HackerTrans
TopNewTrendsCommentsPastAskShowJobs

loup-vaillant

9,992 karmajoined há 17 anos
http://www.loup-vaillant.fr

https://monocypher.org

https://elligator.org

comments

loup-vaillant
·há 8 dias·discuss
> Advances in quantum research and development have shifted the risk horizon. We believe cryptographically relevant quantum computers could arrive sooner than previously expected

Aaand, there’s no citation, no reference or link for further reading, no justification for the claim. Not the most reliable signal.
loup-vaillant
·há 9 dias·discuss
I’ve seen arguments that PQ algorithms are easier to implement correctly than ECDH, thus reducing that risk. I’d have to try it myself to really asses that, but for now I believe them. I’d say the real cost is performance.
loup-vaillant
·há 9 dias·discuss
In your PQ safety blanket article https://soatok.blog/2026/04/13/hybrid-constructions-the-post... you make it pretty clear the reason you support hybrid is tactical, not cryptographic.

Your wording ("Once Q-Day happens") strongly suggests Q-Day will happen, like, it’s so certain you don’t even need to state it explicitly, you can just assume it will. And your references to the PQ timeline give the impression that you think it will likely happen soon.

It’s pretty clear from there that you think ECDH is now technically useless, and the only real justification for hybrid schemes (as opposed to pure PQ), is to reassure the people still unsure about the likes of ML-KEM. Sure you still do recommend going hybrid, but from what I can tell, you would have preferred a world where we go pure PQ right away.

And so would I to be honest (if ECC is a bust): one algorithm is simpler and faster than two.
loup-vaillant
·há 9 dias·discuss
Applying for a position is a much lower bar than having any chance of landing the position.

I’ve interviewed someone for a programming position. The guy practically nailed the standard quiz (done at leisure before the interview), but was unable to explain why he answered what he answered. When we got to reviewing a little program (compare two strings, see if the distribution of letters is the same), he could not walk me through it. He was applying for a programming position, and could not explain his "own" impressively correct programming answers.

Well at least postdocs have a PhD, that they had to defend in front of a chalk board I presume. Still, sometimes, frauds do slip through.
loup-vaillant
·há 9 dias·discuss
A solution to this kind of problem is to make sure the funding itself isn’t controlled buy entities you don’t want to control the thing. For instance, the classic model for publicly funded health care, retirement, and unemployment, is for the money to go from salaries, straight to the respective funds. Neither the executive nor the parliament even discuss how much money goes where.

Well, now they do to some extent, and that’s a problem, because for retirement for instance, they apparently refusing to even think of raising the rates even a little bit, and few discuss ways to raise the salaries themselves. All they can think of is making us work later, which doesn’t work because whatever pressure you relieve from the retirement funds, goes straight to the unemployment fund. Oh wait, there’s a solution: kick people out of unemployment insurance.

Anyway, something like that could be devoted to various media. I believe it would work best if it was done through an independent organisation (or federation thereof, we still want local media). And of course we want that organisation to be democratic, but I haven’t thought through the details where the devil lies.

---

Note: I spoke of the independence of judges above, but if I recall correctly, in France we have much fewer of them than in Germany (per capita). They are overworked, justice takes ages to be served, and there are signs that it is on purpose. I suspect one reason is it allows the executive branch to set the priorities for the justice system, undermining its independence at a deep level.
loup-vaillant
·há 10 dias·discuss
Oh my…

You familiar with separation of power? Like Judges being funded by the state, and yet, somehow able to stay independent? Shocking, I know. Here’s even more shocking: media are like that too.

I mean, okay, they aren’t always. In France for instance they fluctuated from straight up propaganda tool, to very independent, and now back to being less independent. Unfortunately it’s not being recognised as a fourth power, worth cleanly separating from the other organs of the state (executive, legislative, judiciary). Still, the separation is there to some degree.

Anyway, freedom of expression.

