HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jameswryan

no profile record

comments

jameswryan
·2 anni fa·discuss
Rainbow is not a KEM, but a signature scheme.
jameswryan
·2 anni fa·discuss
> ... destroying Internet security seems like a dubious reason to build a new machine.

I can't agree with this; Destroying internet security is an excellent reason to build a new machine.
jameswryan
·3 anni fa·discuss
/dev/random does not block when 'out of entropy'. 'Running out of entropy' isn't something that can happen, and /dev/random will only block if the RNG hasn't been initialized (short enough after boot to not matter).

See Jason Donenfeld's authoritative talk on the Linux RNG for details: https://youtu.be/-_yzaSp2xtY
jameswryan
·3 anni fa·discuss
The Discrete Log Problem is relatively simple to explain in the context of a generic group. It's sort of intuitive that elliptic curve groups are a pretty good instance of a generic group. So I don't think it is simpler to explain the security of RSA than the security of ECC.

Additionally, the best attack on ECDLP (Pollard's rho) is much easier to understand than the best attack on RSA (the number field sieve).
jameswryan
·3 anni fa·discuss
That isn't sufficient to protect you on a charger you don't control: https://www.usenix.org/conference/usenixsecurity21/presentat...
jameswryan
·3 anni fa·discuss
For the cryptography & theory? https://toc.cryptobook.us/

For the design and internals of hash functions? The finalists for the SHA3 competition have extensive design documentation. There's an archive at https://web.archive.org/web/20170829225940/http://csrc.nist....

Cryptographic hash functions are designed to resist existing attacks, so you'll want an understanding of differential & linear cryptanalysis, as well as a variety of algebraic attacks. I don't know of a good textbook on the subject, so you might find yourself searching keywords on https://eprint.iacr.org/
jameswryan
·3 anni fa·discuss
> And C++ just... doesn't have that many real problems.

70% of security bugs are memory safety issues. That's a lot of real problems.

> It has a lot of irks, but the problems people run into are problems that others already solved, a thousand times, over the last half century, in many different ways for many different iterations of the language.

People run into memory safety issues more often in new C++ code.

https://www.chromium.org/Home/chromium-security/memory-safet...

https://security.googleblog.com/2021/09/an-update-on-memory-...

https://github.com/microsoft/MSRC-Security-Research/blob/mas...

https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI...

https://media.defcon.org/DEF%20CON%2030/DEF%20CON%2030%20pre...

https://advocacy.consumerreports.org/research/report-future-...

https://alexgaynor.net/2020/may/27/science-on-memory-unsafet...

https://github.com/google/sanitizers/blob/master/hwaddress-s...

https://security.googleblog.com/2022/12/memory-safe-language...
jameswryan
·3 anni fa·discuss
Joan Daemen even lost twice in one competition! Subterranean 2.0, another Duplex, didn't make it past round 2.