Search
1000 results for “harun”
-
Have a nice weekend
#photography #Winter #Nature #Landscape #ColdTemperature #Outdoors #Snow #Sunlight #shadows #morning #light #snowscape #snowfield #freshsnow #sweden #mountains #fence #february #jämtland #northern_sweden #trail #harensspår #harensår #footprint #rural #noroads #obygdn #wildernessculture #animaltrack #fauna
-
CW: 18+ NSFW - Flashing in the car
Just heading out to run some errands and thought I'd say Happy Monday!
#tits #boobs #milf #nipple #nipples #hardnipples #bigtits #bigboobs #sexy #nsfw #flashing #flash #flashingtits #flashingboobs
-
No tämä: ”En ymmärrä, mikä tarve muilla ihmisillä on saada minut haluamaan vanhemmuutta.”
Omakohtaisestikin olen saanut todistaa muutamia kummallisia tilanteita, kuten puolitutun baaritenttausta lapsiluvusta ja suhtautumisesta lasten hankkimiseen - ja tietty yleistä kyvyttömyyttä kuulla ja kuunnella. Kun kerroin etten ole koskaan halunnut lapsia, lukioaikainen kaverini ilmoitti haluavansa kummiksi.
Mieli ei ole muuttunut. Tunnen itseni riittävän hyvin.
-
SÁBADO DE WATCH PARTY 🥳
Para que disfrutes el All Star Saturday de la mejor manera 😎
@[email protected] y @[email protected] nos harán vivir la noche de concursos de forma única 💥
En exclusiva por #StarPlusLA
#MíraloEnStarPlus -
SÁBADO DE WATCH PARTY 🥳
Para que disfrutes el All Star Saturday de la mejor manera 😎
@[email protected] y @[email protected] nos harán vivir la noche de concursos de forma única 💥
En exclusiva por #StarPlusLA
#MíraloEnStarPlus -
Musing about Password-Based Cryptography for the Government
What would a modern NIST standard for password-based cryptography look like?
Obviously, we have PBKDF2–which, if used with a FIPS-approved hash function, gives you a way to derive encryption keys and/or password validators from human-memorable secrets.
However, PBKDF2 isn’t memory-hard.
In 2012, several cryptographers initiated the Password Hashing Competition (PHC) to study the state-of-the-art for password-based cryptography at the time. Part of this motivation was that memory-hard hashing (first developed by Colin Percival in scrypt a few years prior) provided greater defense against the increasing parallelism of modern password cracking techniques.
After a few years of cryptanalysis, the PHC selected an algorithm called Argon2, and gave special recognition to four other finalists.
And, quote the NIST SP 800-63B:
A memory-hard function SHOULD be used because it increases the cost of an attack.
If you were expecting, “Nevermore,” you’re currently reading the wrong literary genre.
“So, we’re done, right? Just use Argon2 and call it a day.”
We did it! Yayyyyyyyy~
…
Of course, it’s not that simple.
(Artist source unknown, meme generated from imgflip)What is Argon2?
Argon2 is defined in IETF RFC 9106. There are several variants of Argon2 that have subtly different security properties (Argon2d, Argon2i, Argon2id, Argon2ds — the latter one providing a property called cache-hardness. which Steve Thomas’s slide deck from BSidesLV 2022 explores in depth).
Argon2id is the variant most of us settled on in 2024.
Regardless of the variant used, the same underpinnings are used. From RFC 9106, section 3.2:
Argon2 uses an internal compression function G with two 1024-byte inputs, a 1024-byte output, and an internal hash function H^x(), with x being its output length in bytes. Here, H^x() applied to string A is the BLAKE2b ([BLAKE2], Section 3.3) function, which takes (d,ll,kk=0,nn=x) as parameters, where d is A padded to a multiple of 128 bytes and ll is the length of d in bytes. The compression function G is based on its internal permutation. A variable-length hash function H’ built upon H is also used. G is described in Section 3.5, and H’ is described in Section 3.3.
Bold text for emphasis.
If you weren’t adept at playing Crypto Algorithm Bingo, it might be easy to miss the fact that BLAKE2b is NOT a cryptographic algorithm approved for use in FIPS validated modules.
So, full stop, unless NIST and the US Department of Commerce turn over a new leaf and add BLAKE2 to the approved algorithms list for FIPS, this is a non-starter.
Well, why not use yescrypt? Or scrypt for that matter?
Yescrypt (and scrypt before it) are based on Salsa20/8. In fact, most of the time computing a KDF output with either algorithm is spent on Salsa20-encryption regions of memory.
After all the computing resources are spent on Salsa20/8 and memory management, PBKDF2-SHA256 is used to compress the output to a fixed length. This is arguably complying with NIST’s requirements to use PBKDF2–albeit with an iteration count of 1 (so it’s just artificially sweetened HMAC, if we’re being honest with ourselves).
How are systems complying today?
I’ve heard a few conflicting stories over the years from folks that care a lot about FIPS (presumably because the US government is a significant chunk of their annual recurring revenue). It’s possible I’m misremembering what they said, so please take these secondhand anecdotes with an appropriate amount of salt.
One person claimed that Scrypt is fine since “the last step is PBKDF2”, and if an auditor blinks, you allegedly just need to document all the Salsa20 stuff as “obfuscation” and PBKDF2 is what you’re really doing to comply.
Another approach I heard was to run a memory-hard KDF in parallel with PBKDF2, then use HKDF to combine the two outputs.
Between the two, I’m more likely to believe that an auditor would approve the latter HKDF-based design, but I’ve never worked at a NIST CMVP lab, so who knows?
Unfortunately, NIST SP 800-63B has little to say about the specifics:
Examples of suitable key derivation functions include Password-based Key Derivation Function 2 (PBKDF2) [SP 800-132] and Balloon [BALLOON]. A memory-hard function SHOULD be used because it increases the cost of an attack.
I already said that PBKDF2 isn’t memory hard, so that’s useless here.
The other example they gave, Balloon Hashing, is frankly a weird recommendation to make, given the lack of a stable reference implementation and how poorly specified it is.
This is starting to look like a catch-22. Maybe we would be better off not supporting passwords anymore.
But what if you can’t make that decision?
What would a modern NIST standard for password-based cryptography even look like?
Towards Gargon: Government-flavored Argon2
Is that last question even answerable?
I argue, “Probably yes.” From the introduction to RFC 9106:
Argon2 is also a mode of operation over a fixed-input-length compression function G and a variable-input-length hash function H. Even though Argon2 can be potentially used with an arbitrary function H, as long as it provides outputs up to 64 bytes, the BLAKE2b function [BLAKE2] is used in this document.
Clearly, the Argon2 RFC authors intended to allow the hash function be swapped out for another one.
So can we just
str_replace()BLAKE2b with SHA512 (or SHA3-512) and call our job done?No, that would be too easy.
The internal compression function, G
Argon2’s design involves computing the internal compression function, G, over regions of memory. The linked section of that version of RFC 9106 provides a good overview of the construction.
- G is defined in terms of the permutation, P.
- P is based on the round function of BLAKE2b.
- The BLAKE2b round function is based on ChaCha, which is similar to Salsa20 (and designed by the same author), which we already established isn’t approved for FIPS.
So if we’re going to invent a Government-tolerable variant of Argon2, we’ll need to be a bit more creative about our choice for G as well.
More precisely, even if we keep the overall structure of G intact, we’ll need to define a FIPS-able permutation, P.
The permutation, P, for building the internal compression function, G
A reasonable person would assume we would need to pick a component from the hash function we’re building atop which has an increased circuit depth. After all, that’s what the Argon2 designers did:
The modular additions in GB are combined with 64-bit multiplications. Multiplications are the only difference from the original BLAKE2b design. This choice is done to increase the circuit depth and thus the running time of ASIC implementations, while having roughly the same running time on CPUs thanks to parallelism and pipelining.
And this is where reasonableness hits a wall. There are several directions that one could go to invent Government-tolerable Argon2.
- The SHA-2 family compression function (i.e., , , , and ).
- The basic block permutation function from SHA3 (i.e., , , , , and ).
- Look elsewhere in the FIPS algorithm suite, such as AES (e.g., in Counter Mode, to exploit the hardware acceleration of AES in modern CPUs).
Each of these ideas is terrible in their own way.
The cryptanalysis results showing that the best attack against a full hash function costs 2 to some power queries don’t imply the security of each constituent component. So you’re really rolling the dice if you pursue this.
AES might be okay, depending on how it’s constructed and used. But the devil’s always in the details.
It’s starting to seem like Gargon’s possibility is fleeting, after all.
Wouldn’t life be simpler if NIST just approved BLAKE2b and/or Argon2 for use in FIPS validated modules?
Yes, life would be much simpler. NIST should do that.
