From soatok.blog
What To Use Instead of PGP - Dhole Moments
8 8
It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they s…
#pgp #compsci #security #programming #alternatives #cryptography
10h ago
From soatok.blog
Security Issues in Matrix’s Olm Library - Dhole Moments
1 1
I don’t consider myself exceptional in any regard, but I stumbled upon a few cryptography vulnerabilities in Matrix’s Olm library with so little effort that it was nearly accidental. It…
#pgp #signing #security #encryption #codesigning #alternatives #securityguidance #digitalsignatures
on Aug 15
From soatok.blog
What Does It Mean To Be A Signal Competitor? - Dhole Moments
1 1
A lot of recent (and upcoming) blog posts I’ve written, and Fediverse discussions I’ve participated in, have been about the security of communication products. My criticism of these pro…
#pgp #signing #security #encryption #codesigning #alternatives #securityguidance #digitalsignatures
on Aug 7
From soatok.blog
Against XMPP+OMEMO - Dhole Moments
1 1
XMPP is a messaging protocol (among other things) that needs no introduction to any technical audience. Its various implementations have proliferated through technical communities for decades. Many…
#pgp #signing #security #encryption #codesigning #alternatives #securityguidance #digitalsignatures
on Aug 6
From soatok.blog
Ambition, The Fediverse, and Technology Freedom - Dhole Moments
0 0
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you co…
on Oct 18
From soatok.blog
My Furry Blog is NOT an Opportunity to Develop Your Brand - Dhole Moments
0 0
A common narrative on discussion boards like Hacker News is that my inclusion of my fursona on my technical blog posts somehow makes them unsuitable for consumption in a business setting. (This cla…
on Oct 1
From soatok.blog
Why are furry conventions offering HIV testing to attendees? - Dhole Moments
0 0
Spoiler: It’s nothing scandalous or bad. Every once in a while, someone posts this photo on Twitter to attempt to dunk on furries: Midwest FurFest 2018 Over the years, I’ve seen this di…
on Oct 1
From soatok.blog
Cryptographic Innuendos - Dhole Moments
0 0
Neil Madden recently wrote a blog post titled, Digital Signatures and How to Avoid Them. One of the major points he raised is: Another way that signatures cause issues is that they are too pow…
on Sep 20
From soatok.blog
The Continued Trajectory of Idiocy in the Tech Industry - Dhole Moments
0 0
Every hype cycle in the technology industry continues a steady march towards a shitty future that nobody wants. CMYKat The Road to Hell Once upon a time, everyone was all hot and bothered about Big…
on Sep 18
From soatok.blog
Asymmetric Cryptographic Commitments - Dhole Moments
0 0
Recently, it occurred to me that there wasn’t a good, focused resource that covers commitments in the context of asymmetric cryptography. I had covered confused deputy attacks in my very shor…
on Sep 15
From soatok.blog
E2EE for the Fediverse Update – We’re Going Post-Quantum - Dhole Moments
0 0
In 2022, I wrote about my plan to build end-to-end encryption for the Fediverse. The goals were simple: Provide secure encryption of message content and media attachments between Fediverse users, a…
on Sep 13
From soatok.blog
Database Cryptography Fur the Rest of Us - Dhole Moments
0 0
An introduction to database cryptography.
