The Pentester’s Guide to Finding CBC Bit Flipping Vulnerabilities
If you spend enough time poking at web applications, you’ll eventually run into a target that handles session management poorly. You’ll intercept a re…
Latest News
⚑ Report a ProblemTech news from the best sources
All topics
- игры
AI
Gear
News
Tech
agents
ai
api
architecture
automation
beginners
career
claude
devchallenge
devops
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
react
security
showdev
tutorial
typescript
webdev
CBC Bit Flipping Explained: Why Encryption Alone Doesn't Guarantee Integrity
Most developers learn a hard lesson at some point in their careers: just because data is encrypted doesn't mean it’s safe from tampering. It’s an easy…
Signing your random numbers is theater. Here's what actually makes randomness trustworthy.
Three of my autonomous agents needed to pick a leader. Each one called random.random() , highest number wins. All three reported they won. Obviously. …
UVS: a draw's fairness as a fact you can recompute — not a certificate you trust
I've built casino slot machines and gaming systems for 15 years. I mostly stayed away from compliance, but once I had to write the official algorithm …
Encrypted Spaces
Fun stuff from Signal devs + edu+MS researchers: E2EE collaborative/social apps using zero-knowledge proofs and other crypto goodness. Servers provide…
Making post-quantum the default in a file format, not a toggle
Most "post-quantum" features I run into are a switch you have to find and flip. A checkbox in settings, an opt-in beta, a separate "secure mode." I wa…
rscrypto v0.4.0: Verifying Constant-Time Behavior Instead of Assuming It
Every cryptography library says it's secure and performant. Very few can explain how that security is validated and how that performance is proven aft…
How a Slow Office VPN Led Me to File a US Patent
This is the story of how a mundane complaint — "the VPN is slow" — turned into a US patent application. Not a granted patent. An application . I want …
Random Oracles in Python
A random oracle is a function $\mathcal{O}: {0,1}^* \to {0,1}^\infty$ where each output bit is independently and uniformly random, but the function is…
Spectre and Meltdown: When CPUs Leak Secrets by Guessing
For decades, processor designers chased speed by letting the CPU run ahead of itself — executing instructions before it was certain they were needed, …
Reed Specification or Better Prefix Authentication (2023)
Paper (and source of the alternate title) Comments
Zero-Knowledge Proofs: Proving You Know a Secret Without Revealing It
Suppose you need to prove you are over 18 without showing your birthdate, or that you know a password without sending it, or that a financial statemen…
Announcing the Trust Identity Protocol (TIP): HTTPS for the AI Era
Announcing the Trust Identity Protocol (TIP): HTTPS for the AI Era TL;DR. The Trust Identity Protocol (TIP) is a free, open, post-quantum-secure, pate…
What is the Difference Between Lattice-Based and Hash-Based Signatures?
Lattice-based and hash-based signature schemes represent two fundamentally distinct approaches to securing digital identities against quantum computer…
Post-quantum cryptography for embedded and IoT: secure boot, TLS and OTA
Post-quantum cryptography is no longer just a research topic. It is starting to affect the way embedded teams design TLS, secure boot, OTA, firmware s…
[Перевод] Соль и перец в безопасности паролей
Безопасность данных сегодня стала главным приоритетом для любого веб-ресурса. Базовым стандартом защиты учетных записей является хеширование паролей. …
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
Critics note a lack of factual support in lawsuit filed by US Senate candidate.
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers Subtitle: How digital signatures help prove who signed something, w…
OPAQUE: Password Authentication That Never Sends the Password
The standard way to log in — type a password, send it to the server, hope the server hashes it well — has a structural flaw nobody has been able to fi…
AI, которому запрещено быть правым
AI, которому запрещено быть правым Когда AI подключают к криптографической системе, обычно задают вопрос: может ли модель найти правильный ответ? Но в…
EU Chat Control: What Client-Side Scanning Actually Means for Encryption
The EU's proposed Chat Control regulation would require messaging providers to scan your messages for illegal content before encryption, on your devic…