The practical effect of stopping state funding of media, simply means all we’d have left as mainstream media goes, are those owned by a tiny number of very rich people. And the overwhelming majority are either neoliberal, or pretty far to the right — some squarely fall into the far right. Precisely the kind of propaganda tool you seem to expect from the state, only even more pronounced. Oh sure you’re "free" to express leftist ideas. On your tiny YouTube channel. Nobody is going to listen to you from their TV or their radio.

Kinda suits the far right parties, doesn’t it?

We speak of freedom of expression, but really that is taking it from the wrong end. What we really need is freedom of information, that is, actual, practical access to a broad enough range of ideas. And with curation too. Stupid stuff like Flat Earth should be relegated to the rank of cute entertainment. Dangerously false stuff like climate change denialism should be mostly ignored by recommendation algorithm, and moderated away from any kind of mass media. Hate speech, like, "trans 'people' are abominations that deserve a bullet in the head, let’s grab our AR-15", should be prosecuted.

Anyway, what is said is much less important than what is heard, and to what extent. We can keep a nominal freedom of expression all right, but it doesn’t matter if all people hear all day is pro-genocide, pro-billionaire, anti-regulation, anti-queer, and anti-science.

---

A note on vocabulary: it’s kinda hard to communicate how things work here in parts of the EU, because you just don’t have the word. I want to talk about publicly owned media, as in owned by the people, but this clashes with "public company", which means owned by shareholders.

So I have to resort to "state funded", except now you think it means "state controlled", because of course if you fund something you control it… except no, see judges, and the funding doesn’t even have to go through the state — or at least, not the executive branch.

It’s like explaining someone who’s just been told all their life that the sun rises from the East and sets to the West, means something different now than what it meant 2 thousand years ago. It doesn’t fit in a simple comment.
loup-vaillant
·há 14 dias·discuss
Okay, let’s just focus on the "remigration" thing, then.

Sure, Örebro is not typical, and may indeed be an exception.

But.

This apparent racism remains cogent evidence that they are also against freedom of expression — even if perhaps not openly. Also, I have yet to know of one political party who sincerely advocates for both deportation and freedom of expression.
loup-vaillant
·há 14 dias·discuss
> I don’t support remigration, but calling immigration “the free expression of people” is a stretch. It’s orthogonal.

Far right political parties have a marked tendency to severely restrict freedom of expression once they’re in power. They routinely call for it when they’re the underdogs, but that often changes fairly quickly once they get their way.

In some cases you can see hints of that before they came into power. In France for instance, our main far right party (Rassemblement National) supports drastic budget cuts to state-financed media, and I believe a more direct control of said media from executive power.

One would have to check whether the Swedish Örebro party is similar of course. I personally no absolutely nothing about that party. Still, it is not a stretch for me to strongly suspect that a party that calls for deportation (let’s call it what it is, okay?) is also a party that is, or at the very least will be, against freedom of expression and freedom of information.

If it is, then Mullvad’s co-founder has a serious conflict of interest, and I would have no choice but seriously lower my confidence in their VPN.

I hope their sister company, Tillitis, is mostly free of such. Though even if it too is tainted, their TKey is fully open source (schematics and all if I recall correctly), and simple enough to be independently audited. They even have an unlocked version you can burn yourself so you don’t even have to trust their provisioning process. That’s the difference with a VPN: a VPN is like a Palantir, you kinda have to trust Sauron will do right by you. The TKey is more like Nemik’s astro-navigator: the user can verify themselves they are its sole master, once they did they can trust it even if it was manufactured by the Empire itself.

I mean, I love my TKey. I don’t care if Elon Musk and Peter Thiel themselves oversaw its manufacture, now it’s mine, and there’s no way I’m letting the enemy have exclusivity over it.
loup-vaillant
·há 15 dias·discuss
> The global push to kill privacy makes me sad.

Only sad? Like, we already lost and we might as well give up?

I’m not sad. I’m scared, and I’m angry. And I’m beginning to think maybe everyone should be too. I mean, in normal circumstances, you don’t want an angry and scared population, that’s generally a recipe for disaster. At this point though, given the various decisions at the top that so clearly disfavour the bottom 99%, angry and scared is probably exactly what we need. Well, angry, mostly. Furious. Mad.

