Sylvain's Avatar

Sylvain

@ipolit.bsky.social

20 Followers  |  45 Following  |  1 Posts  |  Joined: 10.05.2023  |  1.5285

Latest posts by ipolit.bsky.social on Bluesky


Do you use a cloud-based password manager? So what's your threat model?

Vendors like Bitwarden, Dashlane, LastPass and 1Password offer you "Zero Knowledge Encryption", with statements like: "Not even the team at Bitwarden can read your data (even
if we wanted to)."

We decided to test this… 1/n

16.02.2026 08:12 β€” πŸ‘ 31    πŸ” 15    πŸ’¬ 2    πŸ“Œ 3
Preview
Phrack – Darknet Diaries Phrack is legendary. It is the oldest, and arguably the most prestigious, underground hacking magazine in the world. It started in 1985 and is still running today. In this episode we interview the Phr...

The Phrack Staff is on the latest episode of the DarknetDiaries episode!

darknetdiaries.com/episode/170/

04.02.2026 22:07 β€” πŸ‘ 29    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Neil Postman quote

Neil Postman quote

Literacy is our greatest weapon to remain robust and defend our humanity in this invasive, modern environment. Here, I recommend 7 books to create more robust humans. And yes, Huxley was right.

perilous.tech/7-books-for-...

28.01.2026 14:14 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

Microsoft is handing over Bitlocker keys to law enforcement. www.forbes.com/sites/thomas...

23.01.2026 13:59 β€” πŸ‘ 447    πŸ” 314    πŸ’¬ 16    πŸ“Œ 66
Post image

Submission week for the Cryptographic Application Workshop (CAW), an affiliated event at Eurocrypt'26 in Rome! Please submit your talk proposals on constructive real-world crypto using the following instructions before Jan 23, 2026 AoE. All infos on: caw.cryptanalysis.fun.

19.01.2026 20:20 β€” πŸ‘ 8    πŸ” 7    πŸ’¬ 1    πŸ“Œ 0
Preview
Quantum computing for lawyers and anyone who’s not sure what β€œquantum” means

bfswa.substack.com/p/quantum-co...

17.01.2026 20:11 β€” πŸ‘ 40    πŸ” 7    πŸ’¬ 2    πŸ“Œ 2
Abstract. The paper is currently under embargo, and will be released mid-February 2026.

Abstract. The paper is currently under embargo, and will be released mid-February 2026.

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers (Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, Kenneth G. Paterson) ia.cr/2026/058

14.01.2026 18:04 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 0    πŸ“Œ 1
Post image

At the gpg.fail talk and omg #39c3

You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message.

Won’t even blame PGP here. C is unsafe at any speed.

gpg has not fixed it yet.

27.12.2025 16:31 β€” πŸ‘ 437    πŸ” 111    πŸ’¬ 4    πŸ“Œ 21
Preview
RWC 2026 accepted papers Real World Crypto Symposium

The accepted talks for Real World Crypto 2026 are now online: rwc.iacr.org/2026/accepte...

Thanks to everyone who submitted, and we look forward to the discussions at the symposium.

19.12.2025 19:04 β€” πŸ‘ 22    πŸ” 9    πŸ’¬ 0    πŸ“Œ 1

The PDF is also available online: archives.phrack.org/issues/72/ph...

More at phrack.org/contact

13.12.2025 09:35 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
When will quantum break crypto? the answer will shock you And other crypto-prophecies.

in 5 years bfswa.substack.com/p/when-will-...

24.11.2025 11:52 β€” πŸ‘ 9    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
Cryptographers Held an Election. They Can’t Decrypt the Results.

Keys are hard. www.nytimes.com/2025/11/21/w...

22.11.2025 02:07 β€” πŸ‘ 252    πŸ” 61    πŸ’¬ 16    πŸ“Œ 17
Preview
Quantum computers will not steal your bitcoins, even if they can The quantum gravity principle

Started a Substack. Subscribe for more crypto investment advice.
bfswa.substack.com/p/quantum-co...

13.11.2025 08:27 β€” πŸ‘ 1    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
USB: the most successful interface that also brings power We use it every day, but how does it really work? USB has been around for almost 30 years and it evolved into really universal interface ...

I use USB daily but I have no idea how it works πŸ€”

USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details πŸ’Ž

And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped πŸ™ƒ

media.ccc.de/v/why2025-25...

