Want to help shape the cryptography that ends up in Internet standards? CFRG is looking for Crypto Review Panel members. Self-nominations welcome. Two-year renewable term.
Send nominations by April 20: cfrg-chairs@ietf.org
wiki.ietf.org/group/cfrg/C...
The long term risk is that people will believe their software is secure when the AI can’t find a vulnerability.
I’m starting to think these are all pump and dump schemes.
My only problem is that the raw garlic in my salsa overpowers everything else when left in the fridge overnight. It basically has to be made and enjoyed fresh.
Just putting this out there: the amount of software that exists in production vastly exceeds our global capacity to maintain it. And AI is going to make this an ultimate nightmare as often it is now easier to start from scratch than building a framework. Liability law will need updates.
Claude code has a pattern to extend existing code by adding a condition: size_bytes = total_size.to_bytes(4, 'big') if total_size > 0xFFFF else b"\x00\x00" + total_size.to_bytes(2, 'big') - unnecessary here, but I wonder if that is common in the industry to avoid breaking things?
Why?
On the plus side, LLMs don’t hold their noses at hard to read code like GnuPG (I remember your students complaining about it). dev.gnupg.org/T8044
I am not familiar with verified code. Is it common to have admit, lax and delayed proof statements? Great write up, thanks!
I gave our students two screenshots, one with a valid PGP signature and one with a signature by the attacker (also valid) where the signer had a different eTLD and a spoofed From: address. They complained it was too hard to spot .org instead of .de. We need sender validation for signed PGP emails!
I’m sorry you had a bad exp. It absolutely can be, but at least for me that’s rare. I prefer „coordinated vuln. disclosure“ because it doesn’t imply other ways are irresponsible. Anyway I would hate to be boxed in one form of disclosure. Interests of stakeholders can be aligned, why not use that?
My experience: It's surprisingly usable. First result was within 5 minutes, fine tuning was done after two hours. Another two hours for adding convenience features, and a final hour for testing and cutting a release.
Main features: Filter by topics, keywords (from title and abstracts), text, or preference. Sort by number, title, score, preference. Show all abstracts or just one, show topics. Navigate and rank by keyboard. Undo and redo. Everything is stored in local storage (just reload the CSV and it's there).
A screenshot of a web page that shows a list of papers that can be filtered and searched, to enter review preferences for a HotCRP conference.
I vibe-coded hotcrp bidding helper with Claude. It's a single index.html (+2 JS libs from CDN). Preferences can be im- and exported via CSV. Topics/Keyword scores can be taken from your own publications (just drop in PDFs and run a script). Image shows fake data. Enjoy! github.com/lambdafu/hot...
When the AI wars come, we will wish the browser war back.
Now's your chance to participate in growing academic cryptography participation in the Middle East and North Africa region: the Africacrypt call for papers is out!
Submit your paper and come join us this July in beautiful Hammamet, Tunisia: www.africacrypt2026.tn/call-for-pap...
Anything in particular? I wouldn’t even know where to look for news and stories on that industry.
The decent thing would be to delete the inbox every afternoon before heading home. Then everybody has a fighting chance.
Over the past few months, I have left my comfort zone and begun working on Agentic AI systems. For that, I am now trying to fill several roles, so if that sounds like something you'd like to work on with me, please get in touch.
Submissions are now open for the SPIQE Workshop! Submit your work until 12th of March AoE! ⚛️ spiqe.cool
At the gpg.fail talk and omg #39c3
You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message.
Won’t even blame PGP here. C is unsafe at any speed.
gpg has not fixed it yet.
What are good alternatives?
We are just waiting for our AI token quota to reset.
At least they now know we didn’t withdraw our submission.
The university library Münster has a clear opinion on this matter. upload.wikimedia.org/wikipedia/co...
I strongly believe that AI will have a lasting impression on human to human communication. Expectations will be presented as prompts rather than as opportunities. The response to non-compliance will be reinforcement rather than reflection. And success will be judged by how well the recipient obeyed.
Announcing SPIQE 2026: 2nd Workshop on Secure Protocol Implementations in the Quantum Era, bringing together researchers and implementers to securely deploy PQC!
📍 Co-located with Euro S&P in Lisbon, Portugal, July 6-10, 2026
spiqe.cool
#SPIQE2026 #EuroSP #PostQuantumCrypto
Das erinnert mich sehr an die Arbeiten von Andy Goldsworthy!
