Feeding a PRF its own tail via @fanf@mendeddrum.org https://lobste.rs/s/kzq2dz #cryptography
https://00f.net/2026/06/16/feeding-a-prf-its-own-tail/
0
0
0
@wired.com@web.brid.gy
·
6d ago
WIRED - The Latest in Technology, Science, Culture and Business [Unofficial]
@wired.com@web.brid.gy
We bring you the future as it happens. From the latest in science and technology to the big stories in business and culture, we've got you covered. 🌉 bridged from 🌐 wired.com by Bridgy Fed
web.brid.gy
Crypto Guys Bought the Answer to the CIA’s Mysterious Kryptos Sculpture
They swear they haven’t peeked at the closely guarded secret and that they’ll keep the cryptographic competition going.
0
0
0
@GradleSurvivor@lemmy.ml
in
privacy
·
Jun 03, 2026
GradleSurvivor
@GradleSurvivor@lemmy.ml
lemmy.ml
WebRTC messenger architecture — sealed-sender push, encrypted signalling, looking for threat-model critique. Open Source GPLv3
A WebRTC messenger where message content never touches a server and the push layer can’t see who’s messaging whom
Android app, solo-built. Trying to find out where the architecture breaks before I scale it.
The core idea. Messages travel through direct WebRTC data channels (DTLS/SRTP) between two phones. No server stores, reads, or relays content. Group chats use a gossip protocol, sender fans out to a few reachable members who relay onward; members who come online late fetch missing messages from any peer who has them.
The supporting infrastructure, and what each piece can see.
Signalling: needed to set up any WebRTC connection. I use a Cloudflare Worker (ephemeral, nothing persisted). The SDP/ICE payload is encrypted with the recipient’s public key before it leaves the sender, and the two participants are addressed by opaque per-session hashes. The relay forwards ciphertext between un-linkable identifiers.
Push wake-up: FCM, because Android. Sealed-sender design: the wake-up payload is encrypted to the recipient’s public key, and the sender’s identity is inside that envelope. The push layer sees who’s receiving (it must, that’s how push works), not who’s sending. The FCM request is also forwarded via a Cloudflare Worker so Google doesn’t see the sender’s IP either.
TURN relay: Cloudflare again, for restricted networks. Carries encrypted packets only, like any TURN.
The code is open source (GPLv3).
I wrote a detailed white paper explaining the full architecture on my landing page: www.mindtheclub.com
Mainly interested in where the design assumptions break. The sealed-sender piece, I’d like to know if the threat model I’m assuming there is too generous.
#infosec #privacy #WebRTC #cryptography #Android #FOSS #PeerToPeer
7
3
0
0
0
0
Hardware Attestation as Monopoly Enabler via @RunxiYu@social.treehouse.systems https://lobste.rs/s/j7wksg #cryptography #rant
https://grapheneos.social/@GrapheneOS/116550899908879585
0
0
2
@byakushin@mementomori.social
·
May 07, 2026
Sini Ruohomaa
@byakushin@mementomori.social
En ollut koskaan tirppapalvelimella mutta voispa kokeilla tätäkin ihan piruuttaan. :) I've never been a huge public poster but I'm here rallying to support federated options for public communications, like a proper network idealist. ;)
mementomori.social
Our technology review on the transition to #postquantum #cryptography in #telecommunications just came out. :) Big transition, somewhat happening in the shadows of loud hype things, but with also many interesting developments. It's like cryptography's new and fresh again after decades of being delightfully still. ;)
https://www.ericsson.com/en/reports-and-papers/ericsson-technology-review/articles/migrating-telecom-to-quantum-resistant-cryptography
0
0
0
How not to format a private key via @RunxiYu@social.treehouse.systems https://lobste.rs/s/ufuiv4 #cryptography
