soc.octade.net is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.

This server runs the snac software and there is no automatic sign-up process.

Admin email
social@octade.net

Search results for tag #cryptography

[?]Marin Ivezic » 🌐
@infosec@defcon.social

New analysis: How Much Can AI Actually Help With PQC Migration?

A hypothesis paper in MDPI Cryptography claims frontier AI (Mythos-class) compresses enterprise PQC migration from 12-15 years to 2-4 years. The paper models AI as both defender accelerator and adversary destabilizer through six feedback loops, and that dual-use framing is sound.

The timeline estimate is not.

I've led PQC migration programs generating 120,000+ discrete tasks. AI genuinely helps with the technical analysis fraction: crypto discovery triage (months to days), migration strategy automation across 100K+ instances, code diff generation (hours to minutes), test scenario creation.

That accounts for maybe 15-20% of total program effort.

The other 80%:

- Getting executive mandate and multi-year budget (3-12 months)

- Standing up program governance (3-6 months)

- Negotiating access to production segments across business units (this is the bottleneck in discovery, not analysis speed)

- Change advisory board approvals for every production change

- Vendor firmware/certification timelines entirely outside your control

- Interoperability testing with real counterparties on their schedules

- FIPS 140-3 module validation cycles

- CBOM and crypto-agility as organizational transformations, not technology deployments

Key analytical distinction: effort compression ≠ schedule compression. 20% of effort off the critical path saves zero calendar time. The institutional dependencies dominate the critical path in every large program I've observed.

The paper assigns 8 years to AI-compressible work and 2 years to the institutional floor. In my experience, those proportions are reversed.

EO 14412 (signed June 22, 2026) sets Dec 31, 2030 for PQC key establishment and Dec 31, 2031 for digital signatures in federal high-value systems. CNSA 2.0 requires new NSS acquisitions to be compliant from January 2027.

The correct response to AI-accelerated adversary capability is not "compress the timeline from 15 years to 4." It's: start the program now and use AI within it.

postquantum.com/post-quantum/a

    Guy boosted

    [?]Scott Francis » 🌐
    @darkuncle@infosec.exchange

    “You go to war with the algorithms you have, not the ones you wish you had.” — Eric Rescorla

    blog.cloudflare.com/ml-dsa-wil

      [?]The Shufflecake Project » 🌐
      @shufflecake@fosstodon.org

      [?]Settoletto 🍤 » 🌐
      @setto@fed.dyne.org

      Open source libraries for provable data and programmable cryptography

      (https://fed.dyne.org/c/cryptography)

      [?]SolSoCoG » 🌐
      @SolSoCoG@ieji.de

      We have better and standards than most online banking sites, offering #0-RTT + + -Quantum .

      An A+ Qualys SSLabs score showing a QUITE perfect deployment of website encryption. Additional texts:  This server supports TLS 1.3. This server supports PQC (Post-Quantum Cryptography) key exchange. HTTP Strict Transport Security (HSTS) with long duration deployed on this server. DNS Certification Authority Authorization (CAA) Policy found for this domain.

      Alt...An A+ Qualys SSLabs score showing a QUITE perfect deployment of website encryption. Additional texts: This server supports TLS 1.3. This server supports PQC (Post-Quantum Cryptography) key exchange. HTTP Strict Transport Security (HSTS) with long duration deployed on this server. DNS Certification Authority Authorization (CAA) Policy found for this domain.

      http3checker screenshot showing we support quic and http/3 including 0-RTT and H3 quic protocol.

      Alt...http3checker screenshot showing we support quic and http/3 including 0-RTT and H3 quic protocol.

        [?]aeon022 » 🌐
        @aeon022@mastodon.social

        Stop sending your API keys to the cloud! 🔒

        postctl keeps your Mastodon, Bluesky, and Threads tokens securely stored on your local disk. Using AES-256-GCM encryption derived from a custom passphrase, your credentials stay encrypted inside a local SQLite database. Zero telemetry, zero cloud intermediate servers.

        100% open source and local-first:
        👉 github.com/aeon022/postctl
        🌐 postctl.sh

          [?]aeon022 » 🌐
          @aeon022@mastodon.social

          Stop sending your API keys to the cloud! 🔒

          postctl keeps your Mastodon, Bluesky, and Threads tokens securely stored on your local disk. Using AES-256-GCM encryption derived from a custom passphrase, your credentials stay encrypted inside a local SQLite database. Zero telemetry, zero cloud intermediate servers.

          100% open source and local-first:
          👉 github.com/aeon022/postctl
          🌐 postctl.sh

            [?]aeon022 » 🌐
            @aeon022@mastodon.social

            Stop sending your API keys to the cloud! 🔒

            postctl keeps your Mastodon, Bluesky, and Threads tokens securely stored on your local disk. Using AES-256-GCM encryption derived from a custom passphrase, your credentials stay encrypted inside a local SQLite database. Zero telemetry, zero cloud intermediate servers.

            100% open source and local-first:
            👉 github.com/aeon022/postctl
            🌐 postctl.sh

              [?]The Mathematics of Secrets » 🌐
              @MathOfSecrets@mathstodon.xyz

              Good summary of where we are on signatures using post-quantum from @cloudflare . Not sure the wish list is realistic --- I think we're probably still going to have to choose from a selection much like what's listed here! blog.cloudflare.com/ml-dsa-wil

                muddle 🥣 boosted

                [?]Teknovis » 🌐
                @Teknovis@mastodon.ie

                Fascinating reading about digital signatures...

