Notices by Sophie Schmieg (sophieschmieg@infosec.exchange)

@neverpanic I will not share a stage with the speaker lineup they have selected, so no.

Apparently one can just claim to have codesigned any scheme now, so let it be known that Julius and I coauthored the Caesar cipher

https://openssl-conference.org/speaker?p=I

@inthehands are we doing illegal primes again?

@GossiTheDog ugh and they left themselves some wiggle room: the way it's written, you could claim that the criminals prosecuted are the groups exploiting the vulnerabilities. That is an obvious statement and it's clearly implied that the person doing the zero day release is actively cooperating with threat actors and therefore also criminally liable, but Microsoft can always "well technically" themselves out of this claim.

@skinnylatte Jupp, I entered the US on an L visa, which has even worse conditions than the H1B.
But Germany is a country that has no wait time, so I converted to a Greencard within a year.

The exploitation is only possible because people do not have a path to permanent residence and citizenship, and the number one blocker for that is racist quotas.

I think I might need to check some luggage, my bag doesn't want to close.

@soatok I hope they accounted for ML-DSA's signature size when planning to add all these JWTs.

And the posts, they keep on coming.
I hundred percent agree with @filippo here, the question is not whether we're certain that a quantum computer exists by 2029, it's whether we're certain that one doesn't exist. And things have progressed far enough that non-physicists, or even physicists working in different subfields, can no longer reliably tell what's going on.

https://words.filippo.io/crqc-timeline/

Last time I had a 10+ hour flight, Opal nerd sniped me into figuring out how to break ML-DSA keys that had been improperly encrypted with a reused IV. (To be perfectly clear, this is not an issue with ML-DSA, but with reused IVs. Nothing is secure in that case, but some things are insecure in interesting ways)

So of course, @filippo , being present when I disclosed that vulnerability, chose to immediately exploit it by nerd sniping me into providing additional test vectors for ML-DSA for this flight.

@soatok @whitequark yeah, this is the rare compiler w for constant time programming, that has saved some Kyber implementations.
Since multiplication and shifts are so much cheaper than integer division, this is more or less the standard behavior if the compiler knows the divisor. But of course, you can't rely on it. And theoretically, the compiler is allowed to take your manual Barrett code and replace it with idiv as well, if it sees so fit.

@soatok is it bad that I find the assembly completely reasonable? It's just a Barrett reduction.

Lol. Rofl, even.

(Not the Onion: https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/enterprise-2030)

@q I have no idea. I work in this field, and I have no idea.

@wordshaper @weekend_editor @Green_Footballs @cstross starting by the fact that being resistant to a specific disease does not necessarily produce any other positive side effects, and in fact is more likely to negatively impact fitness when the disease is not a threat. See for example sickle cell anemia and malaria.

@cwebber @JadedBlueEyes to be fair, if you leave all the crypto as a TODO, it is technically post-quantum.

@soatok independent of that logic error, looking at the code it also has a fundamentally flawed design that assumes that signatures can be verified via an equality check. It also trusts the token with algorithm selection and has a timing side channel.

Me: if I was an attacker and had a quantum computer right now, CA root certs would certainly be my first target.
Colleague: come on, no Bitcoin for me?
Me: fine, after I stole a bunch of Bitcoin and distributed them among the people in this video call, CA root certs would be my next target.

@soatok ah yes, I too prefer X448 to guard against – checks notes – quantum attacks.

@paul_ipv6 @inthehands honestly, I've been wondering that for a while. If there is a masked, unidentified person abducting people in broad daylight, isn't it supposedly the police's job to stop them? I mean could be anyone, without a badge we can't know for sure, after all.

(And I know, expecting the police to actually do their job instead of committing crimes themselves is a tall order, but still)

Me: oh, we could buy an oscilloscope!
@saraislet : why would we need an oscilloscope?!?
Me: uhm, because it's an oscilloscope?!?