Soatok DreamseekerDec 3

Re: https://old.reddit.com/r/crypto/comments/1pca3r8/introducing_constanttime_support_for_llvm_to/nrzywmp/?context=2

It is simultaneously true that:

  • Most data breaches do not require any cryptographic wizardry
  • Of the ones that involve cryptography, side-channels (timing, power, etc.) are not an attacker's first choice
  • The inability to have guarantees that the compiler will not make code variable-time as part of an "optimization" is a massive pain point in writing secure implementations of cryptography

And, sure, the LLVM work won't stop app developers from fucking up something on the OWASP Top 10 list for a given year. Nor will it stop phishing from being hella effective against most users and services.

But it does reduce compiler doom and various forms of auditor bikeshedding, which makes applied cryptography work a little easier to get done.

And the best mitigation we have for phishing attacks today is WebAuthn... which uses cryptography. :P

Sometimes, naysaying is actually counterproductive.

Show threadSoatok DreamseekerDec 3

If you're wondering, "Wait, WebAuthn mitigates phishing?" there's a very good explainer about this topic from the same blog that Reddit thread is about:

https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/#anti-phishing-protections

The cryptography behind passkeys

This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates.

The Trail of Bits Blog
Show threadErik van StratenDec 3

@soatok : UTTER BS.

The picture you copied DOES NOT mitigate AitM's.

The article (https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/#anti-phishing-protections) is right b.t.w.

#Passkeys #AitMmadeMuchHarder #CryptographyBS

Show threadSoatok DreamseekerDec 3
@ErikvanStraten WTF are you talking about with "the picture you copied"? I literally just pasted a link to the blog post??
Show threadErik van StratenDec 3

@soatok : this is *NOT* what makes passkeys resistant to most phishing attacks.

Don't get fooled by the snake oil regarding asymmetric cryptography.

What makes passkeys strong:
1️⃣ The *main* domain name must match
2️⃣ https is mandatory
3️⃣ The length and randomness of the pubkey in most cases exceeds what is permitted for a password
4️⃣ The pubkey is unique per account

What makes passkeys weak:
1️⃣ They do not prevent session cookie (1FA) theft
2️⃣ Android and iOS/iPadOS passkeys are extremely hard to back up outside of their ecosystems (vendor lock-in)
3️⃣ An attacker with access to your account may ADD their own passkey (it's pubkey) or REPLACE yours
4️⃣ Implementation bugs: Android passkeys easily lost and iOS/iPadOS passkeys may be used without local authentication
5️⃣ Misinformation by people who THINK that they understand how passkeys, WebAuthn and FIDO2 work
6️⃣ (edited to add 15:40 UTC): weak https website certificates (passkeys could mitigate this risk by including the https cert or a reliable hash of it - provided that the RP checks it. Unfortunately this will break "legitimate" TLS MitM's).

#Passkeys #MisInformation #AccountLockout

Show threadSoatok DreamseekerDec 3

@ErikvanStraten You're clocking in at like 0.9 Timecubes right now. The emoji spam makes me wonder if you trained an LLM on Linus Torvald rants.

But mostly, you're not making a coherent response to anything I actually wrote.

Show threadRichard
@soatok Did you just invent a new unit?
Dec 3 at 5:28pmWeb
Show threadSoatok DreamseekerDec 3

@rigrig No, but I can't find who first coined it.

It was used on IRC as a measure of crackpottery. 0 to 1.0 Timecubes.

Show threadRichardDec 3
@soatok I figured as much, just hadn’t seen it used as a unit before. (Felt a bit sad just now on discovering that the original 1.0 is gone 😞.)