Twitter | Pretraživanje | |
Tweetovi
Adam Langley 1. velj
Odgovor korisniku/ci @cobratbq
Thanks! From the description it makes /dev/random work the way it always should have. (Opinions vary :)
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
isis agora lovecruft (they/them) 30. sij
i believe i just did something no one has ever done before: i wrote a constant-time galois field implementation on a 6502 chipset, which not only does not have a constant-time hardware multiply instruction, but does not have a multiply instruction at all
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
Elie Bursztein 30. sij
Say hello to OpenSK: a fully open-source security key implementation -
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 17. sij
Odgovor korisniku/ci @__apf__
We have them here. Sure, an oversupply of actual rooms would be nice but, absent that, they're actually quite useful. Effectively creates a few extra, small conference rooms.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 16. sij
Odgovor korisniku/ci @gnyman @Google @laparisa
Thus adding a security key requires U2F API support in the browser. But, once registered, using the security key needs only WebAuthn support.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 16. sij
Odgovor korisniku/ci @gnyman @Google @laparisa
Google registers security keys using the older U2F API. This is because the factory image for older Android devices may only support U2F credentials. WebAuthn supports backwards-compatible assertions, but not registrations. Browser support for U2F is not as good as for WebAuthn.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 15. sij
Odgovor korisniku/ci @hilare_belloc
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
Pinboard 30. pro
When Inner Mongolia has better train service than your tech capital.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 20. pro
Odgovor korisniku/ci @sigkate
Blocking until the pool has initialised and then never again is the correct behaviour. (I think that should be an uncontroversial statement but see retweeted article for reasons.) However, never blocking would be bad because it causes issues like
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 20. pro
Seems that getrandom still has the correct behaviour, but now has a "jitter" source:
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 20. pro
Odgovor korisniku/ci @cobratbq
Thanks. That seems to suggest that it didn't happen, at least in 5.3, because Linus reverted a change that improved ext4 instead?
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 20. pro
"Linux 5.3 will turn back getrandom() into /dev/urandom with its never-blocking behavior" Wait, what? Was getrandom crippled without me noticing? I can find an LWN thread but nothing definitive.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
Patrick Collison 17. stu
Partly inspired by 's tweets, I dug a little more into recent findings on the relationship between air pollution and cognition. The effects seem rather amazingly large: .
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 15. stu
Odgovor korisniku/ci @hillbrad
No, just the fingerprint. (Although, technically, you could make a key that needed both but, in practice, just the fingerprint is needed.)
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 14. stu
Odgovor korisniku/ci @hillbrad
Both PINs and fingerprints are methods of user verification in CTAP2. However, it's basically assumed that all fingerprint security keys will have a PIN setup too, similar to how a PIN fall-back is required for iOS Touch ID.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 11. stu
Odgovor korisniku/ci @flamsmark @jonkrafcik @brave
The context was intended to be a celebration of the web platform in general and, since you took it a co-opting your work, we clearly missed the mark there. Sorry. The different browsers should have been called out more clearly.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley 11. stu
Odgovor korisniku/ci @flamsmark @jonkrafcik @brave
The talk is about the web platform in general: the first screenshot is Edge, the second Brave, and the third Chrome. Other items in the talk are also covering the web in general, across multiple browsers. However, that could have been clearer.
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
Real World Crypto 7. stu
Preliminary list of talks for IACR Real World Cryptography is now out:
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
Damien Miller 1. stu
U2F support in OpenSSH
Reply Retweet Označi sa "sviđa mi se"
Adam Langley proslijedio/la je tweet
mjos\dwez 30. lis
Odgovor korisniku/ci @agl__
You write: "the computational demands of SIKE out-weigh the reduced network traffic. Only for the slowest 5% of connections are the smaller messages of SIKE a net advantage." Applies also to net energy measurements with portable devices (my slides for ETSI workshop next week).
Reply Retweet Označi sa "sviđa mi se"