somebody should make a better ICE tracker, for fun.

maybe with ZKP.

maybe over Tor.

maybe P2P.

importantly:

1. it should have a good site that gets the point across
2. it should be easy to use and understand
3. it should do the primary function

&

4. it should fix what you're complaining about the ICE block app (without breaking what the ICE block app already does)

good documentation, PR & UX outwin "more sound designs" every time.

NIST Unveils a Verifiable Quantum Random-Number Beacon

A laser is fired at a crystal to create a pair of photons that travel 100 meters apart in opposite directions.

At either end is a polarized filter. Either the photon passes through and is measured, or it's blocked. This happens 250,000 times per second.

The University of Colorado developed a blockchain-like protocol called "Twine" for public inspection of the results.

https://spectrum.ieee.org/nist-quantum-random-number-generator

Apps shouldn’t let users enter OpenSSL cipher-suite strings

https://00f.net/2025/06/06/cipher-suites/

Hey Mastodon, a little late at this point but a #introduction post! I'm a mathematician working in #epidemiology who loves learning about new subfields and application areas.

Math hobbies/interests: #relativity #cryptography #dynamical_systems #cybersecurity

Passionate about digital #privacy , #climate , other #activism and want to get more involved on those issues

Fandoms: #stargate #startrek

Also want to find out more about e-bikes, so if you have recommendations let me know!

Collection of universal hashing functions in Rust:

https://github.com/RustCrypto/universal-hashes

I proposed a way to incorporate Sender Authentication in age with the following advantages:

1. No catch-22 between encryption and signing (no rebinding attacks)
2. You have to be able to decrypt the message to verify the sender
3. No new cryptographic primitives (e.g., signcryption)
4. No in-band signaling or downgrade attacks

However, it does have one requirement that people accustomed to PGP use cases (and tolerant of PGP footguns) may find annoying:

You must know, in advance, the public key of the sender in order to be able to decrypt the message.

https://github.com/FiloSottile/age/discussions/640

Great, informative writeup of Cryptographic Gotchas: https://gotchas.salusa.dev/

Lots of fantastic references and links in there, too.

File encryption with a browser.

I've been exploring the #WebCryptoAPI and I'm impressed!

When combined with the #FileSystemAPI, it offers a seemingly secure way to #encrypt and #store files directly on your device. Think #localstorage, but with #encryption!

I know #webapps can have #security vulnerabilities since the code is served over the web, so I've #OpenSourced my demo! You can check it out, and it should even work if #selfhosted on #GitHubPages.

Live Demo: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo

Demo Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js

Hook Code: https://github.com/positive-intentions/dim/blob/staging/src/hooks/useFS.js

IMPORTANT NOTES (PLEASE READ!):
* This is NOT a product. It's for #testing and #demonstration purposes only.
* It has NOT been reviewed or audited. Do NOT use for sensitive data.
* The "password encryption" currently uses a hardcoded password. This is for demonstration, not security.
* This is NOT meant to replace robust solutions like #VeraCrypt. It's just a #proofofconcept to show what's possible with #browser #APIs.

I’ve been elected to represent the Academic community in the OpenSSL’s Foundation BAC/TAC and Corporation TAC!

If you’re working in crypto, systems security, or FOSS research, join the conversation on the OpenSSL Communities Forum—especially the Academic community. Your input can shape OpenSSL’s roadmap.

https://openssl-communities.org/d/4cn9aVQH/welcome-from-your-academic-representative-in-the-openssl-foundation-bac-tac-and-corporation-tacs

I think it's cool that web browsers have built in APIs for doing #cryptography stuff without needing to worry about pulling in dependencies.

https://www.keithbartholomew.com/blog/posts/2024-01-22-webcrypto-diffie-hellman/

If you're not following @gutenberg_org you are missing out.

A wonderful source of everything from #cryptography through #art, #feminism to the #philosophy of #physics and a whole lot more I can't make vaguely alliterate.

#ProjectGutenberg - free #ebooks

Everything You Need to Know About Cryptography (History & Examples)

Cryptography is the art of hiding the meaning of a text from everyone except the intended receivers through the use of various techniques.

by Sourima Rana

Cryptography at PG:
https://www.gutenberg.org/ebooks/subject/7599

I wrote about #openssl #jdk21 and #pkcs12 #cryptography #debian #fedora https://kushaldas.in/posts/openssl-legacy-and-jdk-21.html
#java

How Many #Qubits Will It Take to Break Secure Public Key #Cryptography Algorithms?

https://it.slashdot.org/story/25/05/24/0530234/how-many-qubits-will-it-take-to-break-secure-public-key-cryptography-algorithms

How Many #Qubits Will It Take to Break Secure #PublicKey #Cryptography #Algorithms ? - Slashdot
#privacy #security

https://it.slashdot.org/story/25/05/24/0530234/how-many-qubits-will-it-take-to-break-secure-public-key-cryptography-algorithms?utm_source=rss1.0mainlinkanon&utm_medium=feed

#Microsoft is still using SHA-1 to sign their DEB packages.

apt(8) is correctly identifying the problem and issuing a warning that the policy will reject the signature within a year.

The the output from "apt update --audit" below:

https://gist.github.com/atoponce/a399cca2eedba41566439271aded679a

eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity Wallet (EUDIW)
https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/211
#privacy #identity #cryptography #eu