https://keymaterial.net/2025/02/19/how-not-to-format-a-private-key/
1
0
0
minipgp6: A very lean interpretation of modern OpenPGP https://lobste.rs/s/yfuber #cryptography #security
https://codeberg.org/minipgp6/minipgp6
0
0
0
Post-Quantum VPN Based on QUIC https://lobste.rs/s/ewpr4z #cryptography #networking #rust #security
https://github.com/quincy-rs/quincy
2
0
1
C8s: A Confidential Kubernetes Architecture https://lobste.rs/s/a2mdys #cryptography #hardware #security #virtualization
https://arxiv.org/abs/2604.26974
0
0
0
Project Wycheproof tests crypto libraries against known attacks https://lobste.rs/s/b39dpz #cryptography #security
https://github.com/C2SP/wycheproof
0
0
1
Mind the Gap - Where TEE Attestations Fall Short and Why Do TEEs Need Proof of Cloud | Flashbots Writings https://lobste.rs/s/q0tq4s #cryptography #hardware #security
https://writings.flashbots.net/mind-the-gap-tee-poc
0
0
0
Reducing ML-KEM-768 encapsulation key sizes by 24 octets by @RunxiYu@social.treehouse.systems https://lobste.rs/s/ixqnxw #cryptography
https://runxiyu.org/comp/mlkem768pack/
1
0
1
Groth16, Intuitively https://lobste.rs/s/q5e6jo #cryptography
https://blog.zksecurity.xyz/posts/groth16/
0
0
0
@data0@indieweb.social
·
Apr 30, 2026
data0
@data0@indieweb.social
All kinds of tech nerd, software engineer and consultant, startup founder. From Assembly to Javascript. Always bet on the web! I love text. I hate pooptoots, memes or any other viral bs. Header image by https://unsplash.com/de/@dth_knight Some fedi/ipfs/decentralisation things I've done in the past:
indieweb.social
I couldn’t find a list of #Linux #kernel versions that include a patch for #copyfail, so I dug into the commit log and made one. Make sure you’re using at least the following version of your branch to mitigate against copyfail:
- 7.0-rc7 (any stable 7.x is safe)
- 6.19.12
- 6.18.22
- 6.12.85
- 6.6.137
- 6.1.170
- 5.15.204
- 5.10.254
See https://copy.fail for more info about the #exploit.
#privilegeescalation #vulnerability #cryptography #linuxadmin #sysadmin
24
4
41
Secure signatures without a private key by @katexochen@infosec.exchange https://lobste.rs/s/ghmidi #cryptography #security
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
3
0
1
Distributing the Keys for Private Access to the Web https://lobste.rs/s/gg5n7g #cryptography #security #web
https://cdt.org/insights/distributing-the-keys-for-private-access-to-the-web/
0
0
0
Let’s All Agree to Use Seeds as ML-KEM Keys (2024) via @RunxiYu@social.treehouse.systems https://lobste.rs/s/bnvmia #cryptography
https://words.filippo.io/ml-kem-seeds/
1
0
1
(Cryptographic) Registries Considered Harmful via @RunxiYu@social.treehouse.systems https://lobste.rs/s/l4kgqg #cryptography
https://words.filippo.io/registries-considered-harmful/
0
0
1
@kubikpixel@chaos.social
·
Apr 23, 2026
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕
@kubikpixel@chaos.social
~/# I'm a ASD coffee loving WebDev and FLOSS geek with some 3D and cryptography experiences. Anarcho with Punk attitude and I had my own radio show. I post here mostly in German and in English and the are deleted after one month. This is a personal account and work in progress… searchable quality propaganda. -- Copyleft 🄯 CC BY-SA 4.0
chaos.social
Cryptographic Right Answers: Post Quantum and Rust Edition
[…] Cryptography is everywhere and as a developer you will need to upgrade your projects with post-quantum algorithms, whether because you care about the security of your users, or for compliance reasons. […]
🦀 https://kerkour.com/post-quantum-cryptography-recommendations-rust
#rust #cryptography #rustlang #pqc #itsec #itsecurity #security #coding #PQCryptography #postquantum
6
1
3