The hard part is determining who the enemy actually is. Hint: the more wealth and power, the more likely this is one of them. Strip them of their ungodly wealth and influence, you may get a human being back.
loup-vaillant
·há 2 meses·discuss
> In short the integrity of the application must be secured. This integrity must be protected from everyone. Nothing should be able to violate the integrity of the app.

I’m getting a strong sense that you don’t know what you’re talking about. "Everyone" for instance doesn’t include the app vendor. You want to allow updates, right?

> Most users do not want this ability

Again with the ambiguous wording. What do you mean exactly? That >50% of users don’t care about having this ability, or that >50% of users explicitly reject this ability?

In my experience, most users think they don’t care, until they need to run an app that’s not on the main app store. Easy example: skip YouTube ads. On Android, you jumps a few hoops, install Newpipe or Tubular, and voilà, no more ads. But I’ve met several iPhone users who wanted the same, and were quite dejected when they realised they couldn’t have it.

Of course, the idea that most users explicitly reject the ability to bypass security measures is utterly ridiculous.

> Allowing end users to turn off security features is not a good idea.

Not that I’m not talking about flipping a switch that would end all process isolation. I’m talking giving permission to one app to mess with one other app. Secure by default with fine grained permissions, not "please revert to Windows 98 with zero memory protection".

> Users should not have to think about such things.

They have to anyway. Where their credentials are, what if they break their computer, lose their phone, their data gets leaked…
loup-vaillant
·há 2 meses·discuss
> Freedom is worth the price.

I generally lean towards that too, including for this issue. But we do need to own up to it. Explicitly ask ourselves, what kind of bad consequences, and how much of them, are we willing to put up with in the name of freedom?

Also, some framings make it difficult: the second someone speaks of protecting the children, all of a sudden freedom becomes secondary. Which leaves two counters, which are logically compatible, but tend to be rhetorically exclusive: denying that this new thing will actually protect the children; and asserting that the protection it allegedly provides is not worth the loss of freedom.

The second one is a hard sell, which is why we so often revert to the first one. Take age verification: sure it won’t stop determined underage teens from seeing images of bunny girls. But it will deter some of them. And assuming images of bunny girls are bad for teen health, it means age verification does "protect the children". A little. And voilà, we’ve destroyed the argument that age verification does absolutely nothing, mass surveillance for the win!

> […] which I don't think is an acceptable thing to do to mentally sound adults.

I haven’t thought of the psychological damage over-protectiveness may cause. That’s a bloody good point.

> There's plenty of competition in the banking space,

Given how people in some countries complain that it’s difficult to find a bank that doesn’t require a locked down phone for online payments, I would argue perhaps not plenty enough. I totally agree though that for any bank to require one of two OSes is not good, and for this reason would be tempted to outlaw such requirements (thus reducing corporate freedom, but I care more about individual freedom).

> some sort of software freedom law guaranteeing users the right to modify software running on devices they own.

That is very tempting indeed. Do understand though that such a law comes very close to mandating Free Software everywhere: for this right to be effective, users need access to the source code, and be allowed to let some professional modify that code for them. Any mass produce piece of hardware would effectively have to publish the full code source of their drivers for all to see. I would absolutely love that, but NVDIA would likely lose their marbles over this.
loup-vaillant
·há 2 meses·discuss
On principle I agree with you. And for me I totally want that, in part because I know how to take care of myself and avoid phishing (I got pwned once, but thankfully it was my company’s honey pot, not actual phishing).

Many people aren’t like us. Give them freedom to chose their password without mandating 2FA, and some will lose money to a password database leak & offline guessing. The policy maker knows this, at which point they have a choice: stricter annoying rules with fewer victims, or looser rules with more victims?

