GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Sophie Schmieg (sophieschmieg@infosec.exchange)

  1. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 24-May-2025 21:58:34 JST Sophie Schmieg Sophie Schmieg

    New blog post, about a fun obsession of mine, the reason why we use elliptic curves and not any other groups for Diffie-Hellman.

    https://keymaterial.net/2025/05/23/there-is-no-diffie-hellman-but-elliptic-curve-diffie-hellman/

    In conversation about 5 days ago from infosec.exchange permalink
  2. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Monday, 12-May-2025 05:52:10 JST Sophie Schmieg Sophie Schmieg

    Ah, yes, the two genders

    In conversation about 17 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/460/258/073/479/039/original/4e7f29b015b01956.jpg
  3. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Sunday, 04-May-2025 17:05:30 JST Sophie Schmieg Sophie Schmieg

    Damnit, I'm sitting next to a cryptocurrency person in this plane and am not wearing my "crypto means cryptozoology" shirt.

    In conversation about a month ago from infosec.exchange permalink
  4. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Wednesday, 16-Apr-2025 07:39:59 JST Sophie Schmieg Sophie Schmieg

    And all of the sudden, we have solved supply chain security.

    No CVE, no vulnerabilities!

    In conversation about a month ago from infosec.exchange permalink
  5. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Thursday, 10-Apr-2025 05:33:55 JST Sophie Schmieg Sophie Schmieg
    • Matt Blaze

    @mattblaze even just minor UX improvements like Gmail marking external email addresses yellow are a good way of avoiding this type of issue. But that fundamentally relies on there being some concept of "external", i.e. they can only work if there is some defined organization as a context. Which for Signal simply does not make sense. It is an excellent tool, but it is the wrong tool for the job.

    In conversation about 2 months ago from infosec.exchange permalink
  6. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Wednesday, 02-Apr-2025 10:23:10 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Matt Blaze
    • Carl T. Bergstrom

    @mattblaze @ct_bergstrom I legit thought it was some misunderstanding of quantum computing at first, but then the title says "AI computing" and I got nothing.

    (And to be clear, quantum computing also does not work like that)

    In conversation about 2 months ago from infosec.exchange permalink
  7. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Adrian Sanabria
    • Kevin Beaumont

    @sawaba @GossiTheDog
    I agree that most small to medium companies probably do not have to care about any of this right now. Those that do probably know already. But it's not something that can be simply ignored by everybody.

    The main way to recognize overhyped nonsense is when they talk about inventory and agility. Unfortunately, neither of these terms is completely without merit, but they are the most favorite buzzwords of the hype peddlers. Really both of these boil down to proper key management. Something that is extremely difficult, but not unique or novel with PQC.

    In conversation about 2 months ago from infosec.exchange permalink
  8. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Adrian Sanabria
    • Kevin Beaumont

    @sawaba @GossiTheDog but just in case you don't like watching my YouTube talks, here is the TLDR as to why you might need to care (not everybody has to care, figuring out who does is part of the difficulty):
    a) whether or not you believe the hype about quantum computers, regulatory pressure puts a hard deadline on the migration for 2035. That's ten years. For encryption in transit you have store-now-decrypt-later, which might incentivise you to move faster, although that is somewhat overhyped, as forward secrecy acts as a form of "quantum annoyance", it depends how high you value you long term confidentiality of your data.
    b) PQC algorithms are not easy drop in replacements. They are much, much larger than their classical counterparts, leading to quite a few use cases outright breaking (as the aforementioned WebPKI). Some of these are extremely difficult to migrate as a whole (again, as the aforementioned WebPKI), making 10 years not much time.

    In conversation about 2 months ago from gnusocial.jp permalink
  9. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:39 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Adrian Sanabria
    • Kevin Beaumont

    @sawaba @GossiTheDog ugh, please don't.

    Yes it's overhyped, and yes consultants give extremely cringe talks about it, but no, this is neither a purely theoretical threat that can be safely ignored, nor is it business as usual when it comes to upgrading. Unless of course you consider potentially having to rip out the entirety of WebPKI and replacing it with something different as business as usual.

    You can see my talk about the practical challenge and the threat model here (about half way through) https://youtu.be/wsnHMvuxy5Q?si=yK6oObpptIQfyOs8

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments

    1. RWPQC 2024 Session 2: Making Signal Post Quantum and PQC Migration Updates Vol 1
      from SandboxAQ
      Want to learn more about AI and quantum tech? Visit our Academy https://academy.sandboxaq.com/Want to get in touch? Write the Education team at edu@sandbox...
  10. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Saturday, 29-Mar-2025 23:35:38 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Adrian Sanabria
    • Kevin Beaumont

    @sawaba @GossiTheDog for small to medium sized businesses that are not doing anything more adventurous than TLS when it comes to cryptography, my advice would be, if there is some free engineering capacity, to turn on 0x11EC (X25519-ML-KEM768) in their TLS config, assuming their stack supports the cipher. (The various different stacks are adding support for that currently)
    That way, you can check if anything breaks, with both Chrome and Firefox negotiating that cipher by default, and Safari rolling out support for it. The main risk is with middleware breaking.
    In that threat model, it may not be the most urgent task, but it's relatively simple, depending on the used TLS stack. You can also turn on the equivalent KEX in SSH (supported in OpenSSH). Otherwise, in that threat model, I wouldn't do much at all (and even these two things are mostly optional, unless there are very strict long term confidentiality concerns).
    Of course, if your threat model is more adventurous, you might want to hire some cryptographers 🙂

    In conversation about 2 months ago from gnusocial.jp permalink
  11. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Friday, 28-Mar-2025 19:12:52 JST Sophie Schmieg Sophie Schmieg

    I love that the "Germans in foreign countries" app lets you register your fax number.

