Post-Quantum Cryptography Advice Added to OpenSSH Website https://www.undeadly.org/cgi?action=article;sid=20250811110058 #openbsd #openssh #ssh #cryptography #postquantum #postq #crypto #security #libresoftware #freesoftware #bsd
Do #Apple folks out there at least know whether Messages (a.k.a. iMessage) on #iOS uses one of the above mentioned methods to provide end-to-end encryption of the content of push notifications (which in general contain portions of messages)? I know that the messages themselves are end-to-end encrypted, I'm specifically asking about the content of the notifications.
I emailed italian politicians about the EU's "ChatControl" proposal. Here I include email addresses and templates (in Italian) for my fellow Italians who want to help.
The war on crypto never ends. The war on privacy, civil rights, security and freedom of speech never ends.
This time we are dangerously close to lose. The "Child Sexual Abuse" (CSA) EU regulation proposal, more aptly nicknamed "ChatControl", will be voted AGAIN this October, and many countries who opposed it last year are now undecided. The proposal at its roots aims at allowing authorities to break end-to-end encryption for the usual reason: "because of the children". As a father of two, I am disgusted by this recurring, cheap rhetoric.
What you can do: https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo
Why on earth was the #ActivityPub protocol even let out the door without a well-specified and mandatory graceful, non-destructive key rotation scheme?
Yes I know the privacy issues. Those are not valid reasons to not have such a mechanism; it's a valid reason to not enable or use one.
What we're stuck with now is a ton of instances with absurdly long, legacy-algorithm keys (RSA-4096) with no way to replace them with shorter/better keys without effectively losing everything ever posted on the instance.
The protocol is only 7 years old! EC crypto was well-established at the time, and should have been the default.
And what happens once everyone has to replace the keys, because RSA is broken by quantum computers (I know, probably 100 years to go)? The #Fediverse will be a wasteland, with no instances trusting anything from any other instance, so all #Federation breaks down.
Sorry if I got some details wrong about what the protocol says. If I get flamed to death for being wrong, then I'll consider that a Good Thing(TM). I've been trying to find a way to rotate/replace keys for a while and all my searching turns up is either 1) confirmation that most people don't know or care about cryptography, or 2) https://socialhub.activitypub.rocks/t/key-rotation-notification/562 - which really isn't helpful.
If it is possible to gracefully rotate the key(s) of an instance/user, there really has to exist some documentation that explains clearly how to implement this in a server and how to exercise it as a server operator.
A new proof shows quantum cryptography can be built on problems even harder than NP, offering security beyond classical encryption. Researchers introduced "one-way puzzles" to replace traditional cryptographic foundations.
https://www.quantamagazine.org/quantum-scientists-have-built-a-new-math-of-cryptography-20250725/
These are clever people: Quantum Scientists Building New Math of Cryptography
https://www.quantamagazine.org/quantum-scientists-have-built-a-new-math-of-cryptography-20250725/
One-way function
https://en.wikipedia.org/wiki/One-way_function
Quantum cryptography
https://en.wikipedia.org/wiki/Quantum_cryptography
Permanent (mathematics)
https://en.wikipedia.org/wiki/Permanent_(mathematics)
♯P-completeness of 01-permanent
https://en.wikipedia.org/wiki/%E2%99%AFP-completeness_of_01-permanent
is it weird that "I built a toy cryptography system" is treated sooo much worse compared to "I built a hobby kernel", or "I built a toy DB" or "I built an orchestrator for my home lab"? I've seen people be like "just use postgres/sqlite", sure - but that's different from "[clutches pearls], No SQL? How dare you. Perish the thought! It's not ACID! How will we ever... Never use this in production. Microkernels? They'll never be practical!"
DeadSwitch Vault - Emacs-based KeppassXC database GPG encryption for Ghosts: streamlined!
https://github.com/DeadSwitch404/ds-vault
- Sane command names
- More helpful readme
- Nicer help command
Interested in theoretical cryptography and/or formal methods? Boston University is hosting a summer school on Universally Composable Security and the EasyUC framework for formalizing UC models and proofs.
The school is from August 11 - 14, 2025. Registration is free, and we're supporting both in person and Zoom participation.
For more information and to register, visit:
I proposed a way to incorporate Sender Authentication in age with the following advantages:
However, it does have one requirement that people accustomed to PGP use cases (and tolerant of PGP footguns) may find annoying:
You must know, in advance, the public key of the sender in order to be able to decrypt the message.
Great, informative writeup of Cryptographic Gotchas: https://gotchas.salusa.dev/
Lots of fantastic references and links in there, too.
If you're not following @gutenberg_org you are missing out.
A wonderful source of everything from #cryptography through #art, #feminism to the #philosophy of #physics and a whole lot more I can't make vaguely alliterate.
#ProjectGutenberg - free #ebooks
Everything You Need to Know About Cryptography (History & Examples)
Cryptography is the art of hiding the meaning of a text from everyone except the intended receivers through the use of various techniques.
by Sourima Rana
Cryptography at PG:
https://www.gutenberg.org/ebooks/subject/7599
OSIRIS, the student-run #cybersecurity research lab at NYU, is seeking #challenge writers for our upcoming CSAW #CTF later this year! (For those who don't know CSAW, it's one of the largest student-run #cybersec events in the world: https://csaw.io ) Web, #ReverseEngineering, #pwn, and #cryptography challenges are prioritized, and all experience levels welcome. Interested? Shoot me a DM or email osiris@osiris.cyber.nyu.edu.
Why #Community Could Be the Strongest Defense in #Cybersecurity
An ITSPmagazine Brand Story with Rob Clyde from ISACA | #RSAC2025
In the rush to cover #AI, #cryptography, and quantum threats, it’s easy to forget that the cybersecurity profession is—above all else—human. That’s exactly why this conversation with Rob Clyde, Board Director at ISACA, stood out during Sean Martin, CISSP and Marco Ciappelli's post-event reflections from #RSAC Conference 2025.
This Brand Story goes beyond the headlines, diving into the real issues affecting our industry: burnout, mental health, the shrinking sense of community, and the looming threat of quantum risk. Rob shares why ISACA continues to prioritize connection, education, and support at every stage of a professional’s journey.
A big thank you to ISACA for sponsoring our RSAC 2025 coverage. Your support helped make conversations like this possible.
Watch the episode: https://youtu.be/iw6MAwP8VA4
Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/why-community-could-be-the-strongest-defense-in-cybersecurity-a-brand-story-with-rob-clyde-from-isaca-an-rsac-conference-2025-post-event-brand-story
Read the full article: https://www.itspmagazine.com/their-stories/from-certification-to-confidence-the-future-of-cybersecurity-starts-with-the-first-job-a-brand-story-with-jamie-norton-from-isaca-an-on-location-rsac-conference-2025-brand-story-aarlh
We’re still looking back at #RSAC2025 — and we’re also getting ready for Infosecurity Europe. Stay tuned.
