Subscribe: root labs rdist
Added By: Feedage Forager Feedage Grade B rated
Language: English
api  candidates  crypto  defense  great  javascript  memcmp  past  safe  security crypto  security  technology  thought  timing  write 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: root labs rdist


Embedded security, crypto, software protection

Last Build Date: Thu, 07 Dec 2017 07:28:12 +0000


In Which You Get a Chance to Save Democracyrdist

Thu, 07 Dec 2017 07:28:07 +0000

Let’s start with the end: you can do something to change the broken political landscape in the United States, but you have to act quickly. Here’s a link to donate directly to outsider candidates I support who aren’t getting the funds they need. They are dedicated to working for their constituents’ healthcare, jobs, and community, […](image)

Media Files:

Was the past better than now?rdist

Mon, 01 Dec 2014 12:00:32 +0000

Here we go again — another article arguing whether the past was better or not (this one says “better”). These articles are tiresome, rehashing the debate whether technology is enabling or isolating and dehumanizing. But I’m interested in a different line of technology criticism: which parts of technology are a regression and what to do about […](image)

Media Files:

Thought experiment on protocols and noiserdist

Tue, 04 Nov 2014 18:42:52 +0000

I hesitate to call this an interview question because I don’t think on-the-spot puzzle solving equates to a good engineering hire. On the other hand, I try to explore some simple thought experiments with candidates that have a security background. One of these involves a protocol that has messages authenticated by an HMAC. There’s a message […](image)

Media Files:

Timing-safe memcmp and API parityrdist

Tue, 24 Jun 2014 12:03:33 +0000

OpenBSD released a new API with a timing-safe bcmp and memcmp. I strongly agree with their strategy of encouraging developers to adopt “safe” APIs, even at a slight performance loss. The strlcpy/strlcat family of functions they pioneered have been immensely helpful against overflows. Data-independent timing routines are extremely hard to get right, and the farther you are from […](image)

Media Files:

In Defense of JavaScript Cryptordist

Mon, 23 Jun 2014 12:05:28 +0000

Thai Duong wrote a great post outlining why he likes JavaScript crypto, although it’s not as strong a defense as you might guess from the title. While he makes some fair points of some limited applications of JavaScript, his post is actually a great argument against those pushing web page JS crypto. First, he starts off with […](image)

Media Files:

Catching up on recent crypto developmentsrdist

Mon, 26 May 2014 14:10:56 +0000

When I started this blog, the goal was to write long-form posts that could serve as a standalone intro to security and crypto topics. Rather than write about the history of the NSA as planned, I’ll try writing a few short notes in hopes that they’ll fit better within the time I have. (Running a company […](image)

Media Files: