The 2nd pre-release of my zf-zebrachain crate is out!

https://docs.rs/zf-zebrachain/latest/zf_zebrachain/

Daniel J. Bernstein (#djb, to those who know and love him [1]) has a new blog entry about the NIST post-quantum #cryptography standardization process that's been ongoing for some years. Also, follow him @djb .

If you're not aware of some of the controversy about how NIST is running this process, it's a must-read.

https://blog.cr.yp.to/20250423-mceliece.html

My $0.02: it sure looks like NIST is backstopping an attempt by the NSA to get everyone to standardize on cryptography #standards that the #NSA knows how to break.

Again.

Yes, they did it before. If you read up on the Dual_EC calamity and its fallout, and how this time it was supposed to be different - open, transparent, secure - then prepare to be disappointed. NIST is playing #Calvinball with their rules for this contest, yanking the rug out from under contenders that appear to be more #secure and better understood, while pushing alternatives that are objectively worse (#weaker encryption, less studied, poorer #performance).

Frankly, I think organizations outside of the #USA would be foolish to trust anything that comes out of #NIST's current work. Well, those inside the USA too, but some of those may be forced by law to use whatever NIST certifies.

[1] Some people think djb is "prickly", not lovable. Oddly, it seems that the only people who say this are those who are wildly incorrect about code/algorithms and are being gently but publicly corrected about by djb at the time

How should I improve my publication?

https://dev.to/valdeirpsr/why-can-deleted-files-be-recovered-3gln

"When asked directly about the most pressing digital threats, be it AI misuse or quantum computing, Schneier quipped. "I generally hate ranking threats, but if I had to pick candidates for 'biggest,' it would be one of these: income inequality, late-stage capitalism, or climate change," he wrote. "Compared to those, cybersecurity is a rounding error."
(...)
Asked directly about NSA reforms post-Snowden, Schneier was skeptical, responding: "Well, they haven't had any leaks of any magnitude since then, so hopefully they did learn something about OPSEC. But near as we can tell, nothing substantive has been reformed."

Schneier further clarified, "We should assume that the NSA has developed far more extensive surveillance technology since then," stressing the importance of vigilance.

He touched on the fusion of AI and democracy - a theme of his upcoming book Rewiring Democracy - noting that he didn't "think that AI as a technology will change how different types of government will operate. It's more that different types of governments will shape AI."

He is pessimistic that countries will harness AI's power to do good and help improving quality of life.

"It would be fantastic if governments prioritized these things," he said. "[This] seems unrealistic in a world where countries are imagining some sort of AI 'arms race' and where monopolistic corporations are controlling the technologies. To me, that speaks to the solutions: international cooperation and breaking the tech monopolies. And, yes, those are two things that are not going to happen.""

https://www.scworld.com/news/bruce-schneier-ai-hype-nsa-surveillance-and-cybersecuritys-real-challenges

Every single hash and HMAC algorithm exposed by default in Python is now provided by HACL*, the verified cryptographic Library - Post by Jonathan Protzenko #Cryptography #Python https://jonathan.protzenko.fr/2025/04/18/python.html

What the hell is an elliptic curve?

https://onlynv.dev/blog/what-the-hell-is-an-elliptic-curve

When Gandhi met Satoshi https://lobste.rs/s/nd2gto #cryptography #finance #philosophy
https://prahladyeri.github.io/blog/2025/04/when-gandhi-met-satoshi.html

15,000 lines of verified cryptography now in Python

https://jonathan.protzenko.fr/2025/04/18/python.html

#HackerNews #verifiedcryptography #Python #development #open-source #cryptography #programming #news

15,000 lines of verified cryptography now in Python https://lobste.rs/s/8an4my #cryptography #python
http://jonathan.protzenko.fr/2025/04/18/python.html

https://cryptography.rs/

If you lose your private key, you lose, and get to start over.

6 day certificate expiration is security theatre. Why not 6 minutes?

If you want to do this, use ECC, not RSA. Well, you should be using 25519 anyway.

https://m.slashdot.org/story/440877

Why Rust is Perfect for Cryptography & Security: https://medium.com/@aannkkiittaa/why-rust-is-perfect-for-cryptography-security-e7938832f16d

Physically Uncloneable Functions (PUFs)

https://en.wikipedia.org/wiki/Physical_unclonable_function

Discussions: https://discu.eu/q/https://en.wikipedia.org/wiki/Physical_unclonable_function

rpki-client 9.5 released https://www.undeadly.org/cgi?action=article;sid=20250412123402 #openbsd #rpkiclient #rpki #bgp #pki #crypto #cryptography #security #routing #bgp #networking #freesoftware #libresoftware

Security Linux Toolkit https://leanpub.com/b/securitylinuxtoolkit by GitforGits | Asian Publishing House is the featured bundle of ebooks on the Leanpub homepage! https://leanpub.com #DigitalForensics #Networking #Resiliency #ComputerSecurity #Cryptography #books #ebooks

#Signal == Free range domestic ethically sourced fresh to market slow artisan people's socialism community hand woven lead and microplastic free #cryptography

https://www.europesays.com/uk/6166/ Quantum computing threat demands urgent CISO action plan #Australia(Australian) #BorderlessCS #CISA #Computing #Cryptography #Cybersecurity #DataSecurity #Encryption #QuantumComputing #Risk&Compliance #RiskManagement #Technology #UK #UnitedKingdom

Decoding the 90s: Cryptography in Early Software Development (2023)

https://www.botanica.software/post/decoding-the-90s

Very cool video explaining how Zero Knowledge Proof works.

https://youtu.be/Otvcbw6k4eo