Unfortunately, until that day comes, there are yet more windmills that need tilting.
https://scottarc.blog/2024/06/17/the-quest-for-the-gargon/
#Argon2 #crypto #Cryptography #CryptographyStandards #cybersecurity #encryption #FIPS #NIST #passwordBasedCryptography #passwords #PBKDF2 #security
-
Coup de cœur - Recettes Chatponaises de Laura Kié et Haruna Kishi - Mango (livre de cuisine) https://www.alivrouvert.fr/coups-de-coeur/2025/recetchaponese/ Coup de cœur d’Émilie: Dans ce livre de cuisine, vous trouverez des recettes
#coups-de-coeur -
#american_flag #american_flag_bikini #american_flag_legwear #american_flag_print #armpits #ass #bat_(animal) #bikini #blonde_hair #breasts #clownpiece #collarbone #commentary_request #fairy_wings #feet #flag_print #flag_print_bikini #full_moon #graveyard #halloween #harunoha #hat #highres #jester_cap #legacy_of_lunatic_kingdom #moon #polka_dot #polka_dot_headwear #print_bikini #purple_hat #red_eyes #sharp_teeth #small_breasts #star-shaped_pupils #star_(symbol) #star_print #swimsuit #symbol-shaped_pupils #teeth #toes #touhou #wings https://danbooru.donmai.us/posts/10181917
-
Proverbe swahili (280)
Nyanya hafunzwi na mjukuu kuamwa.
Ce n'est pas le petit fils qui apprend à la grand mère comment téter.
#Kiswahili #bantu #MethaliZaKiswahili #swahili #proverbes #ProverbesAfricains #ProverbesSwahilis #ProverbesSwahili #eac
-
Proverbe swahili (2)
Hakuna lilichofichama ila litajulikana
Il n'est rien de caché qui ne sera connu de tous.
(Petite pensée pour Agnès Pannier Runacher 😁)
-
"De geest van Dick Schoof waart nog rond in Den Haag, en onder Rob Jetten blijkt de oude politieke cultuur hardnekkig. Er is helemaal niet gebroken met het kabinet-Schoof, de oude politieke cultuur is voortgezet.
[...]
De vele Haagse instituties, de hoge colleges van staat, de wetenschap, de ambtenaren en, ja, ook de journalistiek, hadden (terecht) bakken met kritiek op Schoof. Jetten heeft die kritiek nog niet gekregen. Waarom eigenlijk niet?"https://www.nrc.nl/nieuws/2026/05/05/dick-schoof-is-voer-voor-satirici-geworden-maar-zijn-invloed-is-blijvend-a4927059 #Schoof #Jetten
-
Pues puedo decir que nos lo pasamos dpm yo y @drew_haruno en la #JapanWeekendMadrid x). Ha sido muy tranquilito por nuestra parte.
Estuvimos viendo a parte del reparto de Dragon Ball Super en una pequeña conferencia que hicieron y organizaron allí, y luego fuimos cosplayeados de Cloud y Tifa (FFVII R.) tan ricamente. -
Si buscas #sorprender a tu persona favorita con algo #diferente, es imprescindible pensar en una #coctelería original para #encantar su paladar. Por eso te dejamos varias #mezclas que harán de este #SanValentín una fecha memorable https://wp.me/paVy8e-5Nl
-
Si buscas #sorprender a tu persona favorita con algo #diferente, es imprescindible pensar en una #coctelería original para #encantar su paladar. Por eso te dejamos varias #mezclas que harán de este #SanValentín una fecha memorable
https://mostosydestilados.cl/cocteles-para-impresionar-en-este-dia-de-los-enamorados/
-
A Guide For Heat-Treating Steel at Home - A lot of colloquial words that we might use when describing something’s durability... - https://hackaday.com/2023/12/28/a-guide-for-heat-treating-steel-at-home/ #highcarbonsteel #heattreating #tempering #toolsteel #hardness #how-to #metal #steel
-
CNC Intaglio-Esque Engraving - Intaglio is an ancient carving technique for adding details to a workpiece, by man... - https://hackaday.com/2023/03/24/cnc-intaglio-esque-engraving/ #cncengraving #gemstones #mohsscale #hardness #intaglio #carving #art
-
@Ludo
At its core bitcoin is #money — as defined by real economists. A real economist will tell you that money must be something that requires a non-trivial amount of energy to produce/procure, they call this "#hardness".For thousands of years we used #gold. It had to be mined, and so the act of #mining it was proof-of-energy used, #proofOfWork, proof that someone valued it enough to use a bit of #energy on that rather than growing wheat, for example.
It procurement-'hardness' - not physical.
-
21 de junio
Hoy es 21 de junio, una fecha importante y muy simbólica.
