Scott A's Avatar

Scott A

@ciphper.bsky.social

Cryptography and software security nerd https://scottarc.blog

56 Followers  |  6 Following  |  7 Posts  |  Joined: 03.06.2024  |  1.5698

Latest posts by ciphper.bsky.social on Bluesky

Preview
How we avoided side-channels in our new post-quantum Go cryptography libraries We’ve released open-source Go implementations of ML-DSA and SLH-DSA.

Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.

blog.trailofbits.com/2025/11/14/h...

#golng #crypto #cryptography #postquantum

14.11.2025 16:00 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
A WordPress Hard Fork Could Be Made Painless for Plugin/Theme Developers Previously, I wrote about how code-signing and threshold signatures could allow the WordPress community (whether they continue to support WordPress or decide to hard-fork the project onto something…

scottarc.blog/2024/10/14/a...

15.10.2024 00:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Quantum is unimportant to post-quantum By Opal Wright You might be hearing a lot about post-quantum (PQ) cryptography lately, and it’s easy to wonder why it’s such a big deal when nobody has actually seen a quantum computer.…

blog.trailofbits.com/2024/07/01/q...

01.07.2024 17:20 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I've never witnessed an experts vs non-experts split like on Kyber/ML-KEM.

No cryptographer I know thinks ML-KEM was intentionally weakened, or knows any cryptographer who does.

Meanwhile, enthusiasts in issue trackers are all but certain.

It would be impressive if it wasn't sad and worrying.

17.06.2024 06:12 β€” πŸ‘ 37    πŸ” 7    πŸ’¬ 3    πŸ“Œ 0
Preview
The Quest for the Gargon Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...

scottarc.blog/2024/06/17/t...

17.06.2024 11:52 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
The Quest for the Gargon Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...

scottarc.blog/2024/06/17/t...

17.06.2024 11:52 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

One thing I like about Bluesky so far is, despite not following many accounts, my timeline is extremely weird.

In a good way, I mean.

05.06.2024 12:43 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Attacking NIST SP 800-108 If you've never heard of NIST SP 800-108 before, or NIST Special Publications in general, here's a quick primer: Special Publications are a type of publication issued by NIST. Specifically, the SP 800...

scottarc.blog/2024/06/04/a...

Attacking NIST SP 800-108

(AES-CMAC KDF in Counter Mode, Loss of Key Control Security)

04.06.2024 07:58 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Encryption At Rest: Whose Threat Model Is It Anyway? One of the lessons I learned during my time at AWS Cryptography (and particularly as an AWS Crypto Bar Raiser) is that the threat model for Encryption At Rest is often undefined. Prior to consulting c...

Hello BlueSky!

I wrote a thing about encryption-at-rest: scottarc.blog/2024/06/02/e...

03.06.2024 03:52 β€” πŸ‘ 11    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

@ciphper is following 6 prominent accounts