Why would something need to happen to me to point out exploitation? Uber and Airbnb make money off people breaking the law. They exploit hundreds of thousands of people wanting to make a little extra money so that they…
Companies like Uber are much worse than that. They're a glorified web app profiting off of hundreds of thousands of people who do all the work and bear all the risk while the only people getting rich are the scum at the…
Yes, how does he go from DUAL_EC_DBRG being backdoored to using the same few elliptic curves being an issue? It's not accurate or productive to lump e.g. Curve25519 or Goldilocks448 in with DUAL_EC_DBRG and issues with…
Yeah, a made-up term that was ripped off from http://en.wikipedia.org/wiki/Zero-knowledge_proof because it sounded high-tech, yet has nothing to do with ZKP and merely means "you encrypt everything client-side and we…
Would you want to ride in a car with failing brakes?
Why would I want to read books about people that fall under your definition of 'success'? Do I have to read about and fetishize war profiteering too? Just follow the money, right? Jobs over Wozniak? Zuckerburg over…
> This isn't really the mentality and behavior of successful people Thinking you know what traits do and don't make someone 'successful', or that everyone shares your definition of 'success', is probably also not the…
You mean hotels would like to be glorified web directories with hundreds of thousands of 'employees' who provide the rooms, do all the work, are solely on the hook for the vast number of laws and regulations they're…
When Rijndael was chosen as AES, it was ~3 years old and was broken for 6-7 rounds out of 10 with 128 bit keys, and 7-8 rounds out of 14 with 256 bit keys. Chacha20 is 7 years old now and is broken for 7 rounds out of…
> There are many people out there literally asking you to introduce your product to them so they can become your customers No, they aren't, but not a surprise that automated spam is a big hit on HN.
yescrypt has ROM capabilities [1], which function like your large file idea. [1] https://password-hashing.net/wiki/doku.php/yescrypt#read-onl...
You can choose to be black, jewish, or gay?
Unless they did a study with various presentations and found this version resulted in higher numbers, I doubt they have any clue how much it 'helped', or if it helped at all short of just being _something_ to toss up…
Remove selection bias or straight up marketing spam from authors and the willingness of many users to believe anything someone who claims they're making money says and HN would be a lot emptier. One can dream..
Going off the comments here, "pretentious, over-priced twat" is quite real and worth being.
Advocating table based implementations that are not secure is not taking it seriously. Providing implementations that are not secure is not taking it seriously. They may have taken it more seriously than had they…
Grøstl's round 3 specification document mentions 3 'strategies' for constant time implementations: AES-NI, vperm (AVX/XOP/NEON), or bitsliced (which they estimate "only a 50% overhead" for vs tables). Yet almost all of…
ChaCha also got a lot of review in the form of BLAKE, whose security margin was roughly consistent with the existing cryptanalysis of ChaCha. AES-128-CTR with AES-NI is ~0.8-1.2cpb on Haswell/Ivy Bridge/Bulldozer…
Are there actually many alternatives at this time? SHA-3, and more recently CAESAR, still received submissions based on AES. Grøstl (one of the SHA-3 submissions borrowing from AES) was a top 5 candidate. Constant time,…
From his previous article on his "startup" / "business": > In my online game hacking history to that point, I'd had seven dupe methods patched across four different games, but never had an account closed. He doesn't…
e.g., in Diablo 2, duped items were known to "poof" or disappear if you were not careful. There is no way to tell if an item is legitimate or not, leading to the obvious situation of oblivious players buying or trading…
Do you have an example of this happening?
Er, do you think only a select few people need to know assembler then?
(her)
Adding an annotation for qhasm where stack variables/registers would be zero'd at the end of the function if they still contained sensitive data would be great. What I'd really like to see is qhasm put on github along…
Why would something need to happen to me to point out exploitation? Uber and Airbnb make money off people breaking the law. They exploit hundreds of thousands of people wanting to make a little extra money so that they…
Companies like Uber are much worse than that. They're a glorified web app profiting off of hundreds of thousands of people who do all the work and bear all the risk while the only people getting rich are the scum at the…
Yes, how does he go from DUAL_EC_DBRG being backdoored to using the same few elliptic curves being an issue? It's not accurate or productive to lump e.g. Curve25519 or Goldilocks448 in with DUAL_EC_DBRG and issues with…
Yeah, a made-up term that was ripped off from http://en.wikipedia.org/wiki/Zero-knowledge_proof because it sounded high-tech, yet has nothing to do with ZKP and merely means "you encrypt everything client-side and we…
Would you want to ride in a car with failing brakes?
Why would I want to read books about people that fall under your definition of 'success'? Do I have to read about and fetishize war profiteering too? Just follow the money, right? Jobs over Wozniak? Zuckerburg over…
> This isn't really the mentality and behavior of successful people Thinking you know what traits do and don't make someone 'successful', or that everyone shares your definition of 'success', is probably also not the…
You mean hotels would like to be glorified web directories with hundreds of thousands of 'employees' who provide the rooms, do all the work, are solely on the hook for the vast number of laws and regulations they're…
When Rijndael was chosen as AES, it was ~3 years old and was broken for 6-7 rounds out of 10 with 128 bit keys, and 7-8 rounds out of 14 with 256 bit keys. Chacha20 is 7 years old now and is broken for 7 rounds out of…
> There are many people out there literally asking you to introduce your product to them so they can become your customers No, they aren't, but not a surprise that automated spam is a big hit on HN.
yescrypt has ROM capabilities [1], which function like your large file idea. [1] https://password-hashing.net/wiki/doku.php/yescrypt#read-onl...
You can choose to be black, jewish, or gay?
Unless they did a study with various presentations and found this version resulted in higher numbers, I doubt they have any clue how much it 'helped', or if it helped at all short of just being _something_ to toss up…
Remove selection bias or straight up marketing spam from authors and the willingness of many users to believe anything someone who claims they're making money says and HN would be a lot emptier. One can dream..
Going off the comments here, "pretentious, over-priced twat" is quite real and worth being.
Advocating table based implementations that are not secure is not taking it seriously. Providing implementations that are not secure is not taking it seriously. They may have taken it more seriously than had they…
Grøstl's round 3 specification document mentions 3 'strategies' for constant time implementations: AES-NI, vperm (AVX/XOP/NEON), or bitsliced (which they estimate "only a 50% overhead" for vs tables). Yet almost all of…
ChaCha also got a lot of review in the form of BLAKE, whose security margin was roughly consistent with the existing cryptanalysis of ChaCha. AES-128-CTR with AES-NI is ~0.8-1.2cpb on Haswell/Ivy Bridge/Bulldozer…
Are there actually many alternatives at this time? SHA-3, and more recently CAESAR, still received submissions based on AES. Grøstl (one of the SHA-3 submissions borrowing from AES) was a top 5 candidate. Constant time,…
From his previous article on his "startup" / "business": > In my online game hacking history to that point, I'd had seven dupe methods patched across four different games, but never had an account closed. He doesn't…
e.g., in Diablo 2, duped items were known to "poof" or disappear if you were not careful. There is no way to tell if an item is legitimate or not, leading to the obvious situation of oblivious players buying or trading…
Do you have an example of this happening?
Er, do you think only a select few people need to know assembler then?
(her)
Adding an annotation for qhasm where stack variables/registers would be zero'd at the end of the function if they still contained sensitive data would be great. What I'd really like to see is qhasm put on github along…