May 2024 - Dhole Moments
2 posts published by Soatok during May 2024| Dhole Moments
One of the first rules you learn about technical writing is, “Know your audience.” But often, this sort of advice is given without sufficient weight or practical examples. Instead, you&…| Dhole Moments
In a recent blog post, I laid out the argument that, if you have securely implemented end-to-end encryption in your software, then the jurisdiction where your ciphertext is stored is almost irrelev…| Dhole Moments
“Won’t someone think of the poor children?” they say, clutching their pearls as they enact another stupid law that will harm the privacy of every adult on Earth and create Prior R…| Dhole Moments
This is a furry blog, where I write about whatever interests me and sign it with my fursona’s name. I sometimes talk about furry fandom topics, but I sometimes also talk about applied cryptog…| Dhole Moments
Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a dedicated, singular-focused blog post about this topi…| Dhole Moments
I have never seen security and privacy checklists used for any other purpose but deception. After pondering this observation, I’m left seriously doubting if comparison checklists have any val…| Dhole Moments
Next month, AMC+ is premiering a new series about furries that tracked down sexual abusers hiding within the furry fandom. It’s called, The Furry Detectives: Unmasking A Monster. You can watc…| Dhole Moments
I normally don’t like writing “Current Events” pieces (and greatly prefer focusing on what SEO grifters like to call “evergreen content”), but I feel this warrants it.…| Dhole Moments
The fatal flaw of Birdwatch’s current design and how it can be fixed.| Dhole Moments
Update (2020-04-29): Twitter has fixed their oversight. { “errors”: [{ “code”: 356, “message”: “preferences.gender_preferences.gender_override: Must provid…| Dhole Moments
It’s becoming increasingly apparent that one of the reasons why tech companies are so enthusiastic about shoving AI into every product and service is that they fundamentally do not understand…| Dhole Moments
The history of this blog might very well be a cautionary tail (sic) about scope creep. AJ The Original Vision For Dhole Moments Originally, I just wanted a place to write about things too long for …| Dhole Moments
HKDF has poorly-understood subtleties. Let’s explore them in detail.| Dhole Moments
The types of people that proudly call themselves “influencers,” and describe what they create merely as “content,” are so profoundly allergic to authenticity that it bewilde…| Dhole Moments
(With severe apologies to Miles Davis.) Post-Quantum Cryptography is coming. But in their haste to make headway on algorithm adoption, standards organizations (NIST, IETF) are making a dumb mistake…| Dhole Moments
Internet discussions about end-to-end encryption are plagued by misunderstandings, misinformation, and some people totally missing the point. Of course, people being wrong on the Internet isn’…| Dhole Moments
Content Warning: This blog post talks about adult themes and sexuality. If you’re under 18, sit this one out. If you’ve been around the furry fandom for a while, you will notice that di…| Dhole Moments
Towards the end of last year, we learned that a group (allegedly affiliated with the Chinese government, referred to as “Salt Typhoon”) breached T-Mobile and other telecommunications co…| Dhole Moments
There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against eac…| Dhole Moments
Last year, I urged furries to stop using Telegram because it doesn’t actually provide them with any of the privacy guarantees they think it gives them. Instead of improving Telegram’s c…| Dhole Moments
The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.| Dhole Moments
Overconfident developers that choose to write their own cryptography code have plagued the information security industry since before it was even an industry. This in and of itself isn’t inhe…| Dhole Moments
It’s really not my place to ever command respect from anyone; and that’s not just because I’m a furry–which has always been towards the bottom of the geek hierarchy. I am we…| Dhole Moments
Last week, I wrote a blog post succinctly titled, Don’t Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote ab…| Dhole Moments
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork c…| Dhole Moments
An Internet Marketer Offered Me $100 to Betray Myself and My Community| Dhole Moments
I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set th…| Dhole Moments
I wrote what I thought would be the final blog post of 2024 last week, and was looking forward to starting 2025 strong with a blog I’d been drafting since July 2023. But then, a little after …| Dhole Moments
I’ve spent the better part of 2023 and 2024 trying to imagine the specific changes we technology nerds could make to improve things somewhat. Meme remix of Matt Bors’s comic and Stan Ke…| Dhole Moments
When it comes to AES-GCM, I am not a fan. Most of my gripes fall into one of two categories: Gripes with AES itself Gripes with AES-GCM as a construction However, one of my gripes technically belon…| Dhole Moments
How and why XSalsa20/XChaCha were designed, and why they’re secure.| Dhole Moments
As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you&#…| Dhole Moments
Another wave of Twitter users are jettisoning the social media website in favor of alternatives. Some are landing in the Fediverse (Mastodon and other ActivityPub-enabled software). Others are goin…| Dhole Moments