19.08.2025 20:04 β€” πŸ‘ 32    πŸ” 9    πŸ’¬ 0    πŸ“Œ 0
pallet of phrack

pallet of phrack

πŸ‘€πŸ‘€πŸ‘€πŸ‘€πŸ‘€πŸ‘€

5 pallets of zines have landed at @defcon.bsky.social

05.08.2025 03:15 β€” πŸ‘ 24    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations WHY2025 RFID reverse engineering has seen significant advancements, yet a comprehensive overview of the field remains scattered across research and practitioner communities. Here the authors presents a struc...

πŸ”₯ The future of RFID hacking isn’t dead, its even more...

At #WHY2025, Kirils and I are breaking down current RFID hacking situation

No fluff. Just spilling the beans.

πŸ—“οΈ 9th of August 13:00 at Andromeda
πŸ”— cfp.why2025.org/why2025/talk...

RT if you’re ready.

13.07.2025 14:40 β€” πŸ‘ 6    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0

Some people keep calling the summer migration to Vegas a camp…

But who will sleep in a tent for real? The ones attending @why2025.bsky.social ⛺️

27.07.2025 04:27 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
RWC 2026 call for papers Real World Crypto Symposium

The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...

13.07.2025 15:52 β€” πŸ‘ 13    πŸ” 9    πŸ’¬ 1    πŸ“Œ 0
Post image

πŸŽ™ Ce jeudi, Vincent Strubel, directeur gΓ©nΓ©ral de l'ANSSI, sera l'invitΓ© de l'Γ©mission @quotidienofficiel.bsky.social ‬ diffusΓ©e sur TMC.

πŸ“Ί Rendez-vous ce soir Γ  partir de 19h15 sur le canal 10.

12.06.2025 12:20 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
Go Cryptography Security Audit Go's cryptography libraries underwent an audit by Trail of Bits. Read more about the scope and results.

Three Trail of Bits engineers audited core Go cryptography for a month and found only one low-sev security issue... in unsupported Go+BoringCrypto! 🍾

Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨

Yes I am taking a victory lap. No I am not sorry. πŸ†

19.05.2025 19:07 β€” πŸ‘ 572    πŸ” 83    πŸ’¬ 14    πŸ“Œ 4
Post image

The second Levchin Prize goes to the CADO-NFS team: Emmanuel ThomΓ©, Pierrick Gaudry, and Paul Zimmerman! Congratulations!

#realworldcrypto

26.03.2025 09:24 β€” πŸ‘ 16    πŸ” 5    πŸ’¬ 0    πŸ“Œ 3
Preview
Blog: Zen and the Art of Microcode Hacking This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

Ouch, AMD masterclass in what not to do with cryptography to secure its microcode patching mechanism 😱 ‼️

08.03.2025 10:49 β€” πŸ‘ 5    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
Private key extraction in ECDSA upon signing a malformed input (e.g. a string) ### Summary Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that `elliptic` by...

This is a fascinating vulnerability.

The root causes are implementing deterministic signatures instead of hedged, using a general purpose big number implementation, and leaking its API at the crypto layer.

JavaScript types are a red herring, could have happened in any language.

16.02.2025 10:08 β€” πŸ‘ 175    πŸ” 30    πŸ’¬ 3    πŸ“Œ 2
Preview
Best practices for key derivation By Marc Ilunga Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s …

Marc Ilunga has written a nice blog post about "Best practices for key derivation":

29.01.2025 07:43 β€” πŸ‘ 14    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Pourquoi peut-on pirater un mot de passe de 10 caractères en 2 semaines, contre 5 mois l'an passé ? CheckNews, le service de fact-checking de Libération, revient sur une infographie partagée par France Numérique expliquant qu'un pirate pouvait, en 2023, pirater un mot de passe de 10 caractères en 2 semaines, alors qu'un tableau ...

@anomalroil.bsky.social : https://www.nextinpact.com/lebrief/71680/pourquoi-peut-on-pirater-mot-passe-10-caracteres-en-2-semaines-contre-5-mois-an-passe

16.05.2023 10:50 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

more postquantum https://blog.taurushq.com/quantum-doomsday-planning-2-2-the-post-quantum-technology-landscape/

09.05.2023 09:34 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

@ipolit is following 20 prominent accounts