on Sep 10
From soatok.blog
Invisible Salamanders Are Not What You Think - Dhole Moments
0 0
Ever since the Invisible Salamanders paper was published, there has been a quiet renaissance within my friends and colleagues in applied cryptography for studying systems that use Authenticated Enc…
on Sep 10
From soatok.blog
Doesn’t Matter - Dhole Moments
0 0
I need everyone to understand something: This doesn’t matter. Dhole Moments is not the official outlet of anything that will affect you or your daily life. It carries no financial weight or p…
on Sep 9
From soatok.blog
When Soatok Used Bugcrowd - Dhole Moments
0 1
and Got Banned for Doing the Right Thing
on Sep 4
From soatok.blog
Introducing Alacrity to Federated Cryptography - Dhole Moments
0 0
There are two mental models for designing a cryptosystem that offers end-to-end encryption to all of its users. The first is the Signal model. Predicated on Moxie’s notion that the ecosystem …
on Aug 28
From soatok.blog
Federated Key Transparency Project Update - Dhole Moments
0 0
Earlier this year, I wrote about planned effort to design a federated Key Transparency proposal. The end goal for this work was constrained to building end-to-end encryption into a new type of Dire…
on Aug 23
From soatok.blog
Why AES-GCM Sucks - Dhole Moments
0 0
If you’re reading this wondering if you should stop using AES-GCM in some standard protocol (TLS 1.3), the short answer is “No, you’re fine”. I specialize in secure implemen…
on Aug 14
From soatok.blog
Furward Momentum – Mapping the Technology Landscape - Dhole Moments
0 0
Furward Momentum (Introduction) Building Your Support Network and/or TeamMapping the Technology LandscapeLearning the Fundamental SkillsChoosing Your PathStarting and Growing an Open Source Project…
on Aug 8
From soatok.blog
Furward Momentum – Learning the Fundamental Skills - Dhole Moments
0 0
Furward Momentum (Introduction) Building Your Support Network and/or Team Mapping the Technology Landscape Learning the Fundamental Skills Choosing Your Path Starting and Growing an Open Source Pro…
on Aug 8
From soatok.blog
Furward Momentum – Building Your Support Network and/or Team - Dhole Moments
0 0
Furward Momentum (Introduction) Building Your Support Network and/or TeamMapping the Technology LandscapeLearning the Fundamental SkillsChoosing Your PathStarting and Growing an Open Source Project…
on Aug 8
From soatok.blog
Resolving The Reoccurring Discourse on Furry Twitter - Dhole Moments
0 0
While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–usually…
on Aug 5
From soatok.blog
Cryptographic Wear-Out for Symmetric Encryption - Dhole Moments
0 0
As we look upon the sunset of a remarkably tiresome year, I thought it would be appropriate to talk about cryptographic wear-out. What is cryptographic wear-out? It’s the threshold when you&#…
on Aug 4
From soatok.blog
Threema: Three Strikes, You’re Out - Dhole Moments
0 0
Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?
on Aug 4
From soatok.blog
Featured Furries - Dhole Moments
0 0
Posts about Featured Furries written by Soatok
on Jul 22
From soatok.blog
Featured Furries - Dhole Moments
0 0
Can’t get enough of blog posts written by furries? This post aims to curate some of the other blogs written by furries that are worth sharing with my regular readers. Many (but not all) of th…
on Jul 22
From soatok.blog
My Furry Blog Has Lasted Longer Than the Confederacy - Dhole Moments
0 0
My inaugural blog post went live on April 21, 2020. This post is scheduled to go live on Sunday, July 21, 2024. If you are reading this post, then at least 1,552 days have transpired since my first…
on Jul 21
From soatok.blog
Blowing Out the Candles on the Birthday Bound - Dhole Moments
0 0
Four years ago, I wrote a (surprisingly popular) blog post about the notion of wear-out for symmetric encryption schemes. Two years ago, I wrote a thing about extending the nonce used by AES-GCM wi…
on Jul 1
From soatok.blog
Towards Federated Key Transparency - Dhole Moments
0 0
In late 2022, I blogged about the work needed to develop a specification for end-to-end encryption for the fediverse. I sketched out some of the key management components on GitHub, and then the pu…
on Jun 7
From soatok.blog
Furries Are Losing the Battle Against Scale - Dhole Moments
0 0