                Why we cannot wait for better post-quantum signature algorithms

                blog.cloudflare.com/ml-dsa-wil

                  [?]Hacker News » 🤖 🌐
                  @h4ckernews@mastodon.social

                  [?]aeon022 » 🌐
                  @aeon022@mastodon.social

                  Stop sending your API keys to the cloud! 🔒

                  postctl keeps your Mastodon, Bluesky, and Threads tokens securely stored on your local disk. Using AES-256-GCM encryption derived from a custom passphrase, your credentials stay encrypted inside a local SQLite database. Zero telemetry, zero cloud intermediate servers.

                  100% open source and local-first:
                  👉 github.com/aeon022/postctl
                  🌐 postctl.sh

                    [?]Assn for Computing Machinery » 🌐
                    @ACM@mastodon.acm.org

                    Happy Birthday Adi Shamir! Shamir received the 2002 w/ Leonard Adleman and Ron Rivest for making public-key useful in practice. Their method is still used in almost all internet-based commercial transactions: amturing.acm.org/award_winners

                      [?]xoron :verified: » 🌐
                      @xoron@infosec.exchange

                      [?]Reverend Elvis » 🌐
                      @reverend@social.undeadnetwork.de

                      Forward, and don’t forget! A Cypherpunk’s manifesto
                      In 1993, a mathematician named Eric Hughes sat down and wrote a declaration of his own.

                      It was not about a king. It was about privacy, and the machines that were quietly ending it. He called it A Cypherpunk's Manifesto. The core idea was simple and radical: if you want privacy in a digital world, no one is going to grant it to you. You have to build it yourself.

                      His most famous line is three words long. "Cypherpunks write code." Not petition. Not protest. Not wait for permission. Build the thing that makes the freedom real, then give it away so no one can take it back.

                      Fifteen years later, Satoshi did exactly that. Bitcoin was not a demand that governments fix the money. It was working code that fixed it, released into the open where no one could recall it.

                      Here is the lesson that outlived the manifesto. Rights you have to ask for can be revoked. Rights you build into running code are yours to keep.

                      Independence was never granted. It gets written. Sometimes in ink, sometimes in software.

                      via primal.net/e/nevent1qqs8w3e4ls

                      --------Manifesto here-------->>>>>

                      word.undead-network.de/2026/07

                      Eric Hughes

                      Alt...Eric Hughes

                        [?]C. » 🌐
                        @cazabon@mindly.social

                        The NSA supports publishing a standards RFC (while claiming it is not a standard) that would result in the widespread deployment of less-safe cryptography [1] for TLS/HTTPS.

                        What a shocker.

                        mailarchive.ietf.org/arch/msg/

                        [1] They are pushing, hard, for a standards document that serves, effectively, as a recommendation for the use of the new ML-KEM "post-quantum" cryptography primitive by itself, rather than the more secure ECCDH *plus* ML-KEM which provides the ECC backstop (currently used almost universally) if the ML-KEM implementation is found to contain bugs or if the algorithm itself is found to have weaknesses not known at the present moment. Keep in mind that such weaknesses have regularly been found in algorithms 10, 20 *years* after widespread deployment, and bugs are far from unknown.

                          [?]C. » 🌐
                          @cazabon@mindly.social

                          @djb

                          They're also getting really testy about us "regular Joes" showing up and voting against publication of the deliberately-weak solo PQ recommendation.

                          You can practically feel their frustration - "We stuffed this list to pass this vote, and they're stuffing it against us!".

                          The blatant hypocrisy of the "not standards-track" thing bugged me too when it came through the list.

                          Anyone who follows me and cares about cryptography or their privacy: read djb's short blurb here:

                          nsa.2026.action.cr.yp.to/

                          There's action you can take to try to prevent the NSA's attempt to get the world to standardize on deliberately weakened cryptography in TLS - i.e. the thing that protects every important web connection on the planet. They have form for doing this in the past, and are trying again.

                          There are other links in the above page for more information.

                            [?]CosicBe » 🌐
                            @CosicBe@mastodon.social

                            How did cryptography research start at COSIC? At our mini-symposium on COSIC Origins (1979–1997), Yvo Desmedt, Ingrid Verbauwhede, Bart Preneel, Joan Daemen & Vincent Rijmen shared their first steps and the realities of doing groundbreaking work before the digital era.

                              Guy boosted

                              [?]Lobsters » 🤖 🌐
                              @lobsters@mastodon.social

                              🗳
                              ArcaneChat boosted

                              [?]Sovranità Digitale 🇪🇺✨🛰🌐🔋 » 🌐
                              @simonestalfieri@mastodon.uno

                              [ITA]
                              Qual'è allo stato attuale la miglior app di messaggistica crittografata?
                              In caso non sia presente indicala nei commenti.

                              [ENG]
                              What is the best encrypted messaging app to date 30/06/26 ?
                              @adbenitez @signalapp @delta @element @matrix

                              Olvid (Free version):0
                              Signal:5
                              Element X:2
                              Delta Chat:5
                              Guy boosted

                              [?]The New Oil » 🤖 🌐
                              @thenewoil@mastodon.thenewoil.org

                              [?]Paysages Mathématiques » 🌐
                              @paysmaths@mathstodon.xyz

                              Singaporean brothers use unsolvable maths equations to build modern, unbreakable encryption
                              Source : The Straits Times / Sarah Koh

                              straitstimes.com/tech/sporean-

                                Back to top - More...