Search
616 results for “hellmanmd”
-
Алгоритм Diffie-Hellman: Пишем приватный мессенджер на Go
Это продолжение прошлой статьи про данный алгоритм. Где я рассказывал про возможность общения между двумя пользователями без прямого обмена ключом шифрования. Я уже описывал идею создания прозрачного Open-Source мессенджера на основе этого алгоритма и хочу представить вам его самую простую реализацию с примерами кода. Кода будет много...
https://habr.com/ru/articles/802815/
#golang #ethereum #diffiehellman #example #cryptography #fyne
-
Алгоритм Diffie-Hellman: Пишем приватный мессенджер на Go
Это продолжение прошлой статьи про данный алгоритм. Где я рассказывал про возможность общения между двумя пользователями без прямого обмена ключом шифрования. Я уже описывал идею создания прозрачного Open-Source мессенджера на основе этого алгоритма и хочу представить вам его самую простую реализацию с примерами кода. Кода будет много...
https://habr.com/ru/articles/802815/
#golang #ethereum #diffiehellman #example #cryptography #fyne
-
Алгоритм Diffie-Hellman: Пишем приватный мессенджер на Go
Это продолжение прошлой статьи про данный алгоритм. Где я рассказывал про возможность общения между двумя пользователями без прямого обмена ключом шифрования. Я уже описывал идею создания прозрачного Open-Source мессенджера на основе этого алгоритма и хочу представить вам его самую простую реализацию с примерами кода. Кода будет много...
https://habr.com/ru/articles/802815/
#golang #ethereum #diffiehellman #example #cryptography #fyne
-
The Diffie-Hellman protocol is sort of becoming a 'Hello, World!' example for choreographic programming. Perhaps it's not very surprising, given the joint presence of Alice and Bob. ;-)
#itc #choreographicprogramming #cybersecurity #infosec #security
-
Nach dem Werbespot für Hellmann's Mayo mit Joshua Kimmich heute ein Dreh für Rewe. Und ich muss feststellen, dass das Komparsencatering in der Werbung um Dimensionen besser ist als bei #MünchenMord, #Hindafing oder #Polizeiruf110 #ExtraPopa
-
Nämä Karin Hellmanin kaksi työtä ovat jo itsessään riittävä syy käydä katsomassa HAMin "Pehmo"-näyttely. #TaideMastodon
-
Nämä Karin Hellmanin kaksi työtä ovat jo itsessään riittävä syy käydä katsomassa HAMin "Pehmo"-näyttely. #TaideMastodon
-
Nämä Karin Hellmanin kaksi työtä ovat jo itsessään riittävä syy käydä katsomassa HAMin "Pehmo"-näyttely. #TaideMastodon
-
Nämä Karin Hellmanin kaksi työtä ovat jo itsessään riittävä syy käydä katsomassa HAMin "Pehmo"-näyttely. #TaideMastodon
-
🔴 LIVE NOW ON VORTEX
📻 Vortex Rewind ⏪ (80s extended versions, maxi singles, long versions)
──────────────
🎵 Rex - Angelina Angeleyes (Special Club Mix By Emil Hellman)▶️ Écouter / Listen : VorteX [Radio]
https://lesonduvortex.net💬 Join us on Discord:
https://discord.gg/d82hJZBeDE -
Andy Samberg y Elle Fanning se unen para el comercial del Super Bowl 2026 de Hellmann (exclusivo) #Andy #Bowl #comercial #del #Elle #EXCLUSIVO #Fanning #Hellmann #para #Samberg #Super #unen #ButterWord #Spanish_News Comenta tu opinión 👇
https://butterword.com/andy-samberg-y-elle-fanning-se-unen-para-el-comercial-del-super-bowl-2026-de-hellmann-exclusivo/?feed_id=66926&_unique_id=6978c931ef573 -
MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS
-
MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS
-
MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS
-
MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS
-
#SteamNextFest is over, but I found two demos yesterday I really liked and wanted to shout out, starting with the beautiful #HellMaiden. Just watch this video. #AstralShift's games have this incredible hand-drawn animation style, and seeing #Virgil, #Ovid, and Dante as anime girls is strange and charming.
