Kenny Paterson's Avatar

Kenny Paterson

@kennyog.bsky.social

Bit flipper

684 Followers  |  264 Following  |  57 Posts  |  Joined: 18.05.2023  |  1.4995

Latest posts by kennyog.bsky.social on Bluesky

Preview
Password managers' promise that they can't see your vaults isn't always true Contrary to what password managers say, a server compromise can mean game over.
17.02.2026 20:43 β€” πŸ‘ 42    πŸ” 21    πŸ’¬ 1    πŸ“Œ 2

A thread in which @sockpuppet.org presents some of the juiciest morsels from our paper at zkae.io :

17.02.2026 14:19 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

A very nice blogpost explaining our work - slices right through the marketing from the vendors: medium.com/reading-sh/y...

17.02.2026 12:59 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

We didn’t go as deep on 1password as the others. Probably some interesting things still to be found there.

16.02.2026 11:35 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Security advisory: Cryptography downgrade issue OverviewDashlane has fixed an issue that, if Dashlane’s servers were fully compromised, could have allowed a downgrade of the encryption model used to generate encryption keys and protect user vaul...

@dashlane.com advisory: support.dashlane.com/hc/en-us/art...

16.02.2026 08:25 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Password managers less secure than promised Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored pas...

ETH news article abkut the work: ethz.ch/en/news-and-...

16.02.2026 08:24 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Zero Knowledge (About) Encryption

Now we can finally tell you about all 27 of them: zkae.io

Paper to appear at USENIX Security 2026: eprint.iacr.org/2026/058

Joint work with Matilda Backendal, Matteo Scarlata, Giovanni Torrisi

16.02.2026 08:12 β€” πŸ‘ 11    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

In this "malicious server" threat model, we found a total of 27 vulnerabilities across Bitwarden, Dashlane, LastPass and 1Password.

More than half of them lead to compromise of your passwords.

16.02.2026 08:12 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Do you use a cloud-based password manager? So what's your threat model?

Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."

We decided to test this… 1/n

16.02.2026 08:12 β€” πŸ‘ 31    πŸ” 14    πŸ’¬ 2    πŸ“Œ 3

Miracle of miracles: Deutsche
Bahn runs almost on time!

12.02.2026 11:59 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Almost in Karlsruhe for this talk. Looking forward to some great discussions with the KIT crypto and security community.

11.02.2026 12:00 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Preview
Degree-Off

"The heroes of my fields have slain one of the four horsemen of the apocalypse, while the heroes of your field gathered in the desert to create a new one" is such a clear, brutal rebuttal to Manhattan Project mythology, and now the most venal idiots alive are bringing back diseases because they can.

23.01.2026 20:10 β€” πŸ‘ 68    πŸ” 19    πŸ’¬ 0    πŸ“Œ 0
Post image

The sun still rises. And it will continue to do so. Long after the fascists are gone.

20.01.2026 08:37 β€” πŸ‘ 13    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Submission week for the Cryptographic Application Workshop (CAW), an affiliated event at Eurocrypt'26 in Rome! Please submit your talk proposals on constructive real-world crypto using the following instructions before Jan 23, 2026 AoE. All infos on: caw.cryptanalysis.fun.

19.01.2026 20:20 β€” πŸ‘ 8    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0
Post image

I insisted that Nadhim Zahawi delete this tweet before joining us, because one of our rules is that everyone in Reform UK has to pretend that I’m not racist.

13.01.2026 09:28 β€” πŸ‘ 449    πŸ” 134    πŸ’¬ 11    πŸ“Œ 0

Achievement unlocked: I finished the Private Eye Christmas cryptic crossword (#820). It’s a right corker, thanks to Cyclops for providing the much appreciated Yuletide mental gymnastics! @privateeyenews.bsky.social

25.12.2025 22:55 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Cat sitting on a wall with a doubtful look on its face.

Cat sitting on a wall with a doubtful look on its face.

Doubting Tomcat.

25.12.2025 22:41 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Some great talks to come at #RWC026 including 5 (!) from the Applied Cryptography research group @csateth.bsky.social on topics including Signal’s security, designing SecureDrop Next Generation, fuzzing of crypto libraries…. and one mystery topic still under embargo.

19.12.2025 22:27 β€” πŸ‘ 22    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Post image

Winter sun on Zuriberg.

08.12.2025 22:15 β€” πŸ‘ 11    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Nah, I just need more coffee!

18.09.2025 06:18 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

When I read β€œwas” I feared the worst. Glad to hear Alfred is alive and kicking (and still having impact).

18.09.2025 06:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Two carved wooden heads on a Swiss bridge, both looking startled.

Two carved wooden heads on a Swiss bridge, both looking startled.

Catching up on recent posts on the CFRG mailing list.

01.09.2025 07:04 β€” πŸ‘ 9    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Good luck - hope everything goes smoothly and the course is a hit!

02.08.2025 14:03 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

I like it! New mascot for the group.

28.07.2025 06:21 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Do I let this guy stay in the garage or gently remove him to a nice damp bit of garden?

28.07.2025 06:15 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 4    πŸ“Œ 0

Curve25519 is a false friend. Also isn’t it β€œdefence” rather than β€œdefense”? πŸ‡¬πŸ‡§

26.07.2025 15:57 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Would it be too salty to say how reassuring it is to find so many new experts in quantum computing and post quantum cryptography suddenly popping up over on LinkedIn?

18.07.2025 11:27 β€” πŸ‘ 26    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

New reading material dropped.

17.07.2025 07:17 β€” πŸ‘ 16    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
RWC 2026 call for papers Real World Crypto Symposium

The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...

13.07.2025 15:52 β€” πŸ‘ 13    πŸ” 9    πŸ’¬ 1    πŸ“Œ 0

@kennyog is following 19 prominent accounts