    I guess, how else would they reach you?

    In conversation about 2 months ago from infosec.exchange permalink
  12. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Thursday, 20-Mar-2025 03:31:35 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Paul_IPv6
    • Paul Cantrell

    @inthehands @paul_ipv6 there is some movement happening, though, my very boring liberal father in law went from "why are you so worried, it's just four years" to "I'm not sure you should travel internationally, do you have lawyers on call, I'm very worried" within 2 months. And I'm pretty sure lots of people are going through that right now, and gracefully accepting them into the fold will be key for any left alliance to succeed in stopping fascism.

    That being said, "business leaders" are very different from "boring liberal"

    In conversation about 2 months ago from infosec.exchange permalink
  13. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Thursday, 20-Mar-2025 03:09:11 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Paul_IPv6
    • Paul Cantrell

    @inthehands @paul_ipv6 the fact that they see Trump ruining the economy with tariffs, and still only meakly protesting is definitely evidence of that.

    In conversation about 2 months ago from infosec.exchange permalink
  14. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Thursday, 20-Mar-2025 02:41:27 JST Sophie Schmieg Sophie Schmieg
    in reply to
    • Paul_IPv6
    • Paul Cantrell

    @inthehands @paul_ipv6 on the other hand, more people cancelling rides with Teslas acts as yet another way to boycott that fascist company, which adds an incentive for Uber/Lyft to prioritize other car models, and for drivers to switch.

    In conversation about 2 months ago from infosec.exchange permalink
  15. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Tuesday, 11-Mar-2025 00:31:54 JST Sophie Schmieg Sophie Schmieg

    Ferry to statute of liberty: freedom! Greeting immigrants. Definitely no connection to slavery!

    Statue of Liberty museum: yeah, so this French abolitionist wanted to congratulate the US for getting rid of slavery, and thought a statue celebrating things like the rule of law that applies to all people equally was a nice gesture. Contemporary black people had pretty mixed feelings about it though, because there was still a lot of inequality. Women made some sarcastic comments as well, given how it was a tad bit ironic to celebrate liberty with a statue of a woman, without giving them the right to vote.

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/138/671/582/544/328/original/27523e0c9b222016.jpg
  16. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Friday, 21-Feb-2025 12:11:09 JST Sophie Schmieg Sophie Schmieg

    Substantial layoffs at the largest employer in the country will, by themselves, cause an economic crisis. And that is nothing to say about the fact that federal employees are doing a job, and often one crucial to the economy.

    But "Republicans are good for business"

    In conversation about 3 months ago from infosec.exchange permalink
  17. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Friday, 21-Feb-2025 10:24:10 JST Sophie Schmieg Sophie Schmieg

    Achievement unlocked: got the red team to use PQC for their C2.

    In conversation about 3 months ago from infosec.exchange permalink
  18. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Thursday, 20-Feb-2025 09:06:43 JST Sophie Schmieg Sophie Schmieg

    Do you like undefined behavior? Do you want more of it? This post is for you. Well actually not for you, but I can do a bit of click baiting, right?

    https://keymaterial.net/2025/02/19/how-not-to-format-a-private-key/

    In conversation about 3 months ago from infosec.exchange permalink
  19. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Wednesday, 22-Jan-2025 09:00:32 JST Sophie Schmieg Sophie Schmieg

    What I imagine hymenoptera conservatives to be like: "There are only three genders, female reproductive, male reproductive, and worker"
    Some ant: "What about super majors?"
    Some other ant: "Also gamergates, are they workers or reproductives?"
    Conservative hymenoptera: "There are only three genders, female reproductive, male reproductive, and worker!"

    Some termite *opens mouth* …

    Conservative hymenoptera, shouting: "There are only three genders, female reproductive, male reproductive, and worker!!!!!"

    In conversation about 4 months ago from infosec.exchange permalink
  20. Embed this notice
    Sophie Schmieg (sophieschmieg@infosec.exchange)'s status on Wednesday, 22-Jan-2025 03:37:35 JST Sophie Schmieg Sophie Schmieg
    in reply to

    Content of the Zeit article, summarized:
    - Yes this was a Hitler salute. No "apparent" necessary. We've all seen it.
    - Newspapers now have two choices, both of them bad: they can ignore it ever happened, as to not feed the attention the action clearly craved, which normalizes open Nazi symbolism further, or they can explicitly address it, knowing that Musk wants attention, even negative attention. Clearly the Zeit has chosen the latter, and redacted the salute itself to somewhat lessen the impact.

    In conversation about 4 months ago from infosec.exchange permalink
  • Before

User actions

    Sophie Schmieg

    Sophie Schmieg

    Leading cryptography (ISE Crypto) at Google.Opinions my own.Content usually badly explained mathematics

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          41310
          Member since
          27 Nov 2022
          Notices
          51
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.