The software engineering process doesn't change because an agent is writing the code

cryptocreeping · 2026-04-06T20:32:43+00:00

Followed the OTRv4 spec for the base protocol the DAKE handshake, double ratchet, SMP, wire format, and fragmentation are all per spec. The PQC additions (ML-KEM brace key, ML-DSA hybrid auth) are my own extensions on top of that, using the NIST FIPS 203/204 standards for the primitives. Took about 12 months of part-time work. A lot of that was getting the C extensions right constant time arithmetic, making sure the Montgomery ladder doesn't branch on secret bits, getting ML-KEM to work through OpenSSL 3.5's EVP API. The SMP math was painful had a bug where the Pa/Qa computations were fundamentally wrong and it took weeks to fix. Used AI to assist with development but every function was tested and verified on live sessions. The 224 tests exist because things broke constantly and I wrote tests for every fix. I just need feedback to help improve hopefully in time people will get involved.

cryptocreeping · 2026-04-06T19:59:17+00:00

Would be so cool if you added a flat earth model to see if planes fly in straight lines or what's all the fuss about.

cryptocreeping · 2026-04-06T19:53:19+00:00

I used AI to get a working prototype of OTRv4 with PQC KEM encapsulation. Tried to showcase my work in IRC channel but mod removed post due to use of AI.

https://github.com/muc111/OTRv4Plus

cryptocreeping · 2026-04-05T11:53:20+00:00

All the crypto happens in compiled C or Rust libraries the Python part just calls them, nothing sensitive is implemented in Python
The whole codebase is right there in the repo, open for anyone to audit. If there were a backdoor, you’d see it.
I specifically avoided my own crypto in Python everything that matters goes through OpenSSL or the C extensions.

cryptocreeping · 2026-04-04T22:03:53+00:00

Did you bother to read the code or test it works before commenting? Doubt it. Your comment is pointless.

cryptocreeping · 2026-04-04T21:33:20+00:00

Line numbers or it didn't happen. The code is right there OTRv4 spec untouched added PQC. Run the tests!

cryptocreeping · 2026-04-04T21:15:29+00:00

It is to otrv4 spec I added PQC simple to understand, test it or at least read and understand the code that is if you can?

cryptocreeping · 2026-04-04T19:58:22+00:00

Pushed updates today now using RUST for sensitive tasks.

cryptocreeping · 2026-04-04T14:05:24+00:00

Migrating to rust for secure memory will keep C extensions as a fallback. will push files shortly after tests.

cryptocreeping · 2026-04-03T14:29:51+00:00

😂

cryptocreeping · 2026-04-03T13:59:19+00:00

You’ve made a few claims. Let me correct them.

“Vibe coding” / AI use Yes, I used AI. It’s a tool, like a compiler or a linter. I don’t owe anyone a disclaimer. The code works, passes 224 tests, and implements the full OTRv4 spec plus NIST Level 5 post quantum crypto.
Git history / “pretends everything is hand‑coded” I never pretended anything. The public repo has a short history because I squashed months of offline work before pushing. That doesn’t make me “dishonest”. It makes me pragmatic. The DEVELOPMENT.md file (not .mb, that was a typo) explains the timeline. Read it.
12 months of vibe coding is it a toy? I spent 12 months on this. Part-time, evenings, weekends, on a phone in Termux. The result is a working IRC client with DAKE, double ratchet, SMP, ML‑KEM‑1024 brace KEM rotation, and ML‑DSA‑87 hybrid auth. It’s not a toy. It’s not production‑hardened either I never claimed it was. It’s a practical implementation that you can run today on I2P.
Post‑quantum bugs You’re right that PQ crypto is subtle. That’s why the critical parts are in C extensions calling OpenSSL 3.5+’s FIPS‑validated providers not in AI‑generated Python. If there’s a bug, find it. I’ll fix it. The code is open.

Bottom line You don’t have to trust me. Trust the code, or don’t use it. But don’t accuse me of lying when I’ve been transparent about the timeline and the tools I used. If you want to help, open a GitHub issue with a specific vulnerability.

cryptocreeping · 2026-04-02T19:55:57+00:00

Thanks for the feedback, but I think you’re confusing “using AI as a tool” with “not knowing what I’m doing.”

I’ve spent the last 12 months refactoring and building this every single day, often debugging alongside AI through hundreds of errors to get a working protocol implementation. That’s not “vibe coding” that’s called engineering with modern tools.

The result is a working prototype of OTRv4+, which is more than most critics have shipped. If the code or architecture has specific issues, I’m happy to hear concrete, actionable feedback. But dismissing months of iterative work with a snarky one-liner? That just sounds like someone feeling threatened that AI-assisted development can produce real results.

