Looks like the Kryptos kerfuffle didn't hurt the auction much! #cryptography https://www.r rauction.com/auctions/lot-detail/350761607302001-the-complete-secrets-of-kryptos-jim-sanborns-private-archive/?cat=755

Well, that’s embarrassing.

On the plus side, I guess it works.

#cryptography #fail #iacr

https://www.bbc.com/news/articles/c62vl05rz0ko

Not in The Prophecies: Practical Attacks on Nostr

https://eprint.iacr.org/2025/1459

#NOSTR #cryptography #social

6 years after too much crypto https://lobste.rs/s/nnor3p #cryptography #security
https://bfswa.substack.com/p/6-years-after-too-much-crypto

Releasing VoteSecure: The Core Cryptographic Protocol for Mobile Voting https://lobste.rs/s/d3wwue #cryptography #formalmethods
https://freeandfair.us/blog/releasing-votesecure/

How we avoided side-channels in our new post-quantum Go cryptography libraries https://lobste.rs/s/9appzu #cryptography #go #security
https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/

Claude Code Can Debug Low-level Cryptography https://lobste.rs/s/cg6q4y #cryptography #go #vibecoding
https://words.filippo.io/claude-debugging/

Re: A few comments on ‘age’ (2019) via @susam https://lobste.rs/s/zdnyte #cryptography
https://groups.google.com/g/age-dev/c/r-gwwcN3L-0/m/EhEvUbG5AwAJ

Encryption using SSH Keys with age in Linux https://lobste.rs/s/vt2gjb #cryptography #linux
https://ittavern.com/encryption-using-ssh-keys-with-age-in-linux/

Well, that's a #cryptography oops. https://web.archive.org/web/20251016101736/https://www.nytimes.com/2025/10/16/science/kryptos-cia-solution-sanborn-auction.html

Length-extension attacks are still a thing via @fanf https://lobste.rs/s/9o5pjv #cryptography
https://00f.net/2025/10/23/length-extension-attacks/

The Dreamseeker’s Vision of Tomorrow https://lobste.rs/s/881pke #cryptography #distributed
https://soatok.blog/2025/10/15/the-dreamseekers-vision-of-tomorrow/

I expected we’d see Kryptos cracked in my lifetime… but not through a side channel attack involving paperwork stored at the Smithsonian.

#cryptography #cryptomeanscryptography
#cia

https://www.nytimes.com/2025/10/16/science/kryptos-cia-solution-sanborn-auction.html

[for your address book]

https://soc.octade.net/cryptography/

A Fediverse group for sharing and discussing #ciphers, #codes #cryptography and #encryption and related applications and #research.

#crypto #cypher #cypherpunks #confidentiality #privacy #groups #fedigroups #fediverse

Alt...

Artistic image of a sheet of paper with binary ones and zeroes and a reddish padlock in the upper right-hand corner..

Hexlish Alphabet for English, Constructed Languages and Cryptography: Automatic, Structural Compression with a Phonetic Hexadecimal Alphabet

DOI : https://doi.org/10.5281/zenodo.13139469

Hexlish is a legible, sixteen-letter alphabet for writing the English language and for encoding text as legible base 16 or compressed binary. Texts composed using the alphabet are automatically compressed by exactly fifty percent when converted from Hexlish characters into binary characters. Although technically lossy, this syntactic compression enables recovery of the correct English letters via syntactic reconstruction. The implementer can predict the size of the compressed binary file and the size of the text that will result from decompression. Generally it is intuitive to recognize English alphabet analogues to Hexlish words. This makes Hexlish a legible alternative to the standard hexadecimal alphabet.

#Hexlish #Conlang #Alphabets #English #Hexadecimal #Encoding #Cryptography #Ciphers #Crypto #Encryption #Compression #Papers #Preprints #Orthography #Language #Linguistics #Writing #Glyphs #Alphabetology #Technology

Alt...

Hexlish Alphabet logo. The word HEXLISH in rainbow colors on a black background with a hexagonal dot above the letter I. Beneat the logo in yellow reads the phrase, "English Text Compression & Encoding."