https://store.steampowered.com/app/4002340/Hell_Maiden_Demo/
-
AWS KMS 支援 ECDH
看到「Announcing AWS KMS Elliptic Curve Diffie-Hellman (ECDH) support」這篇的介紹,AWS KMS 支援 ECDH 了。
從 AWS 的文件「DeriveSharedSecret」這邊可以看到就是在不將 private key 暴露出來的情況下得到 ECDH 產生的 shared secret:
The private key in your KMS key pair
https://blog.gslin.org/archives/2024/08/22/11941/aws-kms-%e6%94%af%e6%8f%b4-ecdh/
#AWS #Cloud #Computer #Murmuring #Network #Security #Service #Software #amazon #aws #cloud #cryptography #ecdh #hsm #key #kms #secret #security #service #shared
-
Called it.
In Nov I wrote that ECC was the easier quantum target: postquantum.com/post-quantum/shor-rsa-ecc-diffie-hellman/
In March I argued Bitcoin's quantum risk was underestimated because everyone used RSA benchmarks: postquantum.com/post-quantum/bitcoin-quantum-risk-closer-ecc/
EUROCRYPT 2026 just confirmed both.
Chevignard, Fouque & Schrottenloher halved ECDLP qubit counts:
P-256: 2,124 → 1,193 (42% less than RSA-3072!)
P-224: 1,098 (21.5% less than RSA-2048)
Full writeup: https://postquantum.com/security-pqc/algorithm-quantum-ecc/
-
#Police recover 13m stolen rupees, arrest 6 in Helmand -
https://kensbookinfo.blogspot.com/p/world-capitals.html#KabulTop 10 Most Popular #Games Last Week On PS5, #Xbox Series -
https://kensbookinfo.blogspot.com/p/sports.html#25Here's what #CEOs and top execs are saying about how -
https://kensbookinfo.blogspot.com/p/business.html#42#Immigration minister’s spokesperson defends strict -
https://kensbookinfo.blogspot.com/p/canada.html#4Millions tap #Trump tax cuts this filing season as refunds -
https://kensbookinfo.blogspot.com/p/politics.html#4View all news from Capitals in the US https://kensbookinfo.blogspot.com/2026/03/latest-news-from-capitals-in-united.html
-
𝗨𝗻𝗶𝗹𝗲𝘃𝗲𝗿 𝗶𝗻 '𝘃𝗲𝗿𝗴𝗲𝘃𝗼𝗿𝗱𝗲𝗿𝗱𝗲 𝗴𝗲𝘀𝗽𝗿𝗲𝗸𝗸𝗲𝗻' 𝗼𝘃𝗲𝗿 𝘃𝗲𝗿𝗸𝗼𝗼𝗽 𝘃𝗼𝗲𝗱𝗶𝗻𝗴𝘀𝘁𝗮𝗸
Unilever is in vergevorderde gesprekken over de verkoop van de voedingsmiddelentak aan de Amerikaanse kruidenproducent McCormick. Onder de voedingsmiddelentak van Unilever vallen onder meer Knorr en sausmerken Hellmann's en Calvé.
-
𝗨𝗻𝗶𝗹𝗲𝘃𝗲𝗿 𝗶𝗻 '𝘃𝗲𝗿𝗴𝗲𝘃𝗼𝗿𝗱𝗲𝗿𝗱𝗲 𝗴𝗲𝘀𝗽𝗿𝗲𝗸𝗸𝗲𝗻' 𝗼𝘃𝗲𝗿 𝘃𝗲𝗿𝗸𝗼𝗼𝗽 𝘃𝗼𝗲𝗱𝗶𝗻𝗴𝘀𝘁𝗮𝗸
Unilever is in vergevorderde gesprekken over de verkoop van de voedingsmiddelentak aan de Amerikaanse kruidenproducent McCormick. Onder de voedingsmiddelentak van Unilever vallen onder meer Knorr en sausmerken Hellmann's en Calvé.