Yes, we can mitigate much of this with education, as can we limit vendor lock-in by mandating that the bank does not require any particular device they do not themselves distribute, for free, to their users. (My bank for instance gave me a little device that has a camera, a small screen and a key pad. Upon payment I use the device to scan some QR-code, the device gives me a one-time code that I type, and done.) My point is, some kind of tradeoff remains.

Also banks kinda have to deal with fraud, which presumably costs them money. Stolen passwords mean more fraud, increased costs… that may be incentive enough to enforce stricter rules. And to be honest I’m okay with that, as long as it is accessible. Which in my case means no phone app of any kind.

Come to think of it, there is one law I would pass: for important stuff like banks, no amount of security justifies a lack of accessibility. If I don’t have a smartphone, I should still be able to do online payments. Same if I’m blind. Or both. When I hear all around me about people being utterly unable to do banking, or worse, accessing government online services, without a locked down Android or iOS phone, I’m horrified.
loup-vaillant
·há 2 meses·discuss
I agree, but then you lose the convenience of centralised match making, and I’m guessing, a number of predatory monetisation schemes. Allowing third party servers however would be a very good way to stop killing games.

I don’t believe intrusive anti-cheating is required for online gaming to flourish. But even if it was, I would give up Elite Dangerous, for which I have bough a VR setup and build my cockpit, before I give up full control over my PC.
loup-vaillant
·há 2 meses·discuss
> No I mean that the operating system protects applications from messing with each other. The operating system should isolate each app for security purposes.

Oh but that is far incomplete a specification. What security purposes? Who are we protecting, from whom? On whose behalf does the OS isolates applications from each other? If it’s on mine, then you bet I absolutely want the ability to lift that isolation in specific cases. It’s my computer, I decide when and how the rules are broken.

But the moment I have that (a computer and OS that really work for me), I lose the ability to prove that I don’t. If I play an online game, being in control means the game company is not, and I can’t prove to them I’m not cheating.

I’m not aware of any third alternative.
loup-vaillant
·há 2 meses·discuss
> Maybe it's not important for applications to be able to require DBCs without attestation. But at first blush it seems like a valid thing to want.

It’s definitely something I would want, but as you hinted at yourself, if there’s no remote attestation, the user can just use a software TPM. So, a company using passkeys has two choices:

- Enforce DBC with remote attestation. This raises the security floor, but enforces device vendor lock-in, and prevent users from selecting unapproved, but potentially even more secure, devices.

- Do not enforce DBC. This lets users use less secure virtualised devices, but there’s no vendor lock-in, and those who want may use the latest most secure device ever.

Which alternative is appropriate is now a social & political problem. My opinion is that for general computers released to the general public, remote attestation is never legitimate. Even with the best of intentions it is fundamentally uncompetitive, and they make it way too easy to go full Evil Corp. Specialised appliances and employees however are different stories.

---

Anecdotally, I have worked on TPM provisioning a couple years back, and I had to warn my hierarchy that doing it the way they specified, the TPM could be impersonated: we checked the signature of the certificate, but failed to compare the certificate root with the manufacturer’s keys. My boss didn’t believe me, until I showed the production code happily provisioned a software TPM, without detecting the impersonation. (Actually, he didn’t believe me even then, I had to go over him to the security specialist.)

This was totally a case of remote attestation. But I believe this particular case was legitimate, because it was a specialised appliance (electric car charging station), that was meant to process payments, similar to a gas station terminal.
loup-vaillant
·há 2 meses·discuss
Yes, but that’s not the threat model I was alluding to. The threat model was, you get tricked into executing malware, that will steal your passkey (and your entire password database in fact), and log your master password as soon as you use it.

When the passkey is protected behind an HSM (TPM, Yubikey, Tkey…), even a compromise of your main computer can’t steal it. Attackers can still temporarily log in on your behalf, but they can’t do anything with your passkey as long as your computer is turned off. Which means you can un-pwn yourself out of this situation by reinstalling everything (but do keep your HSM!).

Overall, we have several levels of security here:

- Weak password, (potentially reused everywhere). Fished once, pwned everywhere. Not to mention password database leaks.

