r/crypto
Posts
Constant-Time Verification Tools for Hardware Implementations
I am aware [the following site](https://crocs-muni.github.io/ct-tools/) gives a table of constant time verification tools for hardware. What constant time verification tools exist to verify if a hardware implementation of a cryptosystem is constant-time (e.g. FPGA implementation prototyped in VHDL and being tested live on an FPGA)?
NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App
Why Do Businesses Around the World Follow US Federal Government Cryptographic Standards?
It just occured to me that even businesses outside the US follow US Federal Government standards for cryptography. Proton, Tuta, Nitrokey, and Mullvad are just some of the online privacy services headquartered outside the US that follow US government standards for cryptographic development? I always wondered why that's the case. …
U.K. orders Apple to let it spy on users’ encrypted accounts
A Map of Cryptography
Why do Cryptographic Standards Take Many Years to Adopt in Practice?
[One of the things](https://csrc.nist.gov/projects/post-quantum-cryptography) that struck me about the NIST Post-Quantum announcement is that it takes two decades to ensure adoption of public key infrastructure. It makes me wonder--why does it take so long to influence people to adopt and deploy cryptosystems in practice? Is it an issue in training …
Seeking literature/research related to group based cryptography and cryptanalysis
I'm researching group based crypto-systems and I'm trying to determine if I've hit the edge of what is available. I'm basically up to speed on what is covered in this excellent survey: Semidirect Product Key Exchange: the State of Play [https://arxiv.org/abs/2202.05178](https://arxiv.org/abs/2202.05178) Is anyone aware of anything more recent related to …
Why is using Argon2id to generate an SSH key insecure?
The idea I have is a secure password into Argon2id using NaCl(truncated to 32 bytes), then use NaCl to turn that into a secret key that SSH will happily accept. I have managed to get OpenSSH to accept a key generated in this manner, and it was able to connect …
Understanding HiAE - High-Throughput Authenticated Encryption Algorithm
I saw Frank Denis (\`libsodium\` author) mention this on social media, stating: \> Until the Keccak or Ascon permutations receive proper CPU acceleration, the AES round function remains the best option for building fast ciphers on common mobile, desktop, and server CPUs. HiAE is the latest approach to this. is …
Password-based authentication of Kyber public keys
For a while now I have been messing around with a custom protocol for a pure P2P encrypted file transfer tool which uses password-based authentication, and was finally able to compile the bits and pieces I developed over a couple of months. Could this work as a PAKE alternative? What …