog/lessons...

I think it’s pretty clear at this point that one of the main impacts of LLMs is to disrupt thinking: to make it so that far too many people never properly learn how to do it, and then to control the output so there are thoughts that people never learn how to think.

An example, here asking to recreate in LaTeX the definition of a pseudorandom number generator

In case you aren't already aware of one of the nerdiest, nich-est online games: TeXnique, where the goal is to type LaTeX formulae as quickly as possible. texnique.xyz

It is "fun."

URGENT: Stop Alberta's Government From Overriding Charter Rights of Trans Youth Healthcare is a right, protected by evidence, compassion, and core Canadian values.

Alberta: Please speak up against Bill 9 and the Notwithstanding Clause while the legislation is being debated in the Legislature.

Here's two initiatives that send messages to elected officials & will keep you informed of next steps:

transactionalberta.ca
savethecharter.ca

#ableg #abpoli #CanPoli

Hallucinate (2025 Version) Listen to Hallucinate (2025 Version) by Taylor Hornby #np on #SoundCloud

soundcloud.com/earthrise5/h...

The Brightest Light Listen to The Brightest Light by Taylor Hornby #np on #SoundCloud

If you like future-bass-ish electronic music, I just posted a new track! soundcloud.com/earthrise5/t...

First drum lesson tonight. Haven’t taken a music lesson in uhhh… 20 years?? Looking forward to sucking at this.

As the saying goes, “Sucking at something is the first step toward being sorta good at something”-Jake the dog

FEP-521a: Consider base-64-url, not base-58-btc, as the required codec Converting to/from base-256 (raw "binary" octets) and base-N is easy to do in constant-time if N is a power of 2. See: RFC 4648 for power-of-2 codecs. 58 isn't a power of 2, which makes implementing ...

If you ever wondered,

"What does it take to implement a base-256 <-> base-B codec in constant-time when B isn't a power of 2?"

Well, I have some oddly specific good news for you: codeberg.org/fediverse/fe...

i hate it when something is described as "inscrutable." you have no idea the types of things im able to scrute

> In honor of spooky month, share a 4 word horror story that only someone in your profession would understand

Circuit missing a gate.

>ducted fans
>im a turbofan
>her: eww i want jet
>turbofans are jets
>i am a fucking jet aircraft

I will be alone forever

These people are evil. Never stop saying so. Don’t be intimidated into shutting up.

You have never been cyberd until you've been cyberd by a cyber security professional

To Come Home To Yourself May all that is unforgiven in you Be released. May your fears yield Their deepest tranquilities. May all that is unlived in you Blossom into a future Graced with love.

Friend gave me a John O’Donohue book recently. It’s quite good.

“To Come Home To Yourself”

an illustration that shows a caterpillar, then a moth, then The Mothman text: GIVE YOURSELF TIMEA

Be the Mothman you wish to see in the world