Many of the most annoying and pervasive problems with the furry fandom–from the cyclical nature of Twitter discourse to the increasingly frustrating issue of furry convention main hotel regis…
on May 30
From soatok.blog
A Furry’s Guide to Telegram - Dhole Moments
0 0
Update (2024-05-14): It’s time for furries to move away from Telegram. A question I often get–especially from cryptography experts: What is it with furries and Telegram? No, they’…
on May 14
From soatok.blog
It’s Time for Furries to Stop Using Telegram - Dhole Moments
0 1
I have been a begrudging user of Telegram for years simply because that’s what all the other furries use. When I signed up, I held my nose and expressed my discontent at Telegram by selecting…
on May 14
From soatok.blog
Soatok’s Guide to Side-Channel Attacks - Dhole Moments
0 0
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not…
on Apr 11
From soatok.blog
KEM Trails – Understanding Key Encapsulation Mechanisms - Dhole Moments
0 0
There is, at the time of this writing, an ongoing debate in the Crypto Research Forum Group (CFRG) at the IETF about KEM combiners. One of the participants, Deirdre Connolly, wrote a blog post titl…
on Mar 15
From soatok.blog
The Tech Industry Doesn’t Understand Consent - Dhole Moments
0 0
Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com (which is the host for my blog) for “AI” products. In respon…
on Mar 2
From soatok.blog
How To Learn Cryptography as a Programmer - Dhole Moments
0 0
A question I get asked frequently is, “How did you learn cryptography?” I could certainly tell everyone my history as a self-taught programmer who discovered cryptography when, after my…
on Feb 2
From soatok.blog
Going Bark: A Furry’s Guide to End-to-End Encryption - Dhole Moments
0 2
Governments are back on their anti-encryption bullshit again. Between the U.S. Senate’s “EARN IT” Act, the E.U.’s slew of anti-encryption proposals, and Australia’s ne…
on Feb 2
From soatok.blog
Programmers Don’t Understand Hash Functions - Dhole Moments
0 0
Programmers don’t understand hash functions, and I can demonstrate this to most of the people that will read this with a single observation: When you saw the words “hash function”…
on Feb 2
From soatok.blog
0 0
What’s This All About? Hiya, my name is Soatok! I’m a member of the furry fandom. My fursona is a dhole (Cuon Alpinus). You can learn more about my fursona here. My pronouns are he / hi…
on Jan 24
From soatok.blog
How You Respond to Security Researchers Says Everything About You - Dhole Moments
0 0
Tails from the Cryptographic Side of Security Research
on Jan 23
From soatok.blog
0 0
Dhole Moments, Soa Talks, and Other Bad Puns… Follow My Blog Get new content delivered directly to your inbox.
on Dec 18
From soatok.blog
Why Furries Make Excellent Hackers - Dhole Moments
0 1
Briefly explaining the Infursec prevalence within InfoSec
on Nov 28
From soatok.blog
This Would Be More Professionally Useful If Not For the Furry Art - Dhole Moments
0 1
The people afraid to show their peers or bosses my technical writing because it also contains furry art are some of the dumbest cowards in technology. Considering the recent events at ApeFest, a co…
on Nov 22
From soatok.blog
Avoiding the Frigid Hellscape of Online Marketing - Dhole Moments
0 0
An Internet Marketer Offered Me $100 to Betray Myself and My Community
on Nov 16, 2023
From soatok.blog
That One Time Furries Saved a Library - Dhole Moments
0 0
The Furry Fandom proved vital to saving a library from the demands of a homophobic Mississippi politician.
on Nov 9, 2023
From soatok.blog
Aural Alliance – Furry Music to Wag / Pounce to - Dhole Moments
0 1
Dhole Moments is not a music blog. I will not pretend to be an expert on music, music theory, or music appreciation. But it goes even further than that: I am so untalented at music that I exert a v…
on Oct 17, 2023
From soatok.blog
A Plan for Multicast Support in Noise-based Protocols - Dhole Moments
0 0
If you’ve paid attention to Hacker News or various technology subreddits in recent years, you may have noticed the rise of VPN companies like Tailscale and ZeroTier. At the core of their netw…
on Oct 10, 2023
From soatok.blog
I Don’t Care if Strangers Can Take Me Seriously - Dhole Moments
0 0
A few days ago, I wrote a personal blurb about my experience with Return-to-Office, Forced Relocation, and top-down Corporate Bullshit. This was a departure from my usual fare in two ways: I talked…
on Oct 4, 2023