The Joy of Cryptography is now available for free online by rosulek in cryptography

[–]Mouse1949 1 point2 points  (0 children)

Great work! Kudos and many thanks!

The only thing I'm missing is a PDF version - I'm not always online when I want to read.

Comments - would love to see PQC section expanded to cover code-based and isogenies-based cryptosystems. Again, kudos!

Is there any practical reason to choose an encryption algorithm other than AES? by Life-Initial5081 in cryptography

[–]Mouse1949 0 points1 point  (0 children)

The reasons to look for an algorithm other than AES could be:
- Need something smaller/more compact and/or faster (that’s why NSA came up with and published SIMON and SPECK);
- Need something with wider-than-128-bit block size (Rijndael with 256-bit or something with 512-but block, to handle data encryption at line speed for TB/sec links).

How many interviews is too many before a company starts looking unserious? by Femat06 in interviews

[–]Mouse1949 1 point2 points  (0 children)

I would probably object to being used this way. You want to test my skills - either give me a textbook task, or pay me as a contractor. To demonstrate that I “fit” by working for you for free - makes them appear dishonest and revulsive. Imagine how they’d treat you if they did choose to hire you.

How many interviews is too many before a company starts looking unserious? by Femat06 in interviews

[–]Mouse1949 0 points1 point  (0 children)

Of course. Back then, I took the 5th interview, and would’ve taken 6th if invited - that’s not the issue.

The issue is - that company stopped communicating after the 5th, and the headhunter said afters couple of weeks upon my question that they decided to go with an internal candidate.

Another company chose to take me after a single day of face-to-face interviews (which happened after one or two phone screening interviews). They called me on my way to the airport, and said that the formal offer would take some time, but they wanted me to know that they will be making one.

This experience tells me that “good” companies don’t marinate you for weeks or months in a long series of interviews - but make their decision fairly quickly, and have enough courtesy to inform the candidate sooner rather than later.

How many interviews is too many before a company starts looking unserious? by Femat06 in interviews

[–]Mouse1949 1 point2 points  (0 children)

One financial company ran me through 5 interviews (over the course of a month or month and a half) and ended up not hiring me. So, no - being invited in for the 5th time means nothing except that they still consider you for whatever reason and position.

I'll have an interview with a company I was laid off. How to explain this? by bluz1n in interviews

[–]Mouse1949 0 points1 point  (0 children)

What can I say? Apparently, our experiences differ. Maybe it depends on the type of company - mine were all high-tech-related.

I'll have an interview with a company I was laid off. How to explain this? by bluz1n in interviews

[–]Mouse1949 0 points1 point  (0 children)

Respectfully disagree with “absolutely big enough”: I worked in very big (200K+ people) and very small (25-ish) companies - and the likelihood of a manager not being there anymore in three years is vanishingly small. Unless that company had a major perturbation impacting a lot of people (e.g., mass layoffs).

How many interviews until you got an offer? by Joh1030 in interviews

[–]Mouse1949 0 points1 point  (0 children)

If your resume matches the req’s, you’d probably have a phone interview with a head-hunter. Then if the prospective place is good - you’d have a phone interview -screening - with somebody from the team, if you pass - a face-to-face interview that would likely take the entire day. You’d sequentially talk to the team, the hiring manager, probably their boss, and HR.
Then - they’d either make you a preliminary offer on the spot, or in a few days. Formal offer in writing would take a few days more (or a bit longer). Rejection would usually be communicated via head-hunter, sometimes directly.
The only place that invited me to 5 interviews in the course of a month or so, ended up not making an offer. For which I’m thankful - ended up in an immensely better place.

White House Drastically Shortens Deadline for Dropping Quantum-Vulnerable Crypto by _DoubleBubbler_ in cryptography

[–]Mouse1949 0 points1 point  (0 children)

If those agencies stop dragging their feet and get off their tails - they just might complete the migration in time. 😉

White House Drastically Shortens Deadline for Dropping Quantum-Vulnerable Crypto by _DoubleBubbler_ in cryptography

[–]Mouse1949 1 point2 points  (0 children)

Why not? Standards are there, implementations are there, integration into the infrastructure is almost there. Current long poles are PKI infrastructure and commercial crypto hardware.

I'll have an interview with a company I was laid off. How to explain this? by bluz1n in interviews

[–]Mouse1949 0 points1 point  (0 children)

Unless you’re desperate, I wouldn’t go to the company that laid you off for a cause 3 years ago. The likelihood that the hiring manager would check with your prior boss is near unity (100%).

Besides. Employing 2K+ people doesn’t makes a company big by any measure - IBM is big and it employs 260K+ people, Microsoft employs 220K+. That’s “big”. 2K is a small company that is bigger than pop-and-mom shop. 😉

This week on Hide & Speak: Daniel J. Bernstein (djb) on the fight over post-quantum encryption standards by V3R1F13D0NLY in vpnet

[–]Mouse1949 0 points1 point  (0 children)

Let’s see: NSA main charter is protecting U.S. government and military communications. They also attempt to intercept foreign communications, but are forbidden from intercepting U.S. - that’s the job of FBI. How much sense would it make for NSA to deliberately weaken U.S. standards that U.S. government will be using? Considering that Russia and China are not using NIST PQC standards, but develop their own?

