Scott A
@ciphper.bsky.social
📤 60
đź“Ą 7
đź“ť 8
Cryptography and software security nerd
https://scottarc.blog
No comment.
about 1 month ago
0
1
1
reposted by
Scott A
Matthew Garrett
about 1 month ago
Hadn't realised that the third party review of Twitter's chat protocol had been published and wow
github.com/trailofbits/...
loading . . .
https://github.com/trailofbits/publications/blob/master/reviews/2025-10-x-xchat-securityreview.pdf
2
119
41
Come for the Go implementations of ML-DSA and SLH-DSA, stay for the introduction to side-channel mitigation techniques.
blog.trailofbits.com/2025/11/14/h...
#golng
#crypto
#cryptography
#postquantum
loading . . .
How we avoided side-channels in our new post-quantum Go cryptography libraries
We’ve released open-source Go implementations of ML-DSA and SLH-DSA.
https://blog.trailofbits.com/2025/11/14/how-we-avoided-side-channels-in-our-new-post-quantum-go-cryptography-libraries/
4 months ago
0
1
1
scottarc.blog/2024/10/14/a...
loading . . .
A WordPress Hard Fork Could Be Made Painless for Plugin/Theme Developers
Previously, I wrote about how code-signing and threshold signatures could allow the WordPress community (whether they continue to support WordPress or decide to hard-fork the project onto something…
https://scottarc.blog/2024/10/14/a-wordpress-hard-fork-could-be-made-painless-for-plugin-theme-developers/
over 1 year ago
0
0
0
blog.trailofbits.com/2024/07/01/q...
loading . . .
Quantum is unimportant to post-quantum
By Opal Wright You might be hearing a lot about post-quantum (PQ) cryptography lately, and it’s easy to wonder why it’s such a big deal when nobody has actually seen a quantum computer.…
https://blog.trailofbits.com/2024/07/01/quantum-is-unimportant-to-post-quantum/
over 1 year ago
0
0
0
reposted by
Scott A
Filippo Valsorda
over 1 year ago
I've never witnessed an experts vs non-experts split like on Kyber/ML-KEM. No cryptographer I know thinks ML-KEM was intentionally weakened, or knows any cryptographer who does. Meanwhile, enthusiasts in issue trackers are all but certain. It would be impressive if it wasn't sad and worrying.
3
37
7
reposted by
Scott A
scottarc.blog/2024/06/17/t...
loading . . .
The Quest for the Gargon
Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...
https://scottarc.blog/2024/06/17/the-quest-for-the-gargon/
over 1 year ago
0
2
1
scottarc.blog/2024/06/17/t...
loading . . .
The Quest for the Gargon
Musing about Password-Based Cryptography for the Government What would a modern NIST standard for password-based cryptography look like? Obviously, we have PBKDF2--which, if used with a FIPS-approved ...
https://scottarc.blog/2024/06/17/the-quest-for-the-gargon/
over 1 year ago
0
2
1
One thing I like about Bluesky so far is, despite not following many accounts, my timeline is extremely weird. In a good way, I mean.
over 1 year ago
0
1
0
scottarc.blog/2024/06/04/a...
Attacking NIST SP 800-108 (AES-CMAC KDF in Counter Mode, Loss of Key Control Security)
loading . . .
Attacking NIST SP 800-108
If you've never heard of NIST SP 800-108 before, or NIST Special Publications in general, here's a quick primer: Special Publications are a type of publication issued by NIST. Specifically, the SP 800...
https://scottarc.blog/2024/06/04/attacking-nist-sp-800-108/
over 1 year ago
0
3
0
Hello BlueSky! I wrote a thing about encryption-at-rest:
scottarc.blog/2024/06/02/e...
loading . . .
Encryption At Rest: Whose Threat Model Is It Anyway?
One of the lessons I learned during my time at AWS Cryptography (and particularly as an AWS Crypto Bar Raiser) is that the threat model for Encryption At Rest is often undefined. Prior to consulting c...
https://scottarc.blog/2024/06/02/encryption-at-rest-whose-threat-model-is-it-anyway/
over 1 year ago
1
11
0
you reached the end!!
feeds!
log in