Este día, marca la mitad de los cambios estacionales. En el hemisferio norte, comienza el verano: Días más cálidos, con temperaturas pesadas y paisajes más claros. Mientras que en el hemisferio sur, varios países reciben el invierno: Las temperaturas descienden drásticamente, la gente prefiere quedarse en su casa a hacer maratón de su serie favorita y las emociones están a flor de piel.
En el hemisferio norte, muchos festejarán su cumpleaños tomando helado y gozando del acogedor clima de la playa, con la fragancia del mar filtrándose en su ser. Por otra parte, los del hemisferio sur, celebramos nuestro cumpleaños con chocolate caliente. Y los más afortunados, con una chimenea en el hogar y nieve en la ciudad.
En la astrología, el 21 de junio es la entrada del sol en Cáncer, una temporada para enfocarse en la intuisión, las emociones y el hogar interior; un momento donde la sensibilidad y la introspección se potencian. Es normal que en estos días te sientas confundido/a, abrumado/a por sentimientos que no sabes definir. Tu corazón no los reconoce, pero el alma, que está más adelantada que nuestra parte consciente, ya lo sabe todo, aceptándolo mucho antes. Solo hay que tenerle paciencia al corazón; a veces, por situaciones dolorosas de la vida, tarda en reaccionar; pero eso no significa que nunca lo haga.
En el ámbito espiritual, el 21 de junio es visto como un portal energético de renovación, expansión y claridad; simboliza el triunfo de la luz sobre la oscuridad, la manifestación de los deseos y el despertar de la conciencia.
Este Solsticio nos invita a reflexionar: Nos damos cuenta de que superamos aquellas adversidades que creíamos que no tenían solución. Vemos la luz en el horizonte, sentimos algo extraño en el pecho. Como un calor que abriga el corazón, y la calma que nos hace saber que todo lo malo ya pasó.
Es el momento para manifestar todos tus deseos; no importa cuan descabellados les parezcan al resto. Son tus sueños, no los de la sociedad; concéntrate en el bien que te hace a ti. Has oídos sordos a los comentarios maliciosos y persigue tus deseos, un día se harán realidad.
Es el momento para analizar y despertar, recopilando enseñanzas que nunca imaginaste tener en tu poder. Y esas enseñanzas, son las que un día compartirás con el mundo. A través de canciones, escritos o videos. No importa qué método uses como canalizador de sabiduría, porque hasta el medio más común, nos ayuda a crecer.¡Un abrazo de luz! Mélzefynn.
#Espiritualidad #Escritos #Reflexiones #Solsticio #21DeJunio #Escritora #Writer #Mélzefynn #Escritores #Writers #EscritoresEnMastodon #WritersOnMastodon #Literaverso
-
Factsheet over de mogelijkheden voor vrouwen in de IT
Waarom kiezen nog steeds weinig meisjes en vrouwen voor techniek en IT? Welke hordes komen ze tegen op hun weg naar werk in bèta-vakken, techniek en IT? Een factsheet geeft achtergrond en inspiratie.Volgens Expertisecentrum VHTO stuiten meisjes en vrouwen – van de 1e schooljaren tot aan de werkvloer – nog vaak op hardnekkige hordes: stereotypen, onbewuste vooroordelen, een gebrek aan rolmodellen en een omgeving waarin zij zich niet altijd welkom of serieus genomen voelen. Deze factoren beperken hun zicht op een toekomst in deze sectoren. En dat is een gemiste kans voor iedereen.
Factsheet
VHTO (Voor Haar Technische Ontwikkeling) brengt deze hordes overzichtelijk in kaart in een factsheet. Die laat niet alleen zien waar het wringt, maar vooral wat de mogelijkheden zijn om er iets aan te kunnen doen. Interessant voor onderwijsprofessionals, werkgevers en beleidsmakers die willen bijdragen aan gelijke kansen en meer diversiteit in techniek en IT.
Lees de factsheet van VHTO.
Dit is een automatisch geplaatst bericht. Vragen of opmerkingen kun je richten aan @[email protected]
-
Hattuprojekti etenee. Noin 8-10 kerrosta vielä ja sitten ehkä on hattu valmis. Päätin sovitteluvaiheessa jo etten enää noudata ohjeiden mitoituksia, vaan luotan omaan intuitioon ja sovitan jatkuvasti hattua päässäni. Sen pitää tuntua hyvältä. En halunnut aloittaa lisäyksiä liian aikaisin, sillä hattu ei pysyisi päässä jos ulkona tuuleekin 8m/s. 🤓🍃
-
Vuosi 2025 .. .eiku 2026, ja MS Wordiin ei edelleenkään voi liittää tekstiä muualta tarkistamatta aina liittämisen jälkeen että muu dokumentti ei mennyt kappaletyyleiltään ihan päin peetä.
