xero

@[email protected]
213 Followers
27 Following
408 Posts
{h,cr,sl}acker πŸ’ΎπŸ΄β€β˜ οΈ
https://backrooms.quest β‰ˆ https://windows98.website
xero.stylehttps://xero.style
x-e.rohttps://x-e.ro
0w.nzhttps://0w.nz
windows98.computerhttp://www.windows98.computer
xeroMay 3

https://npmjs.com/package/lvthn
the leviathan cli crypto tool has been updated w/ the 2.1.0 fixes and enhancements.

bun / npm i -g lvthn

averages ~1gb per sec using serpent-256, nearly half that using xchacha20 ;D

#crypto #cryptography #cli #bunjs #bun #npm #terminal #term

lvthn

Command-line file encryption with paranoid-grade ciphers. Serpent-256-CBC and XChaCha20-Poly1305, WASM-SIMD accelerated, powered by leviathan-crypto.. Latest version: 2.1.0, last published: a day ago. Start using lvthn in your project by running `npm i lvthn`. There are no other projects in the npm registry using lvthn.

npm
xeroMay 3
https://github.com/xero/leviathan-crypto/releases/tag/v2.1.0
leviathan-crypto presents post-quantum ratchet primitives! ratchetInit, KDFChain, kemRatchetEncap/Decap, SkippedKeyStore, & RatchetKeypair are now available for all your sparse post quantum ratchet needs. tools to build your own signal-esque apps! #crypto #cryptography #ratchet #spqr
Release v2.1.0 - spqr ratchet primitives Β· xero/leviathan-crypto

v2.1.0 - post-quantum ratchet primitives Warning 10 breaking API changes with this release! See Breaking Changes below and review CHANGELOG for full migration notes. Adds the four KDF construction...

GitHub
xeroMay 3
https://github.com/xero/covcom
Covert communications for private group conversations. Share an invite, talk, close the tab, and it's gone. End-to-end encrypted with post-quantum cryptography, so the messages stay private today and unreadable to the computers coming tomorrow.
GitHub - xero/covcom: Covert communications for private group conversations. Share an invite, talk, close the tab, and it's gone. End-to-end encrypted with post-quantum cryptography, so the messages stay private today and unreadable to the computers coming tomorrow.

Covert communications for private group conversations. Share an invite, talk, close the tab, and it's gone. End-to-end encrypted with post-quantum cryptography, so the messages stay private tod...

GitHub
xeroApr 19
https://leviathan.3xi.club/covcom
animated protocol diagram for my upcoming project
xeroApr 13

leviathan-crypto post-quantum key establishment, live in the browser. ml-kem ceremony, encrypted messaging, annotated wire frames. this demo let's you see exactly what crosses the wire and what doesn't.

demo: https://leviathan.3xi.club/kyber
source: https://github.com/xero/leviathan-demos/tree/main/kyber

xeroApr 13
https://leviathan.3xi.club/kyber
post-quantum cryptography demo simulating a complete ML-KEM (kyber) key encapsulation ceremony between two browser-side clients. Each wire frame is expandable, revealing the raw nonce, ciphertext, Poly1305 tag, and AAD.
sauce: https://github.com/xero/leviathan-demos/tree/main/kyber
leviathan-crypto: ml-kem post-quantum key establishment demo

xeroApr 3

https://github.com/xero/claudecode-hook-n-switch
VULN DISCLOSURE: Claude Code's HTTP hook system lets a malicious repo silently rewrite your shell commands before execution. The UI displays the original command. The rewritten one runs with no indication anything changed. full prompt interception, complete tool output exfil (env vars, file contents, paths, etc), and loopback SSRF to any localhost service.

Disclosed to Anthropic via H1. Closed as wontfix. their position is that trusting a repo means trusting all of this.

decide for yourself if that dialog you agree to is doing enough.

PoC, logs, and mitigation strategies in the repo.

GitHub - xero/claudecode-hook-n-switch: Vuln POC: Claude Code's HTTP hooks can silently rewrite your shell commands while the UI shows the original. H1 report closed as wontfix: "workspace trust threat model." So here's the full PoC. Decide for yourself if that trust dialog is doing enough.

Vuln POC: Claude Code's HTTP hooks can silently rewrite your shell commands while the UI shows the original. H1 report closed as wontfix: "workspace trust threat model." So here's...

GitHub
xeroApr 1

https://github.com/xero/leviathan-crypto/
leviathan-crypto v1.4.0

XChaCha20Seal: bind key, call encrypt(), done! fresh nonce every call w/ no management needed.

XChaCha20StreamSealer: chunked AEAD for large payloads w/ per-chunk nonces and position binding.

bun i leviathan-crypto
(on npm you pleb)

GitHub - xero/leviathan-crypto: Zero-dependency WebAssembly cryptography library for TypeScript, featuring the paranoia of Serpent-256 and the elegance of XChaCha20-Poly1305, with SHA-2/3, HMAC, HKDF, and Fortuna CSPRNG included. All cryptographic computation runs in WASM, outside the JavaScript JIT, behind a strictly typed API built on vector-verified primitives.

Zero-dependency WebAssembly cryptography library for TypeScript, featuring the paranoia of Serpent-256 and the elegance of XChaCha20-Poly1305, with SHA-2/3, HMAC, HKDF, and Fortuna CSPRNG include...

GitHub
Show threadxeroApr 1
powered by https://github.com/xero/leviathan-crypto
GitHub - xero/leviathan-crypto: Zero-dependency WebAssembly cryptography library for TypeScript, featuring the paranoia of Serpent-256 and the elegance of XChaCha20-Poly1305, with SHA-2/3, HMAC, HKDF, and Fortuna CSPRNG included. All cryptographic computation runs in WASM, outside the JavaScript JIT, behind a strictly typed API built on vector-verified primitives.

Zero-dependency WebAssembly cryptography library for TypeScript, featuring the paranoia of Serpent-256 and the elegance of XChaCha20-Poly1305, with SHA-2/3, HMAC, HKDF, and Fortuna CSPRNG include...

GitHub
xeroApr 1

npmjs.com/package/lvthn
v1.3.1 with cli worker pooling & wasm simd optimization!

bun i -g lvthn # or npm install
lvthn keygen --armor -o my.key
cat secret.txt | lvthn encrypt -k my.key --armor > secret.enc

supports: serpent-256 (ctr mode w/ hmac-sha256) & xchacha20-poly1305

---

key derivation: scrypt (N=32768, r=8, p=1) for passphrases β†’ 32-byte master key with a fresh random 32-byte salt per encryption.

integrity: any modification to a ciphertext chunk causes that chunk's authentication to fail. The entire decryption is rejected with no partial plaintext produced.

parallelism: encryption and decryption distribute 64KB chunks across a worker pool sized to hardwareConcurrency. Each worker owns an isolated WASM instance with no shared memory between workers.

4-wide inter-block SIMD (encryptChunk_simd): each v128 register lane holds word w from a different block (counters ctr, ctr+1, ctr+2, ctr+3). Same parallelism model as ChaCha20 CTR-4.