Subscribe: root labs rdist
Added By: Feedage Forager Feedage Grade B rated
Language: English
api  crypto  defense  great  javascript  memcmp  nsa  past  rdist  safe  security crypto  security  technology  thought  timing  write 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: root labs rdist


Embedded security, crypto, software protection

Last Build Date: Sat, 11 Mar 2017 03:23:05 +0000


Was the past better than now?rdist

Mon, 01 Dec 2014 12:00:32 +0000

Here we go again — another article arguing whether the past was better or not (this one says “better”). These articles are tiresome, rehashing the debate whether technology is enabling or isolating and dehumanizing. But I’m interested in a different line of technology criticism: which parts of technology are a regression and what to do about […](image)

Media Files:

Thought experiment on protocols and noiserdist

Tue, 04 Nov 2014 18:42:52 +0000

I hesitate to call this an interview question because I don’t think on-the-spot puzzle solving equates to a good engineering hire. On the other hand, I try to explore some simple thought experiments with candidates that have a security background. One of these involves a protocol that has messages authenticated by an HMAC. There’s a message […](image)

Media Files:

Timing-safe memcmp and API parityrdist

Tue, 24 Jun 2014 12:03:33 +0000

OpenBSD released a new API with a timing-safe bcmp and memcmp. I strongly agree with their strategy of encouraging developers to adopt “safe” APIs, even at a slight performance loss. The strlcpy/strlcat family of functions they pioneered have been immensely helpful against overflows. Data-independent timing routines are extremely hard to get right, and the farther you are from […](image)

Media Files:

In Defense of JavaScript Cryptordist

Mon, 23 Jun 2014 12:05:28 +0000

Thai Duong wrote a great post outlining why he likes JavaScript crypto, although it’s not as strong a defense as you might guess from the title. While he makes some fair points of some limited applications of JavaScript, his post is actually a great argument against those pushing web page JS crypto. First, he starts off with […](image)

Media Files:

Catching up on recent crypto developmentsrdist

Mon, 26 May 2014 14:10:56 +0000

When I started this blog, the goal was to write long-form posts that could serve as a standalone intro to security and crypto topics. Rather than write about the history of the NSA as planned, I’ll try writing a few short notes in hopes that they’ll fit better within the time I have. (Running a company […](image)

Media Files:

Digging Into the NSA Revelationsrdist

Mon, 06 Jan 2014 13:00:43 +0000

Last year was a momentous one in revelations about the NSA, technical espionage, and exploitation. I’ve been meaning for a while to write about the information that has been revealed by Snowden and what it means for the public crypto and security world. Part of the problem has been the slow release of documents and […](image)

Media Files: