Sylvain Pelissier

USB: the most successful interface that also brings power We use it every day, but how does it really work? USB has been around for almost 30 years and it evolved into really universal interface ...

I use USB daily but I have no idea how it works 🤔

USB 2 vs USB 3, USB-A vs USB-C, the PD standard… this talk is full of interesting details 💎

And now I even understand why my USB-C power bank doesn’t work with *this* cable unless flipped 🙃

media.ccc.de/v/why2025-25...

pallet of phrack

👀👀👀👀👀👀

5 pallets of zines have landed at @defcon.bsky.social

Decoding RFID: A comprehensive overview of security, attacks, and the latest innovations WHY2025 RFID reverse engineering has seen significant advancements, yet a comprehensive overview of the field remains scattered across research and practitioner communities. Here the authors presents a struc...

🔥 The future of RFID hacking isn’t dead, its even more...

At #WHY2025, Kirils and I are breaking down current RFID hacking situation

No fluff. Just spilling the beans.

🗓️ 9th of August 13:00 at Andromeda
🔗 cfp.why2025.org/why2025/talk...

RT if you’re ready.

Some people keep calling the summer migration to Vegas a camp…

But who will sleep in a tent for real? The ones attending @why2025.bsky.social ⛺️

RWC 2026 call for papers Real World Crypto Symposium

The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...

🎙 Ce jeudi, Vincent Strubel, directeur général de l'ANSSI, sera l'invité de l'émission @quotidienofficiel.bsky.social ‬ diffusée sur TMC.

📺 Rendez-vous ce soir à partir de 19h15 sur le canal 10.

Go Cryptography Security Audit Go's cryptography libraries underwent an audit by Trail of Bits. Read more about the scope and results.

Three Trail of Bits engineers audited core Go cryptography for a month and found only one low-sev security issue... in unsupported Go+BoringCrypto! 🍾

Years of efforts on testing, limiting complexity, safe APIs, and readability have paid off! ✨

Yes I am taking a victory lap. No I am not sorry. 🏆

The second Levchin Prize goes to the CADO-NFS team: Emmanuel Thomé, Pierrick Gaudry, and Paul Zimmerman! Congratulations!

#realworldcrypto

Blog: Zen and the Art of Microcode Hacking This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

Ouch, AMD masterclass in what not to do with cryptography to secure its microcode patching mechanism 😱 ‼️

Private key extraction in ECDSA upon signing a malformed input (e.g. a string) ### Summary Private key can be extracted from ECDSA signature upon signing a malformed input (e.g. a string or a number), which could e.g. come from JSON network input Note that `elliptic` by...

This is a fascinating vulnerability.

The root causes are implementing deterministic signatures instead of hedged, using a general purpose big number implementation, and leaking its API at the crypto layer.

JavaScript types are a red herring, could have happened in any language.

Best practices for key derivation By Marc Ilunga Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s …

Marc Ilunga has written a nice blog post about "Best practices for key derivation":

Pourquoi peut-on pirater un mot de passe de 10 caractères en 2 semaines, contre 5 mois l'an passé ? CheckNews, le service de fact-checking de Libération, revient sur une infographie partagée par France Numérique expliquant qu'un pirate pouvait, en 2023, pirater un mot de passe de 10 caractères en 2 semaines, alors qu'un tableau ...

@anomalroil.bsky.social : https://www.nextinpact.com/lebrief/71680/pourquoi-peut-on-pirater-mot-passe-10-caracteres-en-2-semaines-contre-5-mois-an-passe

more postquantum https://blog.taurushq.com/quantum-doomsday-planning-2-2-the-post-quantum-technology-landscape/