-
𝗨𝗻𝗶𝗹𝗲𝘃𝗲𝗿 𝗶𝗻 '𝘃𝗲𝗿𝗴𝗲𝘃𝗼𝗿𝗱𝗲𝗿𝗱𝗲 𝗴𝗲𝘀𝗽𝗿𝗲𝗸𝗸𝗲𝗻' 𝗼𝘃𝗲𝗿 𝘃𝗲𝗿𝗸𝗼𝗼𝗽 𝘃𝗼𝗲𝗱𝗶𝗻𝗴𝘀𝘁𝗮𝗸
Unilever is in vergevorderde gesprekken over de verkoop van de voedingsmiddelentak aan de Amerikaanse kruidenproducent McCormick. Onder de voedingsmiddelentak van Unilever vallen onder meer Knorr en sausmerken Hellmann's en Calvé.
-
𝗨𝗻𝗶𝗹𝗲𝘃𝗲𝗿 𝗶𝗻 '𝘃𝗲𝗿𝗴𝗲𝘃𝗼𝗿𝗱𝗲𝗿𝗱𝗲 𝗴𝗲𝘀𝗽𝗿𝗲𝗸𝗸𝗲𝗻' 𝗼𝘃𝗲𝗿 𝘃𝗲𝗿𝗸𝗼𝗼𝗽 𝘃𝗼𝗲𝗱𝗶𝗻𝗴𝘀𝘁𝗮𝗸
Unilever is in vergevorderde gesprekken over de verkoop van de voedingsmiddelentak aan de Amerikaanse kruidenproducent McCormick. Onder de voedingsmiddelentak van Unilever vallen onder meer Knorr en sausmerken Hellmann's en Calvé.
-
𝗨𝗻𝗶𝗹𝗲𝘃𝗲𝗿 𝗶𝗻 '𝘃𝗲𝗿𝗴𝗲𝘃𝗼𝗿𝗱𝗲𝗿𝗱𝗲 𝗴𝗲𝘀𝗽𝗿𝗲𝗸𝗸𝗲𝗻' 𝗼𝘃𝗲𝗿 𝘃𝗲𝗿𝗸𝗼𝗼𝗽 𝘃𝗼𝗲𝗱𝗶𝗻𝗴𝘀𝘁𝗮𝗸
Unilever is in vergevorderde gesprekken over de verkoop van de voedingsmiddelentak aan de Amerikaanse kruidenproducent McCormick. Onder de voedingsmiddelentak van Unilever vallen onder meer Knorr en sausmerken Hellmann's en Calvé.
-
MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS
-
📺ℹ️ TV-Tipp: Die investigative Doku „Inside Fußball - Wer kauft das Spiel?“ mit einem Blick auf Machtverschiebungen & die Zukunft des Fußballs.
Dabei kommen auch unser Vorstandssprecher Axel Hellmann sowie Sportvorstand Markus Krösche zu Wort. Jetzt in der ARD Mediathek.
-
Digital signatures and how to avoid them
Wikipedia’s definition of a digital signature is:
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.
—Wikipedia
They also have a handy diagram of the process by which digital signatures are created and verified:
Source: https://commons.m.wikimedia.org/wiki/File:Private_key_signing.svg#mw-jump-to-license (CC-BY-SA)Alice signs a message using her private key and Bob can then verify that the message came from Alice, and hasn’t been tampered with, using her public key. This all seems straightforward and uncomplicated and is probably most developers’ view of what signatures are for and how they should be used. This has led to the widespread use of signatures for all kinds of things: validating software updates, authenticating SSL connections, and so on.
But cryptographers have a different way of looking at digital signatures that has some surprising aspects. This more advanced way of thinking about digital signatures can tell us a lot about what are appropriate, and inappropriate, use-cases.
Identification protocols
There are several ways to build secure signature schemes. Although you might immediately think of RSA, the scheme perhaps most beloved by cryptographers is Schnorr signatures. These form the basis of modern EdDSA signatures, and also (in heavily altered form) DSA/ECDSA.
The story of Schnorr signatures starts not with a signature scheme, but instead with an interactive identification protocol. An identification protocol is a way to prove who you are (the “prover”) to some verification service (the “verifier”). Think logging into a website. But note that the protocol is only concerned with proving who you are, not in establishing a secure session or anything like that.
There are a whole load of different ways to do this, like sending a username and password or something like WebAuthn/passkeys (an ironic mention that we’ll come back to later). One particularly elegant protocol is known as Schnorr’s protocol. It’s elegant because it is simple and only relies on basic security conjectures that are widely accepted, and it also has some nice properties that we’ll mention shortly.
