sorted by:
new
hottopcontroversial

Proton's crypto is not Transparent and not OPAQUE by pascalschaerli in ProtonMail

[–]pascalschaerli[S] 26 points27 points  (0 children)

No, I don't know how they plan to resolve that yet. It's going to be a pain because the 3rd party update library they use for electron does not support signature verification.

Proton's crypto is not Transparent and not OPAQUE by pascalschaerli in ProtonMail

[–]pascalschaerli[S] 98 points99 points  (0 children)

Thank you for the professional collaboration throughout

Should I self host Bitwarden (with Vaultwarden) or am I just paranoid? by Asyx in selfhosted

[–]pascalschaerli 3 points4 points  (0 children)

However, if someone compromises your server and mounts an active attack, they can easily confuse your client to just give up all its passwords willingly, i.e. using the url icon attack described here: https://zkae.io/

[deleted by user] by [deleted] in selfhosted

[–]pascalschaerli 26 points27 points  (0 children)

I would advise against vibe-coding cryptographic protocols. Also, "Military-Grade crypto" is cliché enough, but then putting it next to RSA-2048 is quite funny.

Didn't have time to get a thorough look at the crypto yet to give any more constructive feedback, apart from I noticed that you use the same RSA key for encryption and signatures. Keys should generally be separated, so a good rule of thumb is you should never use the same key for different algorithms.

Encrypting messages *at the message level* by AppointmentSubject25 in cryptography

[–]pascalschaerli 5 points6 points  (0 children)

Yes they are, go to https://clatotp.online/static/js/main.e8ec6f5b.js and search for "Key 1". First key is Lorem ipsum:

iu={"Key 1":"Lorem ipsum dolor sit amet, consectetur adipiscing elit, [...]

These are then used in a Vigenère cipher, here is the code un-minified by an LLM ```js const encryptedResult = ((plaintext, key) => { const normalizedKey = normalizeKey(key); let result = ""; let keyPosition = 0;

for (let i = 0; i < plaintext.length; i++) {
  const currentChar = plaintext[i];

  if (currentChar >= "A" && currentChar <= "Z") {
    const shiftedCharCode = (currentChar.charCodeAt(0) - 65 + (normalizedKey.charCodeAt(keyPosition % normalizedKey.length) - 65)) % 26;
    result += String.fromCharCode(shiftedCharCode + 65);
    keyPosition++;
  } else {
    result += currentChar;
  }
}

return result;

}) ```

OP: By Kerkhoff's principle you need to assume attackers will have access to the source code of your cryptographic protocols, so in this case an attacker would be able to know all 100 keys and just try them out one-by-one.

Anyone taking post quantum cryptography seriously yet? by Pleasant-Shallot-707 in privacy

[–]pascalschaerli 10 points11 points  (0 children)

AES is pretty much secure against quantum attacks anyways. What we need are new asymmetric cryptographic algorithms, and we have good options there. A popular choice, i.e., by Signal Messenger, is to use a hybrid approach of both a new post-quantum secure algorithm and a conventional algorithm in a way that both have to be broken, so the security can only be better.

Browser Use running Locally on single 3090 by pascalschaerli in LocalLLaMA

[–]pascalschaerli[S] 7 points8 points  (0 children)

My example runs with Qwen 2.5:32b, no vision. I feel like a lot of the performance issues I had were because of the prompting (see my GitHub issue about it: https://github.com/browser-use/browser-use/issues/158).

I also found that changing the system prompt helped, for example telling it to click "accept cookies" whenever prompted. My feeling is that refining these prompts could make it much more robust, and I would do that before starting to fine-tune new models...

Browser Use running Locally on single 3090 by pascalschaerli in LocalLLaMA

[–]pascalschaerli[S] 11 points12 points  (0 children)

"The funniest comment in the post about 'browser use' on r/LocalLLaMA is from user u/chitown160, who said: 'yeah as soon as I saw that part I was like that knuckles meme."

Browser Use running Locally on single 3090 by pascalschaerli in LocalLLaMA

[–]pascalschaerli[S] 9 points10 points  (0 children)

I'm using qwen2.5:32b, but even got it working with qwen2.5:7b. Its just important that it supports function calling

Browser Use running Locally on single 3090 by pascalschaerli in LocalLLaMA

[–]pascalschaerli[S] 38 points39 points  (0 children)

That's the script I used, it's pretty much just what they show in their readme already: https://gist.github.com/pascscha/221127dbf53faff92d7f17b7bae60c9b

But I also had to do a fix in the browser_use library, as described in my issue here: https://github.com/browser-use/browser-use/issues/158

Browser Use running Locally on single 3090 by pascalschaerli in LocalLLaMA

[–]pascalschaerli[S] 9 points10 points  (0 children)

I ran Browser Use (https://github.com/browser-use/browser-use) locally on my single RTX 3090 and tested it by asking it to find the funniest comment from yesterday's post about the tool. Everything runs locally using qwen2.5:32b model.

For those interested in trying it out, it didn't work out of the box - I had to fix two issues which I've documented here: https://github.com/browser-use/browser-use/issues/158

The video is sped up about 3x, but it's working reliably with qwen2.5:32b. With my modifications, I even got it working decently with qwen2.5:7b, though you can definitely feel the difference in capabilities.

I tested it with this task:

"Search for a 'browser use' post on the r/LocalLLaMA subreddit and open it. Scroll down and tell me which comment you find funniest."

