Khia shades Beyonce & her Lemonade film and says it's bad for black people.Bitch,Bitch Bitch! Underground queen of the South Khia shades Beyonce & her Lemonade film and says it make… Read More
Hi, I’m Soatok! I’m a bit of what you might call a nerd.
Sticker by KhiaThis will the future home of my musings, side projects, and research notes. You can expect less “… Read More
Who better to learn about digital signatures from? Art by Kyume
Let’s talk about digital signature algorithms.
Digital signature algorithms are one of the coolest ideas to come o… Read More
Art by Kyume.
Search engines have this feature where if you start to type a question, it will attempt to predict your question based on what other people have asked.
This has some hila… Read More
There are several different methods for securely hashing a password server-side for storage and future authentication. The most common one (a.k.a. the one that FIPS allows you to use, if com… Read More
If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”.
I specialize in secur… Read More
I rarely think about the labels that describe me.
That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and… Read More
Despite the awesomeness and diversity that the furry fandom offers the world, there is a very narrow subset of furry content creation that has attained popular appeal within our community… Read More
While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–… Read More
As America prepares for record-breaking infection statistics on a daily basis, many of us are looking at other countries safely reopening and wondering, “Why can’t we have nice t… Read More
There are a lot of random topics I’ve wanted to write about since I started Dhole Moments, and for one reason or another, haven’t actually written about. I know from past experie… Read More
If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree.
This is as true… Read More
There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up agai… Read More
Earlier this week, NIST announced Round 3 of the Post-Quantum Cryptography project and published their rationale for selecting from the Round 2 candidates.
NIST did something clever this… Read More
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you&rsquo… Read More
Since the IETF’s CFRG decided to recommend OPAQUE as a next-generation Password Authenticated Key Exchange, there has been a lot of buzz in the cryptography community about committing… Read More
Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware.
Dep… Read More
Serious question: Why doesn’t the Furry Fandom have more comedians?
Art by Khia.
I don’t mean racist loudmouth assholes who wouldn’t know a good joke if it cup-checke… Read More
This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis.
Cryptography engineering is one of many specialties within the wider field of s… Read More
Tonight on InfoSec Twitter, this gem was making the rounds:
Hello cybersecurity and election security people, I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of y… Read More
A frequent source of confusion in the furry fandom is about commission pricing for furry art.
This confusion is often driven by (usually younger) furries demanding free or severely cheap… Read More
The cryptography and information security experts who read my blog probably wonder from time to time, “Why furries though?” which I’ve spent ample time answering and hopefu… Read More
Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers.
Our new end-to-end encryption (E2EE) feature is now a… Read More
We’ve more-or-less all been coping with the pandemic since early March.
During this time, I’ve seen a lot of people stressed and depressed to their breaking points, usually wh… Read More
Earlier this year, I detailed a simple technique for deanonymizing scam sites on CloudFlare, by getting the back-end webserver to email you and reveal the server’s IP address (so you c… Read More
Governments are back on their anti-encryption bullshit again.
Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia… Read More
The OpenSSH team recently announced the removal of support for ssh-rsa keys in OpenSSH. This announcement was met with a modest and well-deserved fanfare from cryptographers, because RSA suc… Read More
Imagine you’re a software developer, and you need to authenticate users based on a username and password.
If you’re well-read on the industry standard best practices, you&rsqu… Read More
Earlier tonight, someone decided to change their Twitter handle and display name to impersonate a furry and solicit money to the scammer’s PayPal account.
DO NOT SEND MONEY TO THIS… Read More
As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out.
What is cryptographic wear-out?
It’s the thresho… Read More
In 2015, a subreddit called /r/The_Donald was created. This has made a lot of people very angry and widely been regarded as a bad move.
Roughly 5 years after its inception, the Reddit sta… Read More
Earlier this week, Twitter announced an initiative to combat misinformation on their platform that they call Birdwatch.
How Birdwatch works: Volunteers sign up (assuming they meet all the… Read More
A few years ago, when the IETF’s Crypto Forum Research Group was deeply entrenched in debates about elliptic curves for security (which eventually culminated in RFC 7748 and RFC 8032)… Read More
Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings… Read More
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you migh… Read More
Comedian John Oliver has been hosting a weekly show on HBO called Last Week Tonight for a few years now. Most of each episode is also freely available on YouTube.
In a recent episode, Joh… Read More
Allen Gwinn is a Professor of Practice at the Southern Methodist University’s Cox School of Business. In a recent article published by The Hill, Allen Gwinn shared his bad opinions abo… Read More
There are a lot of excellent computer hackers in the world, and many of them are also furries.
However, there are a lot more furries than excellent computer hackers in the world, so you w… Read More
Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible.
The art and scie… Read More