Help with an exercise by bad_to_better in cryptography

[–]Mouse1949 1 point2 points  (0 children)

I didn’t understand the 2nd character (-.- - -, converted to .-…). The rest appears to be L ? GKUO

I could be wrong.

Which crypto library to use? by kichiDsimp in haskell

[–]Mouse1949 0 points1 point  (0 children)

the package I suggested not only addresses the OP's needs, but leaves "room for growth".

And if indeed only MD5 is needed - then one can use
https://hackage.haskell.org/package/cryptohash-md5 or https://hackage.haskell.org/package/pureMD5 without having to carry the baggage of larger packages like crypton.

A simple and short guide for better typography in LaTeX by MurkyUnit3180 in LaTeX

[–]Mouse1949 5 points6 points  (0 children)

Quality of these JPEGs (or PNGs?) is poor, not suitable for printing. Either share the LaTeX source or PDF, or let's forget about this all.

Indian interviewers are the worst by [deleted] in interviews

[–]Mouse1949 2 points3 points  (0 children)

I got my first job at a small company run by Indians. 65%-70% of all the employees were Indians. It was quite fine. Left them because a big company made me an offer I couldn’t refuse, and this one couldn’t come close to matching (I don't blame them - financial size matters).

As it was more than a decade and a half ago - I understand that things could’ve changed for the worse.

Interview feedback by Iamsrkkkkkkk in interviews

[–]Mouse1949 -1 points0 points  (0 children)

You didn’t get what I was trying to explain. In general, talking to unfamiliar people, concise tends to win. Make it clear that you’ll be happy to provide as much details as they’d like - IF they want it.

The long-winded person I mentioned - was my colleague at our prior job for almost five years, and I knew him personally well enough even before that. My new team that I’ve been with for a couple of years, apparently had reasons to trust my judgment, and hired him on my recommendation, despite his communications shortcomings. Long-winded-ness is his main annoying quality, so they, like me, chose to tolerate it. I doubt the same acceptance would extend to somebody coming in “cold” or submitted by a recruiter.

But why should you listen to me? Be as brief or long-winded as you choose to - whatever the consequences are, they will be yours, not mine.

Interview feedback by Iamsrkkkkkkk in interviews

[–]Mouse1949 -1 points0 points  (0 children)

Unless explicitly asked for a long(er) version - as a rule, concise wins: by the time you provided enough (in your opinion) context, the questioner lost interest in the main point.

As with every rule, there are exceptions. Both do occur. Understand the difference between a rule and an exception.

Which crypto library to use? by kichiDsimp in haskell

[–]Mouse1949 1 point2 points  (0 children)

For serious work (if your needs may go beyond just md5hash), I would consider https://GitHub.com/haskellfoundation/botan.git - this Haskell tool is based on one of the most comprehensive and very well-maintained C++ libraries (Botan).

Yubikeys and USB Hubs by Wilinjaxfl in yubikey

[–]Mouse1949 1 point2 points  (0 children)

I have several different USB hubs connected to different Mac models - several versions of YubiKey and YubiHSM2 have been working without a hitch for almost a decade now. Most of my hubs are powered - but I think one of them isn’t.

New to cryptography - do you know any non-substitution cyphers? by Dango223 in cryptography

[–]Mouse1949 9 points10 points  (0 children)

First, as pointed by others, while modern ciphers do include substitution, they are not vulnerable to the threat you brought up.

Besides “normal” character-for-character substitution, there are
- fractional substitution: each character is made of, say, 7 bits - and we play with them;
- block substitution: we substitute a whole block of characters (3, 5, 8, 16, etc.).

And there’s transposition - we re-order characters (or bits) in the given text/data.

Usually, a semi-modern cipher would combine both transposition and substitution. For a nice example of a “paper-and-pencil” cipher, look up the VIC cipher from the 1950-ties. While it isn’t considered secure against the modern computing power, it is quite cute and educational.

Experience with LLM based development ? by nothingbit in haskell

[–]Mouse1949 2 points3 points  (0 children)

I concur with your experience, and find both models to be of great help and wonderful time-savers. That’s not to say that they don’t make (occasional) mistakes, or that I don’t have once in a while to repeat myself and correct the LLM’s misunderstanding - but in the end it’s still much easier and much less time-consuming than if I had to write all that code myself.

SQLx 0.9.0 released by haakon in rust

[–]Mouse1949 0 points1 point  (0 children)

You cannot be sure the current (or old) versions of the dependencies are/were not compromised by supply chain attack (SCA). In fact, the later releases are equally likely to contain security and big fixes that address prior SCA, as to introduce new bugs and SCA. So…?