2018-09-30: Analyzing a simple encryption scheme using GitHub SSH keys (This is an introductory level analysis of a scheme involving...

2018-08-08: ROCA vs. ROBOT: An Eternal Golden Braid The ROCA RSA key generation flaw or ROBOT, the “Return...

2018-08-03: The default OpenSSH key encryption is worse than plaintext The eslint-scope npm package got compromised recently, stealing npm credentials...

2018-07-18: Factoring the Noise protocol matrix TL;DR: if I ever told you to use Noise, I...

2018-07-05: Silly pickle tricks: self-uncompressing pickles We’ve been working on some pickle security stuff. This is...

2018-06-21: Loud subshells Default shells usually end in $. Unless you’re root and...

2018-06-12: A Child’s Garden of Inter-Service Authentication Schemes Modern applications tend to be composed from relationships between smaller...

2018-05-29: Gripes with Google Groups If you’re like me, you think of Google Groups as...

2018-05-16: There Will Be WireGuard Amidst the hubbub of the Efail PGP/SMIME debacle yesterday, the...

2018-05-04: Dumb Security Questionnaires It’s weird to say this but a significant part of...

2018-04-03: Cryptographic Right Answers We’re less interested in empowering developers and a lot more...

2018-03-21: taps microphone #garfield #dank

2018-03-21: Is this thing on? #brand #skittles