The basic structure of the protocol involves three phases: Commit-Challenge-Response. If you are familiar with challenge-response authentication protocols this just adds an additional commitment message at the start.
Alice (for it is she!) wants to prove to Bob who she is. Alice already has a long-term private key, a, and Bob already has the corresponding public key, A. These keys are in a Diffie-Hellman-like finite field or elliptic curve group, so we can say A = g^a mod p where g is a generator and p is the prime modulus of the group. The protocol then works like this:
- Alice generates a random ephemeral key, r, and the corresponding public key R = g^r mod p. She sends R to Bob as the commitment.
- Bob stores R and generates a random challenge, c and sends that to Alice.
- Alice computes s = ac + r and sends that back to Bob as the response.
- Finally, Bob checks if g^s = A^c * R (mod p). If it is then Alice has successfully authenticated, otherwise it’s an imposter. The reason this works is that g^s = g^(ac + r) and A^c * R = (g^a)^c * g^r = g^(ac + r) too. Why it’s secure is another topic for another day.
Don’t worry if you don’t understand all this. I’ll probably do a blog post about Schnorr identification at some point, but there are plenty of explainers online if you want to understand it. For now, just accept that this is indeed a secure identification scheme. It has some nice properties too.
One is that it is a (honest-verifier) zero knowledge proof of knowledge (of the private key). That means that an observer watching Alice authenticate, and the verifier themselves, learn nothing at all about Alice’s private key from watching those runs, but the verifier is nonetheless convinced that Alice knows it.
This is because it is easy to create valid runs of the protocol for any private key by simply working backwards rather than forwards, starting with a response and calculating the challenge and commitment that fit that response. Anyone can do this without needing to know anything about the private key. That is, for any given challenge you can find a commitment for which it is easy to compute the correct response. (What they cannot do is correctly answer a random challenge after they’ve already sent a commitment). So they learn no information from observing a genuine interaction.
Fiat-Shamir
So what does this identification protocol have to do with digital signatures? The answer is that there is a process known as the Fiat-Shamir heuristic by which you can automatically transform certain interactive identification protocols into a non-interactive signature scheme. You can’t do this for every protocol, only ones that have a certain structure, but Schnorr identification meets the criteria. The resulting signature scheme is known, amazingly, as the Schnorr signature scheme.
You may be relieved to hear that the Fiat-Shamir transformation is incredibly simple. We basically just replace the challenge part of the protocol with a cryptographic hash function, computed over the message we want to sign and the commitment public key: c = H(R, m).
That’s it. The signature is then just the pair (R, s).
Note that Bob is now not needed in the process at all and Alice can compute this all herself. To validate the signature, Bob (or anyone else) recomputes c by hashing the message and R and then performs the verification step just as in the identification protocol.
Schnorr signatures built this way are secure (so long as you add some critical security checks!) and efficient. The EdDSA signature scheme is essentially just a modern incarnation of Schnorr with a few tweaks.
What does this tell us about appropriate uses of signatures
The way I’ve just presented Schnorr signatures and Fiat-Shamir is the way they are usually presented in cryptography textbooks. We start with an identification protocol, performed a simple transformation and ended with a secure signature scheme. Happy days! These textbooks then usually move on to all the ways you can use signatures and never mention identification protocols again. But the transformation isn’t an entirely positive process: a lot was lost in translation!
There are many useful aspects of interactive identification protocols that are lost by signature schemes:
- A protocol run is only meaningful for the two parties involved in the interaction (Alice and Bob). By contrast a signature is equally valid for everyone.
- A protocol run is specific to a given point in time. Alice’s response is to a specific challenge issued by Bob just prior. A signature can be verified at any time.
These points may sound like bonuses for signature schemes, but they are actually drawbacks in many cases. Signatures are often used for authentication, where we actually want things to be tied to a specific interaction. This lack of context in signatures is why standards like JWT have to add lots of explicit statements such as audience and issuer checks to ensure the JWT came from the expected source and arrived at the intended destination, and expiry information or unique identifiers (that have to be remembered) to prevent replay attacks. A significant proportion of JWT vulnerabilities in the wild are caused by developers forgetting to perform these checks.