NSA and IETF: Can an attacker simply purchase standardization of weakened cryptography? https://lobste.rs/s/ngjqsm #cryptography
https://blog.cr.yp.to/20251004-weakened.html

Found this in my old tabs. Kind of a scary idea! #Cryptography can't do much about attacks like this. @schneier https://www.schneier.com/blog/archives/2025/08/eavesdropping-on-phone-conversations-through-vibrations.html

Why aren't we recording pre-AI content using a PoE (Proof of Existence) protocol? https://lobste.rs/s/qurbh4 #ask #cryptography

Citizen Protest Halts Chat Control https://lobste.rs/s/jljxt2 #cryptography #law #privacy
https://www.patrick-breyer.de/en/citizen-protest-halts-chat-control-breyer-celebrates-major-victory-for-digital-privacy/

Hey #Ottawa ! I'm going to be teaching you how to use #web #cryptography at the next ForwardJS meetup. Come sign up!

https://www.meetup.com/ottawa-forwardjs-meetup/events/311430521/

Signal Protocol and Post-Quantum Ratchets https://lobste.rs/s/3oyazz #cryptography
https://signal.org/blog/spqr/

c-sigma: Easy-to-use Sigma proofs in C using libsodium https://lobste.rs/s/u6bxmq #c #cryptography #programming
https://github.com/jedisct1/c-sigma

Oh, right, I said I'd post some good news. This article appears to have nothing to do with #cryptography, but look down towards the bottom where they talk about "clock arithmetic" --- that's the same "wraparound" arithmetic that I introduce on page 3 of my book! @QuantaMagazine https://www.quantamagazine.org/new-math-revives-geometrys-oldest-problems-20250926/

Come on Microsoft #cryptography, get with the 21st century! @matthew_d_green https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/

Investigating a Forged PDF https://lobste.rs/s/vxzaqm #cryptography #law
https://mjg59.dreamwidth.org/73317.html

Sequoia: Rust OpenPGP implementation via @vulcan https://lobste.rs/s/ftfvjk #cryptography #rust
https://gitlab.com/sequoia-pgp/sequoia

Does anyone have a minimal program that implements sha256 using the Intel SHA instructions (aka _mm_sha256rnds2_epu32)?

Want a program that takes either stdin or a file and outputs the hash, and it should be a single file, though two or three is fine.

#Cryptography

Here's the documentation on the #Arch #Linux wiki about #LUKS key files:

https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Keyfiles

#crypto #Cryptography

Today I learned that #LUKS supports key files in addition to passphrases.

I guess I need to update my #KeePass key file generator page and make it more generic.

https://atoponce.github.io/keepass-files/

#crypto #cryptography #linux #keepassxc

Building secure peer-to-peer messaging apps is tough, and it's even tougher to get people to switch from what they already use. I've noticed that a great user interface and an intuitive design often matter more to people than terms like cryptography or end-to-end encryption.

That's why I've started building a UI library to tackle this head-on! It's a work in progress, but the goal is to create a more welcoming and seamless experience for new users.

Check out the UI library here: https://ui.positive-intentions.com

And you can see a live demo of the UI in action here: https://glitr.positive-intentions.com

I'd love to hear your thoughts and feedback as I continue to shape it!

#PeerToPeer #SecureMessaging #P2P #UIUX #WebDevelopment #MaterialUI #ModuleFederation #DesignSystem #Cryptography #UI

Why on earth was the #ActivityPub protocol even let out the door without a well-specified and mandatory graceful, non-destructive key rotation scheme?

Yes I know the privacy issues. Those are not valid reasons to not have such a mechanism; it's a valid reason to not enable or use one.

What we're stuck with now is a ton of instances with absurdly long, legacy-algorithm keys (RSA-4096) with no way to replace them with shorter/better keys without effectively losing everything ever posted on the instance.

The protocol is only 7 years old! EC crypto was well-established at the time, and should have been the default.

And what happens once everyone has to replace the keys, because RSA is broken by quantum computers (I know, probably 100 years to go)? The #Fediverse will be a wasteland, with no instances trusting anything from any other instance, so all #Federation breaks down.

Sorry if I got some details wrong about what the protocol says. If I get flamed to death for being wrong, then I'll consider that a Good Thing(TM). I've been trying to find a way to rotate/replace keys for a while and all my searching turns up is either 1) confirmation that most people don't know or care about cryptography, or 2) https://socialhub.activitypub.rocks/t/key-rotation-notification/562 - which really isn't helpful.

If it is possible to gracefully rotate the key(s) of an instance/user, there really has to exist some documentation that explains clearly how to implement this in a server and how to exercise it as a server operator.

#Cryptography #Rant #Mastodon

NEWSCARD Publish and fetch permanent named records via Network News

Newscard creates a decentralized, encrypted, named record paste bin.

[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)

With a single command, name the card, snarf the file and encrypt it.

With another command, push the encrypted file to the public network.

With another short command, snarf a file from the network.

Only users knowing the name [key] of the record will be able to decrypt it.

If a strong passphrase is used to name the file, it will be very secure.

