Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 15-Jan-2026 22:49:43 JST Soatok Dreamseeker

   Software Assurance & That Warm and Fuzzy Feeling

   If I were to recommend you use a piece of cryptography-relevant software that I created, how would you actually know if it was any good? Art: Wayward Mutt Trust is, first and foremost, a social problem. If I told you a furry designed a core piece of Internet infrastructure, the reception to this would be mixed, to say the least.

   http://soatok.blog/2026/01/15/software-assurance-that-warm-and-fuzzy-feeling/

   • Embed this notice
     Tom Bortels (tbortels@infosec.exchange)'s status on Thursday, 15-Jan-2026 23:42:26 JST Tom Bortels

     in reply to

     @soatok

     The answer - or non-answer as it's not very useful - for 99% of people is "reputation". If researcher X has a track record of good analysis that is supported by the consensus of peer review, that's got to be good enough short of either being an expert yourself and doing peer review, or some sort of formal verification.

     Excellent article as always. The audit insights are spot on and hit close to home - when you hear someone passed an audit, my first reaction is "who paid the auditors"? If the party being audited chose and paid for the auditors, you may have a problem there...

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Thursday, 15-Jan-2026 23:53:35 JST Soatok Dreamseeker

     in reply to

     • Jeff Martin

     @cuchaz Thanks, I'm glad you found it useful!

     I don't anticipate it will be one of my more popular posts, so I'm glad to hear you found it so :3

   • Embed this notice
     Jeff Martin (cuchaz@gladtech.social)'s status on Thursday, 15-Jan-2026 23:53:36 JST Jeff Martin

     in reply to

     @soatok wow! This is probably the most useful thing (to me) you've ever written. :blobcatcookienom: Thanks!

     I've always thought my testing game was pretty good, but you're on a whole different level. Lots of new techniques for me to learn here, hopefully with tools available in the languages I'm using.

   • Embed this notice
     Luna Lactea (jackemled@furry.engineer)'s status on Friday, 16-Jan-2026 00:28:41 JST Luna Lactea

     in reply to

     @soatok When I want to figure out if some security or cryptography software is good, I ask these questions.

     What's its threat model? What are any potential flaws the author sees in their implementation? What do unrelated experts in the subject think about it? Are there any drawbacks to using it? How might it fail? What threats does it not cover?

   • Embed this notice
     ayhon (ayhon@mas.to)'s status on Friday, 16-Jan-2026 03:43:03 JST ayhon

     in reply to

     @soatok Nice blog-post! As a formal methods nerd it was a really enjoyable read.

     I was wondering if hacspec would allow you to derive ProVerif models directly. In the end, it's just a subset of Rust you can transform into other languages, such as F* and Rocq. But I don't see how these languages give you any better guarantees about your specification. I guess there are some tools like DY* that could be useful?

     I guess I'm just thinking out loud. Cool setup!

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Friday, 16-Jan-2026 03:43:03 JST Soatok Dreamseeker

     in reply to

     • ayhon

     @ayhon Thanks! I hadn't considered that approach too deeply, but that may be worth looking into.