In 2010, Coda Hale wrote How To Safely Store A Password which began with the repeated phrase, “Use bcrypt”, where the word bcrypt was linked to a different implementation for various pr…| Dhole Moments
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they s…| Dhole Moments
If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implemen…| Dhole Moments
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you co…| Dhole Moments
In 2022, I wrote about my plan to build end-to-end encryption for the Fediverse. The goals were simple: Provide secure encryption of message content and media attachments between Fediverse users, a…| Dhole Moments
Every hype cycle in the technology industry continues a steady march towards a shitty future that nobody wants. CMYKat Note: I know this isn’t unique to the tech industry, but I can’t w…| Dhole Moments
I need everyone to understand something: This doesn’t matter. Dhole Moments is not the official outlet of anything that will affect you or your daily life. It carries no financial weight or p…| Dhole Moments
Ever since the Invisible Salamanders paper was published, there has been a quiet renaissance within my friends and colleagues in applied cryptography for studying systems that use Authenticated Enc…| Dhole Moments
A frequent source of confusion in the furry fandom is about commission pricing for furry art. This confusion is often driven by (usually younger) furries demanding free or severely cheap art from a…| Dhole Moments
There are two mental models for designing a cryptosystem that offers end-to-end encryption to all of its users. The first is the Signal model. Predicated on Moxie’s notion that the ecosystem …| Dhole Moments
Earlier this year, I wrote about planned effort to design a federated Key Transparency proposal. The end goal for this work was constrained to building end-to-end encryption into a new type of Dire…| Dhole Moments
I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental. It…| Dhole Moments
Update (2024-06-06): There is an update on this project. As Twitter’s new management continues to nosedive the platform directly into the ground, many people are migrating to what seem like d…| Dhole Moments
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?| Dhole Moments
Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that&#…| Dhole Moments
A lot of recent (and upcoming) blog posts I’ve written, and Fediverse discussions I’ve participated in, have been about the security of communication products. My criticism of these pro…| Dhole Moments
XMPP is a messaging protocol (among other things) that needs no introduction to any technical audience. Its various implementations have proliferated through technical communities for decades. Many…| Dhole Moments
Can’t get enough of blog posts written by furries? This post aims to curate some of the other blogs written by furries that are worth sharing with my regular readers. Many (but not all) of th…| Dhole Moments
A common narrative on discussion boards like Hacker News is that my inclusion of my fursona on my technical blog posts somehow makes them unsuitable for consumption in a business setting. (This cla…| Dhole Moments
Four years ago, I wrote a (surprisingly popular) blog post about the notion of wear-out for symmetric encryption schemes. Two years ago, I wrote a thing about extending the nonce used by AES-GCM wi…| Dhole Moments
In late 2022, I blogged about the work needed to develop a specification for end-to-end encryption for the fediverse. I sketched out some of the key management components on GitHub, and then the pu…| Dhole Moments
Many of the most annoying and pervasive problems with the furry fandom–from the cyclical nature of Twitter discourse to the increasingly frustrating issue of furry convention main hotel regis…| Dhole Moments
I have been a begrudging user of Telegram for years simply because that’s what all the other furries use, despite their cryptography being legendarily bad. When I signed up, I held my nose an…| Dhole Moments
Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com (which is the host for my blog) for “AI” products. In respon…| Dhole Moments
Despite the hype, Web3 offers fake decentralization and builds upon technology you could build without cryptocurrency.| Dhole Moments
The people afraid to show their peers or bosses my technical writing because it also contains furry art are some of the dumbest cowards in technology. Considering the recent events at ApeFest, a co…| Dhole Moments
Dhole Moments is not a music blog. I will not pretend to be an expert on music, music theory, or music appreciation. But it goes even further than that: I am so untalented at music that I exert a v…| Dhole Moments
I quit my job towards the end of last month. When I started this blog, I told myself, “Don’t talk about work.” Since my employment is in the rear view mirror, I’m going to b…| Dhole Moments
Recently, it occurred to me that there wasn’t a good, focused resource that covers commitments in the context of asymmetric cryptography. I had covered confused deputy attacks in my very shor…| Dhole Moments
An introduction to database cryptography.| Dhole Moments
Ever since the famous “Open Sesame” line from One Thousand and One Nights, humanity was doomed to suffer from the scourge of passwords. Courtesy of SwiftOnSecurity Even in a world where…| Dhole Moments
What will become of the Internet, and the furry fandom, if Elon Musk kills Twitter?| Dhole Moments