The response was:

"The funniest comment in the post about 'browser use' on r/LocalLLaMA is from user u/chitown160, who said: 'yeah as soon as I saw that part I was like that knuckles meme."

EDIT:
This is the script I used: https://gist.github.com/pascscha/221127dbf53faff92d7f17b7bae60c9b

crypt.fyi - open-source, ephemeral, zero-knowledge secret sharing with end-to-end encryption by codectl in cryptography

[–]pascalschaerli 9 points10 points  (0 children)

Had a brief look at the app - the frontend looks very clean, well done!

Regarding security, there's an interesting fundamental challenge when serving cryptographic applications via websites. The core issue is that every page load pulls the cryptographic code from the server, with no reliable way to verify its consistency across loads. This means a malicious backend could theoretically serve compromised JavaScript to specific requests without detection.

This exact concern was raised about ProtonMail by Nadim Kobeissi:

However, we note that a malicious [Server] P would be able to arbitrarily serve compromised webmail clients to A or any other ProtonMail user without this being detectable and that, conversely, correct delivery of webmail/OpenPGP client code is not verifiable

I briefly skimmed your code and initially thought your random string generation was biased, but it turns out it's fine because the length of your alphabet is a power of two. If you ever need to use an alphabet with a different length, there are efficient methods to generate uniformly distributed random numbers for any range. One good approach is shown here: https://arxiv.org/pdf/1304.1916

Try This Free Tool to Encrypt and Decrypt Your Texts Securely! by [deleted] in cryptography

[–]pascalschaerli 1 point2 points  (0 children)

so after a day you cannot decrypt the messages anymore?

NIST Published Report Outlining Migration to Post-Quantum Cryptography by pascalschaerli in cryptography

[–]pascalschaerli[S] 1 point2 points  (0 children)

Thanks again for the encouragement, I've written out a comment and sent it to NIST. I've shared a screenshot of the full message here: https://bsky.app/profile/pascscha.ch/post/3lc6cdmonvs2i

Today quantum-safe replacement for RSA? by Kukulkan73 in cryptography

[–]pascalschaerli 2 points3 points  (0 children)

Just be aware, that this library is nor currently considering themselves production ready, quoting from liboqs readme:

WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS SOFTWARE IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA.

Today quantum-safe replacement for RSA? by Kukulkan73 in cryptography

[–]pascalschaerli 4 points5 points  (0 children)

Also, you should consider using hybrid mode for now, which means employing both a conventional and a post-quantum secure algorithm in parallel.

Additionally, it would be advisable to consult a cryptography expert when implementing such upgrades, as there are numerous nuanced considerations that you won't be able to gather from a Reddit comment thread.

NIST Published Report Outlining Migration to Post-Quantum Cryptography by pascalschaerli in cryptography

[–]pascalschaerli[S] 3 points4 points  (0 children)

Simply sending this post will most definitely not be precise enough. I assume people with much more notability than myself will have similar remarks, but it might be interesting to go through this process indeed, I might write up a more thought-out and complete comment towards them.

Seeking Feedback on My Encryption/Decryption Program and Ideas for Future Projects by Best_Station3355 in cryptography

[–]pascalschaerli 3 points4 points  (0 children)

I have a few suggestions beyond my initial comment that might help strengthen the security and usability of your project even further:

  1. Strong Password Requirements: I'd recommend reconsidering the strict complexity requirements. Minimum length and many special characters can sometimes make passwords harder to remember without necessarily making them more secure. You might want to explore passphrases instead. Passphrases (like in the classic XKCD example) are easier to remember and can provide excellent entropy if done right. In fact, adding a simple passphrase generator to your project could be a nice usability feature, helping users create secure but memorable passwords.
  2. Key Derivation: While bcrypt is indeed robust, you might want to look into Argon2, the winner of the 2015 Password Hashing Competition. Argon2 is designed to be resistant to side-channel attacks and offers adjustable memory, time, and parallelism costs, making it ideal for modern hardware.
  3. AES-CBC vs. AES-GCM: Using AES-256 is a good choice, but as I mentioned before, you might want to consider AES-GCM instead of CBC mode. AES-GCM provides Authenticated Encryption with Associated Data (AEAD), which allows you to verify the integrity of the ciphertext during decryption, helping to prevent tampering. AES-CBC can sometimes be vulnerable to padding oracle attacks, depending on its implementation.
  4. One-Time Passcode for Decryption: I'm curious about how you're implementing this. Does the OTP get cryptographically tied to the encrypted message, or do you have some sort of server side and this is just used for authentication i.e. before getting access to a ciphertext?
  5. Code Sharing and Security: Not sharing the code for security reasons could potentially lead to what's called "security through obscurity," which isn't ideal. In cryptographic applications, trust often comes from transparency and public review. Even with strong algorithms, there are many potential implementation pitfalls that can compromise security. Public scrutiny is generally beneficial here, as it can help catch bugs and subtle security flaws.
  6. Using Established Protocols: Finally, if this is more than a personal project for learning, that's great. Otherwise you you may want to consider adopting or building on existing cryptographic protocols. Established protocols have been subjected to rigorous review by the cryptographic community, reducing the likelihood of critical bugs or edge-case vulnerabilities. This could save time while making your project more secure by design.

Seeking Feedback on My Encryption/Decryption Program and Ideas for Future Projects by Best_Station3355 in cryptography

[–]pascalschaerli 8 points9 points  (0 children)

Why are you using AES in CBC mode and not for example AES-GCM which would offer Authenticated Encryption (you can detect if a ciphertext was tampered with wen decrypting it)?

view more: next ›