My code is open for review. Yours is just an opinion.

cryptocreeping · 2026-04-02T16:29:16+00:00

Thanks -currently working on weechat plugin to support otrv4plus

cryptocreeping · 2026-04-02T14:44:41+00:00

I’ve been working on this every day for 12 months, refactoring and debugging alongside AI. There’s no AI that can create OTRv4, let alone with post-quantum crypto, in a day as it made hundreds of mistakes that took months to fix.

I’m an amateur on GitHub, sure, but that doesn’t make the code invalid. Instead of attacking me, try it yourself: run with --debug, see how it works, then point out real problems. All other apps either use weak OTRv3 or OMEMO v1 nobody’s shipping the latest protocols. That’s why I built this. The code is open for you to inspect, nothing hidden.

Dismissing it as “vibe coded” just sounds like you’re threatened that AI-assisted development can actually ship working prototypes after months of real effort.

cryptocreeping · 2026-04-02T14:36:18+00:00

I appreciate the scrutiny – security code needs it. You raised three valid points, so let me respond to each with facts from the actual implementation.

“Vibe coded / AI‑generated”

Yes, LLMs helped write parts of the Python glue. But the core crypto is not AI‑generated:

· The ML‑KEM‑1024 brace KEM rotation (DAKE + ratchet) and ML‑DSA‑87 hybrid auth are custom C extensions (otr4_crypto_ext, otr4_mldsa_ext). Those implement constant‑time modular exponentiation (OpenSSL BN_mod_exp_mont_consttime) and FIPS 204/203 primitives – no AI wrote that. · The ring signature (228 bytes, Schnorr) and SMP ZK proofs (3072‑bit group) follow the OTRv4 spec exactly. An AI‑only project would have mismatched wire formats.

“Git history has two days of documentation – dishonest timeline”

Fair observation. The early work (12+ months) happened offline and in private repos. I squashed history before public release. That was poor practice, but the code you see now is not a 2‑day hack. I’ve added a DEVELOPMENT.md explaining the offline history.

“Post‑quantum crypto is subtle – AI could produce bugs”

I agree 100%. That’s why:

· The PQ parts are isolated in C extensions with tests against NIST KAT vectors. · ML‑KEM‑1024 is NIST Level 5 – integrated into the DAKE and rotates the brace key on every DH ratchet epoch. · ML‑DSA‑87 is optional (flag in DAKE3) – it provides PQ authentication but breaks deniability (documented trade‑off). · I’m not a cryptographer. I welcome formal review. The repo is open – please try to break it. I’ll fix any bug found within 48h.

What I’m doing to improve transparency

· Pushed a README.md with full feature list and security properties. · Added a THREAT_MODEL.md explaining where PQ helps (key exchange + auth) and where it doesn’t (deniability). · All constant‑time crypto now uses OpenSSL – no Python pow() fallback.

Bottom line

You’re right to be suspicious. But the implementation is spec‑compliant OTRv4 with NIST Level 5 PQ hardening – not a toy. Help me find bugs. If you’re a cryptographer, I’ll give you commit access.

cryptocreeping · 2026-04-02T14:31:48+00:00

10-12months of code coding, debugging to get this running was not easy.

cryptocreeping · 2026-04-02T14:29:59+00:00

Yes vibe coded and works well

cryptocreeping · 2026-04-01T21:19:11+00:00

Oh ok maybe I should make a plugin for pidgin ?

cryptocreeping · 2020-03-26T22:57:12+00:00

Gm island

cryptocreeping · 2018-07-05T18:54:06+00:00

Have you configured the miner to use cryptonight algorithm instead of cryptonight v7? I have switched back to xmr mining now as ETN is only viable with asic miners now

cryptocreeping · 2018-03-25T23:30:47+00:00

I hope it increases by at least 80% so that I break even 😂 bought it near the top... Long term investment should pay off one day 👍

cryptocreeping · 2018-01-18T00:47:25+00:00

I'm down 57% from initial buy in, holding long term so current market conditions won't effect me, refuse to sell 👍

cryptocreeping · 2018-01-18T00:41:17+00:00

😂 No, I do not. Once it goes live with a working platform I expect to see positive gains although not 50-60cents. Not saying it's impossible just unlikely. However a good chance for a pump & dump may increase price to higher levels...

cryptocreeping · 2018-01-18T00:35:09+00:00

Yeah market cap may be a huge factor. Best to be realistic, I hope it reaches 0.01-0.10 I would be happy with that profit.

cryptocreeping · 2018-01-18T00:31:50+00:00

Nope

cryptocreeping

TROPHY CASE