qrmn
No user record in our sample, but qrmn has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but qrmn has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
I think it might have rolled out already. Turn on Developer Mode in Windows 10 Anniversary Edition, and ssh to port 22 with a valid l/p? Doesn't look like you even need to install WSL.
More permanent than a van. (Not that unusual for an embassy to be spied on!) It might have something to do with the IMSI catcher installed more or less across the road; hard to hide those, they broadcast, and that one…
Respectably, no tool - be it I2P's garlic routing, Tor's onion routing or anything else - could ever provide "complete untraceable anonymity"; that is a huge (and potentially very harmful) misunderstanding of what these…
Absolutely. I built a concept that essentially did that. Separated program and data memory with only one executable. USB host would get (in hardware) an outright memory dump of the program memory on connection, so it…
This is a hash function (as used in hash tables/Bloom filters and so forth), but it is not a cryptographic hash function. It is designed to be very fast for things like table lookups, but it is not designed to be…
I've experimented with doing this kind of thing myself, especially with servers where I don't have ready access to the console and where the provider doesn't offer custom ISO support and I wanted a clean (and/or…
XML was probably a mistake. Strong, deniable, end-to-end encryption should be mandatory. The Axolotl ratchet is the current state-of-the-art: maybe it does asymmetric things we don't need, or maybe that's helpful.…
As far as I'm aware, Yubikey 4 and Yubikey Nano 4 can do 4096; the older ones like the NEO can only do 2048. Not that 2048 is flawed as such: it's still north of 100 bits workfactor at the moment, as far as I gather.…
Sybil is a real pain, and HashCash (via I2P, which had it as an anti-DoS option) was the first obvious attempt at a solution that worked. It would be better done with Argon2 now, but it still burns coal and is a bet…
I do have an "invite" prompt on my SMS contacts that don't yet have Signal: "Invite to Signal: Take your conversation with %s to the next level.". Perhaps it's a function in the beta version that isn't in the live…
Automatic contact discovery is tricky, but the beginnings of one potential solution is I think explored in agl's Pond, using pairings on BN curves?: https://pond.imperialviolet.org/ To a point, so is offline messaging.…
Impossible is a strong word - one prefers to reserve that for provably doomed problems like DRM - but several common, simple paradigms do present an unexpected technical challenge, or even an open research problem, or…
I wish that were true, but honestly, plaintext isn't fine for anything at all in 2015, whether authenticated, important, public or otherwise, whether the network is the internet or a LAN. HTTP sites have had attack…
I just use Diceware: https://qrmn.uk/dwr/ (With thanks to Alyssa Rowan for the CSPRNG design. Public domain - feel free to copy it.) For really important stuff, actual dice just to make sure.
This is a very solid point. We already had an open cryptographic competition to select a password hashing standard, and we have a winner: Argon2 is being developed as a new standardised password hash (i.e. slow-hash).…
I used it. It's not as fast an approach as it sounds; you want to do hitbox collision first. But if there's a better way to really do pixel-perfect collision, I couldn't figure it out - maybe subdividing hitboxes would…
Of course, the Elligator and related mappings allow for (a subset of) valid curve points to be mapped to indistinguishable bit strings, which is very handy in some protocols. A backdoor merchant using Elligator 2, or…
I'm going to recommend deadlisting/disassembly instead. Network analysis doesn't give as much context for exactly what is sent, and there seems to be - as far as I can see, yet? - a total lack of hard data and…
That is incorrect. From the EULA [§4(b)], it is clear that upgrades from retail (stand-alone) versions stay retail - and transferable. No exceptions in there about the one-year qualifying period to upgrade your…
Both Xiph's Daala and Cisco's Thor projects are contributing to the NetVC Working Group at IETF - https://datatracker.ietf.org/wg/netvc/charter/ - to attempt to create a new, competitive, royalty-free video codec - in…
The point I'm making is that people should probably balk at the suggestion that they need 200Mbps/sec of entropy from a mysterious black box on a PCIe card sold to them by an NSA affiliate who want them to put it into…
Honestly, this sales brochure of a "paper" tastes even worse than the BBC fluff piece. This is below the standard of paper I would have expected Black Hat to accept. Good CSPRNG design is not a "dark art", and entropy…
There are few enough IPv4 addresses that just about any hash forms an injective mapping which can be completely reversed: the best you can do is use something like HMAC and "pepper" it, but that only works if the…
A policy which unfortunately lumps DoS in with remote code execution as both "high". They're both significant, but one's clearly going to give us all a much worse day than the other, so we're all still left to wonder -…
I think what the grandparents is wondering is if Hacking Team have a 0day in OpenSSL which this will fix, or is the timing coincidental? (I don't know the answer, but if they did, it's probably in that 400GB dump.) I'm…