Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:
-
Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:
Personally I would actively avoid the check,
Hmm. What a weird thing to say.
Loup-Vaillant wrote a cryptography library called Monocypher, which famously had an EdDSA vulnerability mostly caused by their insistence on rolling their own custom EdDSA variant to avoid SHA512.
"I wonder how Monocypher holds up in 2026?"
Who said that? Well, anyway:
-
Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:
Personally I would actively avoid the check,
Hmm. What a weird thing to say.
Loup-Vaillant wrote a cryptography library called Monocypher, which famously had an EdDSA vulnerability mostly caused by their insistence on rolling their own custom EdDSA variant to avoid SHA512.
"I wonder how Monocypher holds up in 2026?"
Who said that? Well, anyway:
-
R relay@relay.infosec.exchange shared this topic
-
Loup-Vaillant wrote this on Lobste.rs in a dumb rant about my Matrix disclosure:
Personally I would actively avoid the check,
Hmm. What a weird thing to say.
Loup-Vaillant wrote a cryptography library called Monocypher, which famously had an EdDSA vulnerability mostly caused by their insistence on rolling their own custom EdDSA variant to avoid SHA512.
"I wonder how Monocypher holds up in 2026?"
Who said that? Well, anyway:
I guess I should just tap the sign whenever I encounter this sort of personality:
Cryptography Engineering Has An Intrinsic Duty of Care - Dhole Moments
To understand my point, I need to first explain three different cryptography attack papers / blog posts. I promise this won't be boring. Three Little Disclosures Misuse-Prone Ciphers For All In a blog post titled Carelessness versus craftsmanship in cryptography, cryptography analyst and Queer in Cryptography emcee Opal Wright delves into the misuse-prone and side-channel-riddled…
Dhole Moments (soatok.blog)
-
I guess I should just tap the sign whenever I encounter this sort of personality:
Cryptography Engineering Has An Intrinsic Duty of Care - Dhole Moments
To understand my point, I need to first explain three different cryptography attack papers / blog posts. I promise this won't be boring. Three Little Disclosures Misuse-Prone Ciphers For All In a blog post titled Carelessness versus craftsmanship in cryptography, cryptography analyst and Queer in Cryptography emcee Opal Wright delves into the misuse-prone and side-channel-riddled…
Dhole Moments (soatok.blog)
@soatok in this article you in passing mention something that has frustrated me for some time in software engineering as someone with a bit more of a hardware background, and that is how much important stuff doesn't build on formal specifications, even big infrastructure projects! And when I have brought this up I'm often met with something along the lines of "but that is not very agile" or "we moved away from waterfall". Sure that small backyard shed you can yolo together, but why are we doing the same thing for the highway bridges of the software world?
-
@soatok in this article you in passing mention something that has frustrated me for some time in software engineering as someone with a bit more of a hardware background, and that is how much important stuff doesn't build on formal specifications, even big infrastructure projects! And when I have brought this up I'm often met with something along the lines of "but that is not very agile" or "we moved away from waterfall". Sure that small backyard shed you can yolo together, but why are we doing the same thing for the highway bridges of the software world?
@deetwenty @soatok I think the most frustrating thing I heard from my boss on Monday is the sentiment of "Oh, the transition to AI coding means that we have to throw away all of the Agile we've been working on and basically go back to waterfall. The best way to use it is to write out your specifications first."
So, the planning that we should have been doing a long time ago is only worth bothering to do once the robots are here?
This is how I know we're in hell.
