| Tweetovi |
|
Adam Langley
@agl__
|
1. velj |
|
Thanks! From the description it makes /dev/random work the way it always should have. (Opinions vary :)
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
isis agora lovecruft (they/them)
@isislovecruft
|
30. sij |
|
i believe i just did something no one has ever done before: i wrote a constant-time galois field implementation on a 6502 chipset, which not only does not have a constant-time hardware multiply instruction, but does not have a multiply instruction at all
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
Elie Bursztein
@elie
|
30. sij |
|
Say hello to OpenSK: a fully open-source security key implementation - security.googleblog.com/2020/01/say-he… #FIDO
|
||
|
|
||
|
Adam Langley
@agl__
|
17. sij |
|
We have them here. Sure, an oversupply of actual rooms would be nice but, absent that, they're actually quite useful. Effectively creates a few extra, small conference rooms.
|
||
|
|
||
|
Adam Langley
@agl__
|
16. sij |
|
Thus adding a security key requires U2F API support in the browser. But, once registered, using the security key needs only WebAuthn support.
|
||
|
|
||
|
Adam Langley
@agl__
|
16. sij |
|
Google registers security keys using the older U2F API. This is because the factory image for older Android devices may only support U2F credentials. WebAuthn supports backwards-compatible assertions, but not registrations. Browser support for U2F is not as good as for WebAuthn.
|
||
|
|
||
|
Adam Langley
@agl__
|
15. sij |
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
Pinboard
@Pinboard
|
30. pro |
|
When Inner Mongolia has better train service than your tech capital. twitter.com/PDChina/status…
|
||
|
|
||
|
Adam Langley
@agl__
|
20. pro |
|
Blocking until the pool has initialised and then never again is the correct behaviour. (I think that should be an uncontroversial statement but see retweeted article for reasons.) However, never blocking would be bad because it causes issues like smartfacts.cr.yp.to/smartfacts-201…
|
||
|
|
||
|
Adam Langley
@agl__
|
20. pro |
|
Seems that getrandom still has the correct behaviour, but now has a "jitter" source: git.kernel.org/pub/scm/linux/… twitter.com/__agwa/status/…
|
||
|
|
||
|
Adam Langley
@agl__
|
20. pro |
|
Thanks. That seems to suggest that it didn't happen, at least in 5.3, because Linus reverted a change that improved ext4 instead?
|
||
|
|
||
|
Adam Langley
@agl__
|
20. pro |
|
"Linux 5.3 will turn back getrandom() into /dev/urandom with its never-blocking behavior" Wait, what? Was getrandom crippled without me noticing? I can find an LWN thread but nothing definitive. twitter.com/NCCsecurityUS/…
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
Patrick Collison
@patrickc
|
17. stu |
|
Partly inspired by @albrgr's tweets, I dug a little more into recent findings on the relationship between air pollution and cognition. The effects seem rather amazingly large: patrickcollison.com/pollution.
|
||
|
|
||
|
Adam Langley
@agl__
|
15. stu |
|
No, just the fingerprint. (Although, technically, you could make a key that needed both but, in practice, just the fingerprint is needed.)
|
||
|
|
||
|
Adam Langley
@agl__
|
14. stu |
|
Both PINs and fingerprints are methods of user verification in CTAP2. However, it's basically assumed that all fingerprint security keys will have a PIN setup too, similar to how a PIN fall-back is required for iOS Touch ID.
|
||
|
|
||
|
Adam Langley
@agl__
|
11. stu |
|
The context was intended to be a celebration of the web platform in general and, since you took it a co-opting your work, we clearly missed the mark there. Sorry. The different browsers should have been called out more clearly.
|
||
|
|
||
|
Adam Langley
@agl__
|
11. stu |
|
The talk is about the web platform in general: the first screenshot is Edge, the second Brave, and the third Chrome. Other items in the talk are also covering the web in general, across multiple browsers. However, that could have been clearer.
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
Real World Crypto
@RealWorldCrypto
|
7. stu |
|
Preliminary list of talks for IACR Real World Cryptography is now out: rwc.iacr.org/2020/program.h… #realworldcrypto
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
Damien Miller
@damienmiller
|
1. stu |
|
U2F support in OpenSSH marc.info/?l=openssh-uni…
|
||
|
|
||
| Adam Langley proslijedio/la je tweet | ||
|
mjos\dwez
@mjos_crypto
|
30. lis |
|
You write: "the computational demands of SIKE out-weigh the reduced network traffic. Only for the slowest 5% of connections are the smaller messages of SIKE a net advantage."
Applies also to net energy measurements with portable devices (my slides for ETSI workshop next week). pic.twitter.com/xxtXePtW3x
|
||
|
|
||