Load site modules...
lade...
random avatar

gusted - Network

Posts Subscribe

cryptographyMe: Sees a new eprint paper on iacr that describes a new AEAD with reasonably good properties, more importantly it uses...

https://social.linux.pizza/@Gust...

cryptography


Me: Sees a new eprint paper on iacr that describes a new AEAD with reasonably good properties, more importantly it uses widely-available cryptography primitives.

Paper: Yes, we have source code, check the supplementary material appendix.

Paper: No source code in the supplementary material.

Me: Still trying to implement the AEAD from the specification in the paper, but ambiguity in the wording and lack of implementation details makes it difficult to actually implement it from the paper and even impossible if implemented correctly.

*2 weeks later*

IACR: Hello, new revision of this paper. Now with a link to the source code on Github!

Github project: No licence.

Me: Trying to stay sane, merely wants to implement a new AEAD.

The story of github.com/MichielVerbauwhede/

26.2.2025 17:59cryptographyMe: Sees a new eprint paper on iacr that describes a new AEAD with reasonably good properties, more importantly it uses...
https://social.linux.pizza/@Gust...

@fnetX and ashimokawa are still confused that I actually exist.

https://social.linux.pizza/@Gust...

@fnetX and ashimokawa are still confused that I actually exist.

1.2.2025 23:20@fnetX and ashimokawa are still confused that I actually exist.
https://social.linux.pizza/@Gust...

@linus yup, a penguin.

https://social.linux.pizza/@Gust...

@linus yup, a penguin.

1.2.2025 23:13@linus yup, a penguin.
https://social.linux.pizza/@Gust...

@shebang and @domi invested money into Forgejo LLM. (I am pretty sure I got bribed without knowing it)

https://social.linux.pizza/@Gust...

@shebang and @domi invested money into Forgejo LLM. (I am pretty sure I got bribed without knowing it)

1.2.2025 23:12@shebang and @domi invested money into Forgejo LLM. (I am pretty sure I got bribed without knowing it)
https://social.linux.pizza/@Gust...

@n0toose is still in shock of meeting me.

https://social.linux.pizza/@Gust...

@n0toose is still in shock of meeting me.

1.2.2025 23:10@n0toose is still in shock of meeting me.
https://social.linux.pizza/@Gust...

I have met way too many awesome people at fosdem today.#fosdem

https://social.linux.pizza/@Gust...

I have met way too many awesome people at fosdem today.

1.2.2025 23:09I have met way too many awesome people at fosdem today.#fosdem
https://social.linux.pizza/@Gust...

In case you are interested in checking* if your Go project that uses an x/crypto/ssh server is vulnerable to CVE-2024-45337...

https://social.linux.pizza/@Gust...

In case you are interested in checking* if your Go project that uses an x/crypto/ssh server is vulnerable to CVE-2024-45337 (pkg.go.dev/vuln/GO-2024-3321), I wrote a small Go tool to exploit this: codeberg.org/Gusted/CVE-2024-4

* This is not automated; you would need to check if the spoofing actually worked depending on the output you received.

13.12.2024 15:29In case you are interested in checking* if your Go project that uses an x/crypto/ssh server is vulnerable to CVE-2024-45337...
https://social.linux.pizza/@Gust...

I've written another Linux kernel module (my second one, and counting) for the YubiKey 5. It acts as a driver for the yubikey, so it can...

https://social.linux.pizza/@Gust...

I've written another Linux kernel module (my second one, and counting) for the YubiKey 5. It acts as a driver for the yubikey, so it can be used as a hardware RNG provider for the Linux kernel. It uses the OpenPGP application that's available on the yubikey to generate random bytes, which are then mixed into the entropy pool of the kernel. It also automatically mixes new generated bytes into the pool after the kernel reseeds (behavior of the hw_random framework). Now you can even feel more secure about using /dev/(u)random.

Source code: codeberg.org/Gusted/yk5-random

For, what I assume, security reasons, the yubikey's LED stays on because the driver uses the CCID interface, which is quite distracting.

14.8.2024 02:24I've written another Linux kernel module (my second one, and counting) for the YubiKey 5. It acts as a driver for the yubikey, so it can...
https://social.linux.pizza/@Gust...

Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have!...

https://social.linux.pizza/@Gust...

Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have! codeberg.org/forgejo/forgejo/p

24.7.2024 13:19Oh no! a wild security feature for @forgejo has appeared that even Github doesn't have!...
https://social.linux.pizza/@Gust...

Of all the audio formats, I did not expect FLAC to be the one that can have different sample rates between audio frames. FWIW: VLC did not...

https://social.linux.pizza/@Gust...

Of all the audio formats, I did not expect FLAC to be the one that can have different sample rates between audio frames. FWIW: VLC did not expect this either because it stops playing when the sample rate changes mpv does handle this correctly, although it falsely advertises that the audio file has a total duration (which it does not).

12.6.2024 10:07Of all the audio formats, I did not expect FLAC to be the one that can have different sample rates between audio frames. FWIW: VLC did not...
https://social.linux.pizza/@Gust...

After long delaying to pursue more advanced assembly coding, I finally hit the nail on the head and understood and used AVX(2) instructions...

https://social.linux.pizza/@Gust...

