I have been a begrudging user of Telegram for years simply because that’s what all the other furries use. When I signed up, I held my nose and expressed my discontent at Telegram by selecting a username that’s a dig at MTProto’s inherent insecurity against chosen ciphertext attac … | Continue reading
Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com (which is the host for my blog) for “AI” products. In response to journalists probing this shady decision from Automattic leadership, the company said noth … | Continue reading
There is, at the time of this writing, an ongoing debate in the Crypto Research Forum Group (CFRG) at the IETF about KEM combiners. One of the participants, Deirdre Connolly, wrote a blog post titled How to Hold KEMs. The subtitle is refreshingly honest: “A living document on how … | Continue reading
The people afraid to show their peers or bosses my technical writing because it also contains furry art are some of the dumbest cowards in technology. Considering the recent events at ApeFest, a competitive level of stupidity is quite impressive. To be clear, the exhibited stupid … | Continue reading
Dhole Moments is not a music blog. I will not pretend to be an expert on music, music theory, or music appreciation. But it goes even further than that: I am so untalented at music that I exert a vacuum pressure on musicians who cross my path at furry conventions. Regular readers … | Continue reading
If you’ve paid attention to Hacker News or various technology subreddits in recent years, you may have noticed the rise of VPN companies like Tailscale and ZeroTier. At the core of their networking products is a Noise-based Protocol (often WireGuard). If you haven’t been paying a … | Continue reading
A few days ago, I wrote a personal blurb about my experience with Return-to-Office, Forced Relocation, and top-down Corporate Bullshit. This was a departure from my usual fare in two ways: I had figured that quick write-up would fill the void while I work on the more ambitious te … | Continue reading
I quit my job towards the end of last month. When I started this blog, I told myself, “Don’t talk about work.” Since my employment is in the rear view mirror, I’m going to bend that rule for once. And most likely, only this one time. Why? Since I wrote a whole series about how [… … | Continue reading
Last year, I went to the Quantum Village and encountered some absolute bullshit, which I proceeded to call out. This year, while I was walking around the Crypto + Privacy Village at DEFCON 31 in fursuit, a wild Cendyne approached me and asked, “There are going to be some debates … | Continue reading
Recently, there has been a lot of misinformation and propaganda flying around the American news media about the furry fandom. Unfortunately, this seems to be increasing with time. Consequently, there are a lot of blanket statements and hot takes floating around social media right … | Continue reading
Regular readers of Dhole Moments should always keep this in mind: | Continue reading
Recently, it occurred to me that there wasn’t a good, focused resource that covers commitments in the context of asymmetric cryptography. I had covered confused deputy attacks in my very short (don’t look at the scroll bar) blog post on database cryptography., and that’s definite … | Continue reading
An introduction to database cryptography. | Continue reading
A quick reference to anti-furry dog-whistles for busy journalists and investigative reporters. | Continue reading
Tails from the Cryptographic Side of Security Research | Continue reading
A recap of this blog and its author in 2022 | Continue reading
Ever since the famous “Open Sesame” line from One Thousand and One Nights, humanity was doomed to suffer from the scourge of passwords. Even in a world where we use hardware tokens with asymmetric cryptography to obviate the need for passwords in modern authentication protocols, … | Continue reading
When it comes to AES-GCM, I am not a fan. Most of my gripes fall into one of two categories: However, one of my gripes technically belongs in both categories: The small nonce size, which is caused by AES’s block size, limits the amount of data you can safely encrypt with a single … | Continue reading
I got banned for criticizing Twitter’s security, as I’ve done often in the past without repercussion. | Continue reading
As Twitter’s new management continues to nosedive the platform directly into the ground, many people are migrating to what seem like drop-in alternatives; i.e. Cohost and Mastodon. Some are even considering new platforms that none of us have heard of before (one is called “Hive”) … | Continue reading
What will become of the Internet, and the furry fandom, if Elon Musk kills Twitter? | Continue reading
A nuanced answer to the obvious question in response to Patreon firing an entire Security Team in 2022. | Continue reading
We don't need stupid rules about fursuiting at furry conventions | Continue reading
Cryptographic agility is a vaguely defined property, but is commonly understood to mean, “Able to quickly swap between cryptographic primitives in response to new attacks.” Wikipedia defines cryptographic agility as: Cryptographic agility is a practice paradigm in designing infor … | Continue reading
feat. Vikram Sharma of QuintessenceLabs | Continue reading
Form generating and processing library for PHP 8 projects | Continue reading
and Got Banned for Doing the Right Thing | Continue reading
If you really must support RSA in 2022, here’s some things to keep in mind. | Continue reading
HKDF has poorly-understood subtleties. Let’s explore them in detail. | Continue reading
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny? | Continue reading
Just to assuage any panic, let me state this up front. If you’re reading this blog post wondering if your Lobste.rs account is at risk, good news: I didn’t publish it until after the vu… | Continue reading
Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In … | Continue reading
Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function”… | Continue reading
Wherein some furry casually saves a University tens of thousands of dollars on a NIST SP 800-171 audit they were doomed to fail anyway. | Continue reading
Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a MAC or Digital Signature calculation fails to ensure some property that’s expected of the overall… | Continue reading
A trivial proof for the Collatz conjecture that doesn’t fuss around with cycles. | Continue reading
Briefly explaining the Infursec prevalence within InfoSec | Continue reading
An Internet Marketer Offered Me $100 to Betray Myself and My Community | Continue reading
#WhyIGotVaxxed | Continue reading
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even … | Continue reading
Boycott Zed Shaw’s writing. (With bonus zero-days in his work.) | Continue reading
Tales from the Crypt[ography]. | Continue reading
RSA is for encrypting symmetric keys, not entire messages. Pass it on. | Continue reading
Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll proba… | Continue reading
Governments are back on their anti-encryption bullshit again. Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia’s ne… | Continue reading
Earlier this week, security researcher Ryan Castellucci published a blog post with a somewhat provocative title: DKIM: Show Your Privates. After reading the ensuing discussions on Hacker News and R… | Continue reading
Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers. This is a good move, especially for people living in countries w… | Continue reading
Zoom recently announced that they were going to make end-to-end encryption available to all of their users–not just customers. This is a good move, especially for people living in countries w… | Continue reading