Why AES-GCM Sucks - Dhole Moments
If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implemen…| Dhole Moments
If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implemen…| Dhole Moments
Message franking enables cryptographically verifiable reporting of abusive content in end-to-end encrypted messaging. Grubbs, Lu, and Ristenpart recently formalized the needed underlying primitive, what they call compactly committing authenticated encryption (AE), and analyzed the security of a number of approaches. But all known secure schemes are still slow compared to the fastest standard AE schemes. For this reason Facebook Messenger uses AES-GCM for franking of attachments such as images...| IACR Cryptology ePrint Archive
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?| Dhole Moments
Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that&#…| Dhole Moments
luvluvzpurple nonbinary asexualfurries luvluvzpurple. bubble8bitpix no_rp smokefreefurs drugfreefurs SFWart bubble8bitpix. 8bitstarsp1c ...| sfw.furaffinity.net
XMPP is a messaging protocol (among other things) that needs no introduction to any technical audience. Its various implementations have proliferated through technical communities for decades. Many…| Dhole Moments
By now, many people have run across the Invisible Salamander paper about the interesting property of AES-GCM, that allows an attacker to construct a ciphertext that will decrypt with a valid tag un…| Key Material
Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group...| IETF Datatracker
An introduction to database cryptography.| Dhole Moments