After long delaying to pursue more advanced assembly coding, I finally hit the nail on the head and understood and used AVX(2) instructions and made a crypto primitive 8 times faster than it was implemented in Go. No AVX512 yet, because I don't have a recent CPU for that :/ Really wild to think differently about how data is passed and how to deal with it with vector instructions. There's no rotate instruction, so you have to implement that yourself D:

6.6.2024 23:44After long delaying to pursue more advanced assembly coding, I finally hit the nail on the head and understood and used AVX(2) instructions...
https://social.linux.pizza/@Gust...

Timezones are funky, but they are full of useful information! This will be a nice addition,...

https://social.linux.pizza/@Gust...

Timezones are funky, but they are full of useful information! This will be a nice addition, time.gusted.xyz/Canada/Newfoun

7.4.2024 22:08Timezones are funky, but they are full of useful information! This will be a nice addition,...
https://social.linux.pizza/@Gust...

That's on official record, @Codeberg approves the deprecation of Microsoft SQL Server in...

https://social.linux.pizza/@Gust...

That's on official record, @Codeberg approves the deprecation of Microsoft SQL Server in

codeberg.org/forgejo/forgejo/p (don't look too close at me forgetting to make the PR against the stable branch)

4.4.2024 21:28That's on official record, @Codeberg approves the deprecation of Microsoft SQL Server in...
https://social.linux.pizza/@Gust...

Forgot to add, couldn't find any open source alternatives. Hence why I spend time on this.

https://social.linux.pizza/@Gust...

Forgot to add, couldn't find any open source alternatives. Hence why I spend time on this.

23.3.2024 20:49Forgot to add, couldn't find any open source alternatives. Hence why I spend time on this.
https://social.linux.pizza/@Gust...

It feels so simple, yet I spent several days on it and surprisingly learned a lot of time-related things (not just synchronization). I feel...

https://social.linux.pizza/@Gust...

It feels so simple, yet I spent several days on it and surprisingly learned a lot of time-related things (not just synchronization). I feel like adding more (perhaps caused by the proprietary alternatives out there), but I should also consider just leaving this very simple and not adding ridiculous (but cool) features.

time.gusted.xyz/

23.3.2024 20:46It feels so simple, yet I spent several days on it and surprisingly learned a lot of time-related things (not just synchronization). I feel...
https://social.linux.pizza/@Gust...

I've got to the point where I start writing more documentation than code when starting a new project. Which I find quite impressive as I...

https://social.linux.pizza/@Gust...

I've got to the point where I start writing more documentation than code when starting a new project. Which I find quite impressive as I already did so much writing the last few weeks 😞.

16.3.2024 13:01I've got to the point where I start writing more documentation than code when starting a new project. Which I find quite impressive as I...
https://social.linux.pizza/@Gust...

I did a key recovery byte-by-byte by hand, I wasted 20 minutes of my time, but it was worth the time to break something. It involved a lot...

https://social.linux.pizza/@Gust...

I did a key recovery byte-by-byte by hand, I wasted 20 minutes of my time, but it was worth the time to break something. It involved a lot of xor'ing. Guessing the next byte of the key based on a few ciphertexts that were encrypted with the key is harder than it looks. Simply checking that the decrypted values were ascii did not work, because there were too many false positives.

11.3.2024 21:28I did a key recovery byte-by-byte by hand, I wasted 20 minutes of my time, but it was worth the time to break something. It involved a lot...
https://social.linux.pizza/@Gust...

Just produced my own MD4 collision!m1:...

https://social.linux.pizza/@Gust...

Just produced my own MD4 collision!

m1: a267a1fa9b30f28776cb51dbf54e6986a25acabd15d1bfe780288fa28bba6098a8e8997f6cd83b16275e7c6c782f6c6f80cc97095dcb7feb18ad341e0c2e914d

m2: a267a1fa9b30f20776cb514bf54e6986a25acabd15d1bfe780288fa28bba6098a8e8997f6cd83b16275e7c6c782f6c6f80cc96095dcb7feb18ad341e0c2e914d

Yes there's a difference. (zero-indexed): 14, 22 and 101

Verify with emn178.github.io/online-tools/

29.1.2024 20:36Just produced my own MD4 collision!m1:...
https://social.linux.pizza/@Gust...

Interesting way to learn a new programming language by implementing a crypto cipher. The standard library was quite helpful to learn some...

https://social.linux.pizza/@Gust...

Interesting way to learn a new programming language by implementing a crypto cipher. The standard library was quite helpful to learn some best practices.

codeberg.org/Gusted/hare-ascon

31.12.2023 15:35Interesting way to learn a new programming language by implementing a crypto cipher. The standard library was quite helpful to learn some...
https://social.linux.pizza/@Gust...

Context: this was the first story by the invited guest on the Deviant episode of the Darknet Diaries podcast.

https://social.linux.pizza/@Gust...

Context: this was the first story by the invited guest on the Deviant episode of the Darknet Diaries podcast.

4.7.2023 17:37Context: this was the first story by the invited guest on the Deviant episode of the Darknet Diaries podcast.
https://social.linux.pizza/@Gust...
Subscribe
To add news/posts to your profile here, you must add a link to a RSS-Feed to your webfinger. One example how you can do this is to join Fediverse City.
         
Webfan Website Badge
Nutzungsbedingungen   Datenschutzerklärung  Impressum
Webfan | @Web pages | Fediverse Members

⬆️

⬇️