- Very strong unique password from your password vault (KeepassXC). Note that with automatic login, password managers may provide good phishing resistance. Manual copy pasta is still vulnerable, but at least you only compromise that one account.

- Passkey stored in your password database. Phishing proof as you say, but falls to a keylogger.

- Passkey sorted in a hardware security module. Can’t be stolen ever, save for a vulnerability in the HSM itself, or, if you haven’t set up a password for your HSM, theft.

Clearly that last option is the most secure. Clearly it would be nice if everyone could do that, though we do need a way to recover from the loss or destruction of the HSM (which in the case of the TPM may mean something as mundane as changing your graphics card). Yet often, other ways are more convenient.

Still, I strongly believe companies should not force people into one method or another. Okay, I could maybe tolerate passkeys being forced on me, but not the remote attestation part. Let me manage my own security, with my own tools (preferably open source), thank you very much. There is one use case for which I may approve of remote attestation: work accounts. Because at this point it’s not about the safety of the customer, it’s about the safety of the company itself. It makes sense then that the company (or government agency) impose whatever stringent restrictions on how to access their network. They do have to provide any required tool (company laptop, company palmtop, company dongle…), same way many companies are required to provide individual safety equipment to any of their employees working in hazardous environments.
loup-vaillant
·há 2 meses·discuss
> Alternatively, just make it illegal to ship any kind of initial bootloader as part of a CPU's/SoC's mask ROM in any computing device that is marketed as a general-purpose one.

Funny, I have a related proposal: make it illegal to sell hardware and distribute software. Or at least, if you distribute software, we don’t buy your hardware. The idea is to force hardware companies to release the complete user manual for their hardware, and incentivise them to simplify and standardise their hardware interfaces.

What I did forget was forbidding them to arbitrarily restrict what kind of software can run with their hardware, which they could if the hardware hashes the software & verifies a signature before running it. But it would seem your separation between CPU and storage takes care of that.
loup-vaillant
·há 2 meses·discuss
> (If it hasn't been done already, an AI-generated short film of it would be a great idea...)

Once you have the script, that’s a couple actors in a classroom, a couple e-ink readers for props, the film crew… It can be shot with less than 10 people in a day, then one person for a couple days for cutting and post production. And that’s on the very high end for this scene.

Considering the reach this video would meant to have, avoiding AI would not be that expensive.
loup-vaillant
·há 2 meses·discuss
> Passkeys absolutely do not need TPM.

They do not, but how does the service you’re using know your passkey is secure? For all they know you’re just some gullible user that clicks through every fishing email you get. You’re dumb, weak, helpless, they gotta protect you from this scary world out there, and maybe yourself as well.

They can’t do that if they allow your passkey to be stored anywhere you control. KeepassXC? The second you type in your master password the keylogger will snatch it, and your entire database with it!

Okay, maybe you’re some hot shot cryptographer, you’re using a TKey (think Yubikey, except you have full control), and there’s no way your secret key leaves it even if your main computer is fully compromised. Well, the service doesn’t know that. All they see is your public key and a matching signature.

So, sorry Mr. Security Researcher, we’re gonna have to be safe, and require you to use approved hardware only. Too many (wo)men children out there must be protected, we have no way to tell you’re not one of them, so it’s remote attestation or you’re out. What’ online buying worth for anyway, when you can just cross the ocean?

---

Just so we’re clear, I agree with you here. But don’t forget there are two kinds of passkeys out there: with or without the evil remote attestation. And many companies will push for the remotely attested kind, using the exact argument I used above, except with a straight face.

Or they will just present a false dichotomy: remotely attested passkeys on the one hand, short easy to guess reused everywhere passwords on the other.
loup-vaillant
·há 2 meses·discuss
> TPMs are great.

TPMs are a fucking mess. TPM 2 at least, I’ve worked with it for a few months. I love me some hardware security module, but I want to control it. And if it must be a standard, please please to something like the TKey, so it can be both much simpler than current ad-hoc standards and future proof.

https://loup-vaillant.fr/articles/hsm-done-right