On se hittolainen kun ei onnistu. Käytin just 15 min siihen, että peruuttelin N kpl muutoksia taaksepäin, kun Jonkun CopyPasten ™️ jälkeen koko dokkari heitti aivan häränpyllhyä.
prkl.
-
𝗚𝗼𝗹𝗳𝘀𝘁𝗮𝘁𝗲𝗻, 𝗧𝘂𝗿𝗸𝗶𝗷𝗲 𝗲𝗻 𝗜𝘀𝗿𝗮ë𝗹 '𝘃𝗿𝗼𝗲𝗴𝗲𝗻 𝗧𝗿𝘂𝗺𝗽 𝗼𝗺 𝗜𝗿𝗮𝗻 𝗻𝗶𝗲𝘁 𝗮𝗮𝗻 𝘁𝗲 𝘃𝗮𝗹𝗹𝗲𝗻'
De Amerikaanse president Donald Trump zou deze week door Arabische landen, Turkije en Israël zijn verzocht om Iran niet aan te vallen. Zij vrezen dat een aanval van de VS op Iran kan leiden tot een groot en hardnekkig conflict in het Midden-Oosten, melden bronnen aan...
-
TAYLOR SHERIDAN Y PETER BERG SE HARAN CARGO DE LA PELICULA DE "CALL OF DUTY".
https://nuevoimagenesdeactualidad.blogspot.com/2025/10/taylor-sheridan-y-peter-berg-se-haran.html
#peterberg #taylorsheridan #cine #cinema -
The paper argues that agent systems can’t solve problems like the travelling salesman problem because of fundamental limits. That sounds impressive, but it’s really just computer science 101. The travelling salesman problem is NP-hard, which means no computer can efficiently solve every possible case unless P = NP, a question that is still unsolved.
👉 This limitation applies to all computing, not just agents or language models👈 .In the real world, nobody tries to solve every case perfectly. Practical programs use shortcuts: heuristics, approximations, and clever pruning. That’s how routing software, logistics systems, and scheduling tools work. They don’t find the perfect answer every time, but they find good answers fast enough to be useful. Agentic systems do exactly the same thing.
👉 The paper also mixes up two different ideas👈 . Computational difficulty explains why some problems are slow to solve perfectly. It does not explain why a system might confidently give a wrong answer. Those errors come from lack of checking, missing information, or bad assumptions, not from NP-hardness.
So the core claim is: hard problems are hard for everyone. That’s true, but it’s not a special weakness of #agentic_ai systems, and it doesn’t really explain the kinds of failures the paper is trying to blame on theory.
TLDR: The paper is shit, thats why no one serious peer-reviewed it. What is super embrassing that #Wired and #Futurism parroted it.
I expect to keep encountering reposts of this shite for the next 6 months like that "AI atriphies your critical reasoning" preprint from MIT.
There is plenty to hang dogs on #AI and #LLM, no need to make silly arguments against it.
#RegulateAI -
12 recetas con sandía que te harán olvidar que es una fruta: ¿Sabías que la sandía puede ser la reina de tus entrantes este verano? Ensaladas, tartares, montaditos… Descubre 12 recetas frescas y sorprendentes con las que te olvidarás de que esta fruta suele servirse y disfrutarse de postre. …
The post 12 recetas con sandía que te harán olvidar que es una fruta first appeared on Gastronomía & Cía. https://www.gastronomiaycia.com/12-recetas-con-sandia-que-te-haran-olvidar-que-es-una-fruta/?utm_source=dlvr.it&utm_medium=mastodon #Entrantes #fruta #Recetario #recetasdeverano -
#News #SDCC2025 | #JohnCarter vuelve, pero esta vez lo harán con serie animada
Fuente: @bleedingcool
https://bleedingcool.com/tv/john-carter-of-mars-animated-series-sets-official-sdcc-announcement/ -
#News #SDCC2025 | #JohnCarter vuelve, pero esta vez lo harán con serie animada
Fuente: @bleedingcool
https://bleedingcool.com/tv/john-carter-of-mars-animated-series-sets-official-sdcc-announcement/ -
#News #SDCC2025 | #JohnCarter vuelve, pero esta vez lo harán con serie animada
Fuente: @bleedingcool
https://bleedingcool.com/tv/john-carter-of-mars-animated-series-sets-official-sdcc-announcement/
