@chrisfenner.bsky.social
We need more former bartenders in Standards groups too!
22.02.2026 18:48 β π 1 π 0 π¬ 0 π 0π
βMistakes in cryptography are not a sin [β¦]. Theyβre simply a fact of life. As somebody once said, βcryptography is nightmare magic math that cares what color pen you use.β Weβre all going to get stuff wrong if we stick around long enough to do something interesting[.]β
M Night Shyamalan -ass security protocol
17.02.2026 02:52 β π 2 π 0 π¬ 0 π 0
Frog and Toad with a box illustration. Badly edited text. Frog put the KEY in a box. "There," he said. "Now we will not SIGN MALICIOUS MESSAGES." "But we can ASK THE HSM," said Toad. "That is true," said Frog.
16.02.2026 16:04 β π 253 π 36 π¬ 1 π 1I miss when you could post Brave Norman Rockwell Townsperson and the caption could be, like, βR.E.M was wrong to leave βFretlessβ off of Out of Timeβ instead of βThe secret police should stop murdering people.β
15.02.2026 20:56 β π 12070 π 1577 π¬ 145 π 59βYou wrote a presentation that the authors of RFC 9794 would criticizeβ might be the βyou wrote some code that the authors of the Linux kernel style guide would criticizeβ of teaching crypto
13.02.2026 07:33 β π 2 π 1 π¬ 0 π 0You can really tell someone spent 3 years perfecting this βTerminology for Post-Quantum Traditional Hybrid Schemesβ
13.02.2026 07:27 β π 2 π 0 π¬ 2 π 0> RFC 9794
> βThe word "hybrid" is also used in cryptography to describe encryption schemes that combine asymmetric and symmetric algorithms [RFC9180], so using it in the post-quantum context overloads it and risks misunderstandings.β
> Puts the word βhybridβ on everything
I finally reached the end. This was a super good episode and it gave me all the warm fuzzies about my internal reactions to getting started with Ossl3 for PQC.
As a former windows NCrypt provider maintainer, I really thought all my βmagic strings to throw at a generic APIβ was behind me π
6 more weeks of elliptic curve cryptography
03.02.2026 04:47 β π 2 π 0 π¬ 1 π 0just when I was learning to tolerate the EVP
02.02.2026 04:56 β π 2 π 0 π¬ 1 π 0Me several days ago: βwhy do all the ML-DSA signing test vectors have only up to 2 of ( key seeds, hedging randomness, and mu values )β
Me now: βok guess Iβm sending a PR to Wycheproof
Oh 100%
29.01.2026 03:27 β π 1 π 0 π¬ 0 π 0I should clarify: βcorrectly implementingβ¦β
29.01.2026 03:14 β π 0 π 0 π¬ 1 π 0Implementing a protocol that uses cryptography is harder than designing a protocol that uses cryptography.
Normally I use that to explain to people that they need to minimize excessive complexity in their designs but imagine what designs the team responsible for this code is capable of
They believe in nothing.
When you determine your views as being the midpoint between two opposing positions, it just shows that you don't hold actual beliefs or principles.
You found the logo for non-canonicalized EdDSA public keys
27.01.2026 02:45 β π 0 π 0 π¬ 1 π 0Minnesota National Guard members have arrived at a federal building and were directed to distribute donuts, coffee, and hot chocolate to anti-ICE protesters. Guard members were issued reflective vests so they would not be mistaken for federal agents.
25.01.2026 20:55 β π 56360 π 13920 π¬ 1607 π 1310At the end of the day, the Black Lives Matter era was about whether people should be killed in the street, and lots of people decided yeah and put those little blue flags on their cars. It spread to everyone because it stopped for no one.
24.01.2026 16:45 β π 20143 π 6999 π¬ 80 π 184Pro tip: never design a policy-measurement scheme like this. Itβs so brittle you will never be able to rotate keys. Imagine trying to bridge this system to PQC
24.01.2026 15:51 β π 4 π 1 π¬ 1 π 0This is why people reflexively dunk on BitLocker. As a product it is stuck on its threat model from the early 2000βs and Microsoft appears uninterested in modernizing it.
But as Swift above, dunking is a bit less warranted in this case because escrow to 1 of N of your other devices is complex
So if you upgrade firmware and itβs signed by a different key that you already trusted, or the same keys you trusted before but used in a different order, PCR 7 will change and send BitLocker to recovery.
24.01.2026 15:42 β π 2 π 0 π¬ 1 π 0![5. Before launching an EFI Driver or an EFI Boot Application (and regardless of whether the launch is due to the EFI Boot Manager picking an image from the DriverOrder or BootOrder UEFI variables or an already launched image calling the UEFI Loadlmage() function), the UEFI firmware SHALL determine if the entry in the EFI_IMAGE_SECURITY_DATABASE_GUID/EF|_ IMAGE_SECURITY_DATABASE variable that was used to validate the EFI image has previously been measured with the EV_EF_VARIABLE_AUTHORITY event type in PCR[7]. If it has not been, it MUST be measured into PCR[7] as follows. If it has been measured previously, it MUST NOT be measured again. The measurement SHALL occur in conjunction with image load.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:jk43wuenubqwx5gonueklyrn/bafkreigjhy43dr73gezdh6nfyx7xuxlhfc7zlhjkoobphmqrcpj23q64ce@jpeg)
5. Before launching an EFI Driver or an EFI Boot Application (and regardless of whether the launch is due to the EFI Boot Manager picking an image from the DriverOrder or BootOrder UEFI variables or an already launched image calling the UEFI Loadlmage() function), the UEFI firmware SHALL determine if the entry in the EFI_IMAGE_SECURITY_DATABASE_GUID/EF|_ IMAGE_SECURITY_DATABASE variable that was used to validate the EFI image has previously been measured with the EV_EF_VARIABLE_AUTHORITY event type in PCR[7]. If it has not been, it MUST be measured into PCR[7] as follows. If it has been measured previously, it MUST NOT be measured again. The measurement SHALL occur in conjunction with image load.
Here is the biggest problem I can see. PCR7 contains DB (authority keys and hashes) already but it gets extended again with each key the first time it gets used.
24.01.2026 15:42 β π 1 π 0 π¬ 1 π 0Bonus lore: PCR7 measurements are badly designed partly at the behest of BitLocker ca. mid-2000βs. That problem cannot now be fixed except by updated standards: trustedcomputinggroup.org/wp-content/u...
24.01.2026 15:42 β π 3 π 1 π¬ 1 π 0If you or a loved one are worried about the scenario where a corrupt government official is trying to get into your computer, you should disable online backup, print out the recovery keys, and put them in a box labeled βThe Epstein Filesβ
24.01.2026 09:56 β π 8 π 4 π¬ 0 π 0If youβve ever dug into the disaster that is the design of PCR7 measurements made by UEFI secure boot, you know how common BitLocker recovery has to be.
Microsoft should invest in an Apple-like βescrow this key to your other devicesβ feature but this is a significant effort
It is fun and good to dunk on BitLocker not bothering to update their threat models (cf. TPM bus interposition) but Matthewβs thread breaks down how truly difficult Microsoftβs position is here β MS cannot serve remote recovery without also being technically able to respond to warrants
24.01.2026 09:43 β π 4 π 3 π¬ 1 π 0I am pleased to report that between HackerNews and Googleβs internal βLearning on the Looβ program, I am officially published to toilets worldwide
17.01.2026 20:57 β π 7 π 1 π¬ 0 π 0
