str4d ๐Ÿ›ก๏ธ

@[email protected]
480 Followers
239 Following
276 Posts
Zcash, Rust ๐Ÿฆ€ cryptography, privacy, zero knowledge.
LocationInternet, ARPA
Website / Blueskyhttps://str4d.xyz
cohosthttps://cohost.org/str4d
Twitterhttps://twitter.com/str4d
str4d ๐Ÿ›ก๏ธFeb 2, 2025
str4dFeb 1, 2025
I've put together a webpage that renders the ePrint author list I maintain for @eprint.bsky.social. It's a separate website to enable listing by the author name used in papers, rather than the Bluesky display name or handle.

RE: https://bsky.app/profile/did:plc:ec5qq7slvmoehjx3f7ddexuf/post/3lh445vhvcs26

Cryptography Social
ePrint Updates (@eprint.bsky.social)

Unofficial bot tracking the IACR Cryptology ePrint Archive (eprint.iacr.org). Maintained by @str4d.xyz. Currently only posts about new papers. Author names are linkified to Bluesky accounts (cryptography.social); contact maintainer for inclusion/removal.

Bluesky Social
str4d ๐Ÿ›ก๏ธNov 3, 2024
str4dNov 3, 2024
rage 0.11.0 is out! ๐Ÿ†• Streamlined single recipient/identity APIs! ๐Ÿ› ๏ธ Refactored encryption/decryption APIs! ๐Ÿงฉ Plugin labels (for post-quantum plugins)! ๐Ÿ› CLI and library bugfixes. ๐ŸŒ Partial French translation! Available where all good crates are stored: cargo install rage Binaries and Debian here:

Release rage v0.11.0 ยท str4d/r...
Release rage v0.11.0 ยท str4d/rage

rage Added Partial French translation! Fixed [Unix] Files can now be encrypted with rage --passphrase when piped over stdin, without requiring an explicit - argument as INPUT. age Added New st...

GitHub
str4d ๐Ÿ›ก๏ธSep 7, 2024
str4dSep 5, 2024
Here's the next version of my Bluesky/ATProto network map, now including feeds! Specifically, all feeds that Bluesky suggests to my empty dev account, which is the top 131 feeds. I don't have a data source for all 40,000 yet. Also, labeler and feed node sizes are now logarithmic by likes. #dataviz
str4d ๐Ÿ›ก๏ธSep 7, 2024
Show threadstr4dSep 4, 2024
How the hell have I been doing open-source development for 15 years.
str4d ๐Ÿ›ก๏ธSep 3, 2024

@duxsco @soatok @filippo @mbmcloughlin I would expect both to be vulnerable given the wording:

> YubiKey PIV and OpenPGP applications and YubiHSM 2 usage may also be impacted depending on configuration and algorithm choices by the end user.

Both applets (as well as the FIDO applet) will use the same vulnerable cryptographic library under the hood (no reason to have two parallel impls in an HSM).

str4d ๐Ÿ›ก๏ธSep 3, 2024

@soatok @duxsco @filippo @mbmcloughlin The flaw was fixed in firmware 5.7, which is also the firmware that added Ed25519 support to PIV. So the mitigation for vulnerable YubiKeys can't be Ed25519 for the PIV applet as it doesn't exist there.

Between that and explaining the difference between ECC and ECDSA to users, I'm not surprised they just say "use RSA".

Show threadstr4d ๐Ÿ›ก๏ธAug 31, 2024
@lina @czero Also, it's often forgotten that writing unsafe Rust is still way better than writing C. Unsafe Rust doesn't turn off the borrow checker or disable any of Rust's other safety checks; you still get all that safety for the parts of your unsafe code that don't use the five "unsafe superpowers". Code review needs to reason about the effect of usages of the unsafe superpowers on downstream safe Rust, but that's still a strict subset of what C code review needs to deal with.
Show threadstr4d ๐Ÿ›ก๏ธAug 30, 2024
@foone it's very likely a Linear Voltage Regulator: https://www.repaircompanion.com/smd_code_search/8CD?package=SOT223&pin_count=&manufacturer=
SMD Code Markings Database - RepairCompanion

The largest searchable database of electronics SMD components marking codes, including datasheets, pin counts and package images

str4d ๐Ÿ›ก๏ธAug 29, 2024

@bobdobberson @soatok @shitpostalotl @stevelord If that "one message" happens to be the message where you were coordinating travel plans to get an abortion in another US state, because you can go to jail in your local state if there's evidence of you crossing state lines to do so, then you're fucked.

Replace that example with whatever private information disclosure would be most concerning to you.

Show threadstr4d ๐Ÿ›ก๏ธJul 20, 2024
@foone and now I see you found that 10 minutes ago. I am once again loving ActivityPub's very good cross-server post synchronization ๐Ÿ™ƒ