Natanael

joined 8 months ago
sorted by: new top controversial old
JD Vance says it's a “statistical fact” that the left commits more political violence. in c/politics@lemmy.world
[–] Natanael@infosec.pub 8 points 1 hour ago

Alternative facts

Can anyone confirm? in c/memes@sopuli.xyz
[–] Natanael@infosec.pub 6 points 1 hour ago

But it will never roll like an orange does

Proton Meet: Secure, end-to-end encrypted video conferencing in c/protonprivacy@lemmy.world
Proton Meet: Secure, end-to-end encrypted video conferencing in c/protonprivacy@lemmy.world
Kirk to Zelensky in c/ukraine@lemmy.world
[–] Natanael@infosec.pub 9 points 10 hours ago

He should've lived longer. By a few hours.

IF YOU TAKE ENOUGH YOU CAN SEE *THE PATTERN* BRO in c/science_memes@mander.xyz
[–] Natanael@infosec.pub 1 points 22 hours ago

Last Thursdayism is when they reload the save

IF YOU TAKE ENOUGH YOU CAN SEE *THE PATTERN* BRO in c/science_memes@mander.xyz
[–] Natanael@infosec.pub 2 points 22 hours ago

Same lmao

Pretty sure he's misunderstanding interference patterns

Seriously what's that idea? in c/asklemmy@lemmy.world
[–] Natanael@infosec.pub 14 points 1 day ago (1 children)

This is why moderators should use a separate account for moderation actions than their main

Seriously what's that idea? in c/asklemmy@lemmy.world
[–] Natanael@infosec.pub 1 points 1 day ago

That's not quite sufficient. Look at a bit more advanced cryptographic stuff like Snarkblock.

You still got the issue that blocks WILL have a publicly visible effect when you block somebody who already have replied to you.

Seriously what's that idea? in c/asklemmy@lemmy.world
[–] Natanael@infosec.pub 20 points 1 day ago

From a technical standpoint, doing it in another way requires your blocks to be public.

He and you are both publishing individual comments with metadata telling which thread and where in it that these entries go. The instance hosting the community simply pull all these entries together. To cut off that response then your instance must tell that hosting instance to detach that reply from the blocked user. Currently Lemmy doesn't support any such thing.

they were in c/90s_memes@quokk.au
[–] Natanael@infosec.pub 1 points 1 day ago (1 children)

These TVs coexisted with abbreviated texting in Sweden

they were in c/90s_memes@quokk.au
[–] Natanael@infosec.pub 1 points 1 day ago (3 children)

Well excuse me for being from the Nordics where it was adopted early

17
Open letter against the proposed EU legislation Chat Control, from over 500 researchers (csa-scientist-open-letter.org)
submitted 6 days ago* (last edited 6 days ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
 

See also;

https://bsky.app/profile/campuscodi.risky.biz/post/3lyfghyytj22x

11
Introducing Signal Secure Backups (signal.org)
4
Inverting the Xorshift128+ random number generator (littlemaninmyhead.wordpress.com)
6
Heracles attack - Chosen Plaintext Attack on AMD SEV-SNP (heracles-attack.github.io)
1
[PDF] SleepWalk: Exploiting Context Switching and Residual Power for Physical Side-Channel Attacks (arxiv.org)
2
Verifiable Verification in Cryptographic Protocols - ePrint (eprint.iacr.org)
submitted 1 month ago* (last edited 1 month ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
 

Abstract Common verification steps in cryptographic protocols, such as signature or message authentication code checks or the validation of elliptic curve points, are crucial for the overall security of the protocol. Yet implementation errors omitting these steps easily remain unnoticed, as often the protocol will function perfectly anyways. One of the most prominent examples is Apple's goto fail bug where the erroneous certificate verification skipped over several of the required steps, marking invalid certificates as correctly verified. This vulnerability went undetected for at least 17 months.

We propose here a mechanism which supports the detection of such errors on a cryptographic level. Instead of merely returning the binary acceptance decision, we let the verification return more fine-grained information in form of what we call a confirmation code. The reader may think of the confirmation code as disposable information produced as part of the relevant verification steps. In case of an implementation error like the goto fail bug, the confirmation code would then miss essential elements.

The question arises now how to verify the confirmation code itself. We show how to use confirmation codes to tie security to basic functionality at the overall protocol level, making erroneous implementations be detected through the protocol not functioning properly. More concretely, we discuss the usage of confirmation codes in secure connections, established via a key exchange protocol and secured through the derived keys. If some verification steps in a key exchange protocol execution are faulty, then so will be the confirmation codes, and because we can let the confirmation codes enter key derivation, the connection of the two parties will eventually fail. In consequence, an implementation error like goto fail would now be detectable through a simple connection test.

7
Zero Knowledge Proofs Alone Are Not a Digital ID Solution to Protecting User Privacy (www.eff.org)
3
A Fiat–Shamir Transformation From Duplex Sponges (eprint.iacr.org)
submitted 2 months ago* (last edited 2 months ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
 

https://bsky.app/profile/tumbolia.bsky.social/post/3ltyahiem3s2u

We updated our paper on Fiat-Shamir!

We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).

3
Opossum Attack - Application Layer Desynchronization using Opportunistic TLS (opossum-attack.com)
submitted 2 months ago* (last edited 2 months ago) by Natanael@infosec.pub to c/crypto@infosec.pub
0 comments fedilink
 

Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.

Note: The vast majority of websites are not vulnerable as HTTP TLS upgrade (RFC 2817) was never widely adopted and no browsers support it.

2
Cloudflare’s Orange Me2eets: An End-to-End Encrypted, Self-hosted, Video Calling Solution (news.itsfoss.com)
2
The Longfellow ZK (Google-zk) (news.dyne.org)
2
Reflections on a Year of Sunlight - by Let's Encrypt, regarding certificate transparency (letsencrypt.org)
 

Via; https://bsky.app/profile/filippo.abyssdomain.expert/post/3lrdvmvj6kj2p

view more: next ›