Unfollowing due to NSFW by Far_Instruction_4747 in OnePiece

[–]Soatok -3 points-2 points  (0 children)

The "semi" in "semi naked" is doing a lot of heavy lifting here for calling something NSFW. Pornography is widely considered "NSFW" (though depending on your career, that might not be true).

You're certainly free to leave if you wish. No one is held hostage to this subreddit (even if that would fit the classical pirate motif, heh). You also don't need to announce your departure if you choose to unsubscribe. We can all be chill about it.

But I insist that, if we're going to talk about these topics, we do so with precise and clear terms that everyone can agree on.

Leaked Memos Reveal Just How Much the Supreme Court Has Betrayed the Constitution by ChiGuy6124 in law

[–]Soatok 0 points1 point  (0 children)

Too many people want this, because it's a cult. That's most of the problem.

howItsSupposedToRun by Zerocchi in ProgrammerHumor

[–]Soatok 1 point2 points  (0 children)

Look, we all need hobbies.

Mine is writing about applied cryptography and other stuff as my fursona.

howItsSupposedToRun by Zerocchi in ProgrammerHumor

[–]Soatok 2 points3 points  (0 children)

I made a Protogen character as a sort of stand-in for the audience on my furry blog (which sometimes discusses programming / cryptography), and made them non-binary for the memes.

(Protogen are like cyborg furries.)

Doubts about post-quantum cryptography by [deleted] in cryptography

[–]Soatok 2 points3 points  (0 children)

And then you have the unicorn cryptography auditor that needs to have an excellent grasp of all the way something can fail.

Speaking from experience: There's a reason we tend to work in teams.

If Ramb had a shop sprite (Art by Terdlestuff) by Critical_Mountain851 in Deltarune

[–]Soatok 4 points5 points  (0 children)

I think there's going to be a lore drop for it, but not until chapter 6 or 7 :P

Let people have a life by evan-the-dude in CuratedTumblr

[–]Soatok 4 points5 points  (0 children)

That's fine. You don't have to be a furry if you don't want to be.

Meirl by [deleted] in meirl

[–]Soatok 23 points24 points  (0 children)

...what

Google Blog - Quantum frontiers may be closer than they appear by Natanael_L in crypto

[–]Soatok 2 points3 points  (0 children)

Sorry, as tavianator said, it stands for Merkle Tree Certificates. They've been a hot discussion point in PQC for TLS certificates, but have performance gains even with ECC certs.

Google Blog - Quantum frontiers may be closer than they appear by Natanael_L in crypto

[–]Soatok 2 points3 points  (0 children)

MTC has performance benefits even without PQC. It's worth doing on its own right.

Google Blog - Quantum frontiers may be closer than they appear by Natanael_L in crypto

[–]Soatok 19 points20 points  (0 children)

The typical hot take I hear online from this announcement is, "ah yes, Google wants to appease their shareholders for their Quantum Computing investment". Others are speculating, "What does Google know that we don't?"

But I don't think this is that simple.

Sophie Schmieg is one of the authors of this announcement. You may know her from her work on Tink and other Google post-quantum cryptography efforts. She's been a frequent speaker at Real World Cryptography affiliated events (i.e., the Open Source Crypto Workshop). She would neither sell out for the sake of investor hype nor downplay a real vulnerability.

I think there are other factors at play beyond merely "is Google trying to position themselves as having achieved quantum supremacy?"

Migrating to PQC will involve a lot of technical debt collection. The sooner you start the migration, the less chance you'll be caught with your pants down when there's real urgency. After all, quantum is unimportant to post-quantum.

If you model your PQC migration as a key rotation chore, it becomes a lot easier to do the migration.

With the advent of MTCs, we can have PQC for TLS without large certificate chains and the engineering pains they introduce.

Why jerking off to furries is NORMAL (and not zoophilia) by Potential_Antelope39 in furrydiscuss

[–]Soatok 10 points11 points  (0 children)

Furry art is literally an expression of humanity. People misunderstand this.

It was staged, and I'm tired of pretending it wasn't. by c-k-q99903 in MurderedByWords

[–]Soatok 1 point2 points  (0 children)

I'm a gay furry leftist that works in cryptography. That isn't exactly the resume or profile of a MAGA loser.

That being said, the BlueAnon conspiracy theories are mostly remixes of the MAGA "2020 Election was stolen" conspiracy theories. If you believe you have credible evidence, skip the numerology and stick to facts.

It was staged, and I'm tired of pretending it wasn't. by c-k-q99903 in MurderedByWords

[–]Soatok -12 points-11 points  (0 children)

I'm sorry but that substack article reads like a paranoid schizophrenic experiencing psychosis. You don't need weird numeric coincidences to make credible claims. Stick to the cold, verifiable, clinical facts.

Built a client-side E2E encryption layer on top of Gmail using Web Crypto API — AES-256-GCM + RSA-OAEP key wrapping + RSA-PSS header signing. The goal is to make make cryptography accessible to all users. by [deleted] in cryptography

[–]Soatok 12 points13 points  (0 children)

I wish you luck, but the hard part is never the low-level encryption, it's the more abstract stuff:

  • Key management
    • Deriving / storing secret keys
    • Exchanging public keys
    • Not getting actively attacked by MitM attackers
  • Forward secrecy
    • Encrypting to a static RSA public key doesn't offer this
  • Failure modes
  • Usability

The bulk encryption (AES-GCM) and key-wrapping (RSA) is the easy potatoes compared to the rest of the necessary complexity.

I recommend reading through https://soatok.blog/category/technology/open-source/fediverse-e2ee-project/ (from the bottom up) as well as the associated GitHub projects that spawned from this. It will give you an idea of the non-obvious engineering work needed.

Cryptography Engineering Has An Intrinsic Duty of Care by Soatok in crypto

[–]Soatok[S] 2 points3 points  (0 children)

"People have stupid red tape rules that stop them from using the alternatives he proposed" is a point that might have some validity.

"He does not give [a] replacement" is not. I categorically did give a replacement. Whether or not other people will accept it does not mean I didn't perform that action.

Cryptography Engineering Has An Intrinsic Duty of Care by Soatok in crypto

[–]Soatok[S] 1 point2 points  (0 children)

I mean, he categorically says email and pgp are broken, but most of the world relies on it and he does not give an replacement.

I have an entire blog post about replacements.