WebAuthn is another example of this phenomenon. On paper it is a textbook case of an identification protocol. But because it is built on top of digital signatures it requires adding a whole load of “contextual bindings” for similar reasons to JWTs. Ironically, the most widely used WebAuthn signature algorithm, ECDSA, is itself a Schnorr-ish scheme.
TLS also uses signatures for what is essentially an identification protocol, and similarly has had a range of bugs due to insufficient context binding information being included in the signed data. (SSL also uses signatures for verifying certificates, which is IMO a perfectly good use of the technology. Certificates are exactly a case of where you want to convert an interactive protocol into a non-interactive one. But then again we also do an interactive protocol (DNS) in that case anyway :shrug:).
In short, an awful lot of uses of digital signatures are actually identification schemes of one form or another and would be better off using an actual identification scheme. But that doesn’t mean using something like Schnorr’s protocol! There are actually better alternatives that I’ll come back to at the end.
Special Soundness: fragility by design
Before I look at alternatives, I want to point out that pretty much all in-use signature schemes are extremely fragile in practice. The zero-knowledge security of Schnorr identification is based on it having a property called special soundness. Special soundness essentially says that if Alice accidentally reuses the same commitment (R) for two runs of the protocol, then any observer can recover her private key.
This sounds like an incredibly fragile notion to build into your security protocol! If I accidentally reuse this random value then I leak my entire private key??! And in fact it is: such nonce-reuse bugs are extremely common in deployed signature systems, and have led to compromise of lots of private keys (eg Playstation 3, various Bitcoin wallets etc).
But despite its fragility, this notion of special soundness is crucial to the security of many signature systems. They are truly a cursed technology!
To solve this problem, some implementations and newer standards like EdDSA use deterministic commitments, which are based on a hash of the private key and the message. This ensures that the commitment will only ever be the same if the message is identical: preventing the private key from being recovered. Unfortunately, such schemes turned out to be more susceptible to fault injection attacks (a much less scalable or general attack vector), and so now there are “hedged” schemes that inject a bit of randomness back into the hash. It’s cursed turtles all the way down.
If your answer to this is to go back to good old RSA signatures, don’t be fooled. There are plenty of ways to blow your foot off using old faithful, but that’s for another post.
Did you want non-repudiation with that?
Another way that signatures cause issues is that they are too powerful for the job they are used for. You just wanted to authenticate that an email came from a legitimate server, but now you are providing irrefutable proof of the provenance of leaked private communications. Oops!
Signatures are very much the hammer of cryptographic primitives. As well as authenticating a message, they also provide third-party verifiability and (part of) non-repudiation.
You don’t need to explicitly want anonymity or deniability to understand that these strong security properties can have damaging and unforeseen side-effects. Non-repudiation should never be the default in open systems.
I could go on. From the fact that there are basically zero acceptable post-quantum signature schemes (all way too large or too risky), to issues with non-canonical signatures and cofactors and on and on. The problems of signature schemes never seem to end.
What to use instead?
Ok, so if signatures are so bad, what can I use instead?
Firstly, if you can get away with using a simple shared secret scheme like HMAC, then do so. In contrast to public key crypto, HMAC is possibly the most robust crypto primitive ever invented. You’d have to go really far out of your way to screw up HMAC. (I mean, there are timing attacks and that time that Bouncy Castle confused bits and bytes and used 16-bit HMAC keys, so still do pay attention a little bit…)
If you need public key crypto, then… still use HMAC. Use an authenticated KEM with X25519 to generate a shared secret and use that with HMAC to authenticate your message. This is essentially public key authenticated encryption without the actual encryption. (Some people mistakenly refer to such schemes as designated verifier signatures, but they are not).
Signatures are good for software/firmware updates and pretty terrible for everything else.
#authenticatedEncryption #cryptography #misuseResistance #signatures
-
🚨🦅 EXCLUSIVE | Albert #Riera (NK Celje) is currently the top candidate to become the new head coach of Eintracht Frankfurt.
Axel Hellmann confirmed yesterday: “We’re on the final stretch” - and it is expected to be Riera. Slovenian sources closely involved in the process confirm that concrete talks have taken place.
Alternative: Kjetil Knutsen. Copenhagen are not willing to release Jacob Neestrup. Marco Rose has not been a hot option recently. #SGE
