Natanael

joined 1 month ago
sorted by: new top controversial old
1
PDF: Constant-Time Code: The Pessimist Case (eprint.iacr.org)
Just a quick thanks to all the Instance admins out there as we await yet another Reddit wave 💪 in c/fedimemes@feddit.uk
Just a quick thanks to all the Instance admins out there as we await yet another Reddit wave 💪 in c/fedimemes@feddit.uk
[–] Natanael@infosec.pub 1 points 20 hours ago (3 children)

There are endless positive but fundamentally dysfunctional ideologies. Anything which doesn't address how large populations behave is dysfunctional.

1
Zen and the Art of Microcode Hacking - Why to not use CMAC as a hash (bughunters.google.com)
28
AI Thinks It Cracked Kryptos. The Artist Behind It Says No Chance (www.wired.com)
FCC chair says we’re too dependent on GPS and wants to explore ‘alternatives’ (read: multi billion contract with Musk) in c/technology@lemmy.world
[–] Natanael@infosec.pub 1 points 1 day ago

It's also what Google Maps live view is using. Street view imagery plus rough location plus on-phone camera sensor calibration data allows it to compute highly accurate positions relative to surroundings.

Owing your home today is nearly impossible, but even if you did the ever increasing property taxes will bury you in c/lemmyshitpost@lemmy.world
[–] Natanael@infosec.pub 5 points 1 day ago (1 children)

Taxing liquid capital is fairly straightforward, especially if it's tied to income (like company founders owning shares).

Taxing non-liquid assets is complicated because it's hard to make it fair in cases of family home inheritance and similar situations.

But taxing use of assets as collateral for loans (to create liquidity from a non-liquid asset) should be reasonably fair, it can be treated as an advance on capital gains taxes on the collateralized asset.

11
Apple launches legal challenge to UK ‘back door’ order (www.ft.com)
submitted 2 days ago* (last edited 2 days ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
8
UK quietly scrubs encryption advice from government websites | TechCrunch (techcrunch.com)
1
PEGASIS: Practical Effective Class Group Action using 4-Dimensional Isogenies (eprint.iacr.org)
Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 1 points 6 days ago

Passkeys can be synchronized, but aren't intended to be exported raw as they're meant to be used with a TPM / secure element chip or equivalent secure hardware to protect the key in use. Bitwarden can synchronize them.

Also, they intentionally create distinct keys per site, so you can't link multiple accounts using the same passkey / hardware security key.

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 1 points 1 week ago (2 children)

That's literally no different from a regular password manager or having a 2FA TOTP code app set up for it

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 3 points 1 week ago

It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 1 points 1 week ago (4 children)

Passkeys use unique keys per site for that reason

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 3 points 1 week ago (2 children)

TOTP codes can be phished, hardware security keys and passkey can't

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 2 points 1 week ago

Google Chrome on PC can let you verify from the phone to unlock passkeys

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 2 points 1 week ago

TOTP can be phished remotely, passkeys / hardware security keys can't (need to get malware into the users' computer instead)

Take your passkey and shove it where the sun don't shine in c/memes@lemmy.world
[–] Natanael@infosec.pub 6 points 1 week ago

The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.

1
Bluesky atproto sync v1.1 - efficient verification of repository Merkle tree deltas (github.com)
1
Commitments and zero-knowledge attestations over TLS 1.3: DiStefano protocol (brave.com)
3
Using passkeys PRF extension for file encryption (github.com)
 

Source: https://bsky.app/profile/filippo.abyssdomain.expert/post/3litoupmytkos

56
Apple turns off data protection in the UK rather than comply with backdoor mandate (appleinsider.com)
 

UK wanted global access to decrypt any and all Apple users' iCloud data on request. Apple pulled iCloud encryption from the ADP program instead within UK.

Seems like their idea is to ensure encrypted data outside of UK stays out of UK jurisdiction because the affected feature isn't available there anymore. But this will prevent UK residents from using iCloud end to end encryption in ADP and keeping for example backups of photos and iMessage logs protected, so for example journalists are a lot more exposed to secret warrants and potential insider threats.

2
Probe Security Without Identification - Anonymous credentials (ooni.org)
9
How to prove false statements? - 3 part series on fragility of Zero-knowledge proofs (blog.cryptographyengineering.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
 

Part 1 is in the post link.

Part 2: https://blog.cryptographyengineering.com/2025/02/06/how-to-prove-false-statements-part-2/

Part 3: https://blog.cryptographyengineering.com/2025/02/19/how-to-prove-false-statements-part-3/

view more: next ›