This is useful for quickly snarfing, encrypting, and publishing a text file:

$~: card enc [passphrase] [file]
$~: card put [passphrase]

It is useful for retrieving a text file with just a key:

$~: card get [passphrase]
$~: card show [passphrase]

If and when you want the general public to access the record just share the keyword.

Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.

Newscard generates 9 each of: cipher keys, salts, key iteration parameters.

It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.

#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS

@infostorm@a.gup.pe @crypto@a.gup.pe @infosec@a.gup.pe @selfhosting@a.gup.pe

Alt...

Playing card of the Jack of Clubs. The Jack is a moustached man in a black top hat and suit in a oval center cameo. The colors are inverted so that everything on the face is black except the lines which are white, like a charcoal cutout picture., giving it a retro digital appearance mixed with retro handicraft vibes.

phunnee!

https://github.com/706f6c6c7578/minicrypt

#cryptography

So, hear me out:

If instead of the current Hash+Salt based modality of password management, and given the relative lack of quantum complexity in how that all works for authentication, I have a proposition.

For any given password length N, N! hashes are taken for the password such that any substring starting with the first character and any arbitrary following sequential characters (D) to the length of the string (c0->cD) where D < N. This would require a quantum actor to deal with an element quantum mechanics is explicitly bad at dealing with: Certainty.

Instead of relying on the relatively low quantum complexity of the hashes, we extrapolate into another dimension and create an ordering of hashes that becomes a tangible certainty. Instead of having to find all of the hashes in a field (Low quantum complexity, High computational complexity), the operator must find a specific order from those hashes in the field (Extremely high quantum complexity, Moderate computational complexity).

It would also reduce the urgency of collision discoveries in hashing algorithms too.

Just a thought.

#cryptography #cybersecurity #informationsecurity #passwords #hashingalgorithms #hash #notThatKindofHash

NEWSCARD Publish and fetch permanent named records via Network News

Newscard creates a decentralized, encrypted, named record paste bin.

[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)

With a single command, name the card, snarf the file and encrypt it.

With another command, push the encrypted file to the public network.

With another short command, snarf a file from the network.

Only users knowing the name [key] of the record will be able to decrypt it.

If a strong passphrase is used to name the file, it will be very secure.

This is useful for quickly snarfing, encrypting, and publishing a text file:

$~: card enc [passphrase] [file]
$~: card put [passphrase]

It is useful for retrieving a text file with just a key:

$~: card get [passphrase]
$~: card show [passphrase]

If and when you want the general public to access the record just share the keyword.

Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.

Newscard generates 9 each of: cipher keys, salts, key iteration parameters.

It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.

#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS

@infostorm@a.gup.pe @crypto@a.gup.pe @infosec@a.gup.pe

Alt...

Playing card of the Jack of Clubs. The Jack is a moustached man in a black top hat and suit in a oval center cameo. The colors are inverted so that everything on the face is black except the lines which are white, like a charcoal cutout picture., giving it a retro digital appearance mixed with retro handicraft vibes.

NEWSCARD Publish and fetch permanent named records via Network News

Newscard creates a decentralized, encrypted, named record paste bin.

[git repo] https://codeberg.org/OCTADE/newscard (use most recent version only)

With a single command, name the card, snarf the file and encrypt it.

With another command, push the encrypted file to the public network.

With another short command, snarf a file from the network.

Only users knowing the name [key] of the record will be able to decrypt it.

If a strong passphrase is used to name the file, it will be very secure.

This is useful for quickly snarfing, encrypting, and publishing a text file:

$~: card enc [passphrase] [file]
$~: card put [passphrase]

It is useful for retrieving a text file with just a key:

$~: card get [passphrase]
$~: card show [passphrase]

If and when you want the general public to access the record just share the keyword.

Newscard uses nine (9) (NINE) layers of encryption with OpenSSL chacha20 cipher.

Newscard generates 9 each of: cipher keys, salts, key iteration parameters.

It would be nice if something like this were added to the ActivityPub protocol, such that keyword[@]host.url would do the same thing. Then secret text records could be stored securely for later retrieval or revelation.

#NewsCard #Pastebin #Usenet #NNTP #NetworkNews #Encryption #Cryptography #Messaging #Anonymity #Protocols #OpenSource #FreeSoftware #BlackHackJack #Censorship #Retro #InfoSec #Ciphers #Codes #FOSS

@infostorm@a.gup.pe @usenet@lemmy.world @crypto@a.gup.pe @infosec@a.gup.pe

Alt...

Playing card of the Jack of Clubs. The Jack is a moustached man in a black top hat and suit in a oval center cameo. The colors are inverted so that everything on the face is black except the lines which are white, like a charcoal cutout picture., giving it a retro digital appearance mixed with retro handicraft vibes.