FLOE!
eprint.iacr.org/2025/2275
#realworldcrypto
10.03.2026 07:17
π 5
π 2
π¬ 1
π 0
FLOE!
eprint.iacr.org/2025/2275
#realworldcrypto
Next up, 'Random-Access AEAD for Fast Lightweight Online Encryption', presented by Andres Fabrega and Gregory Rubin
#realworldcrypto
My mom's advice remains generally good and wise for all couples.
Queen sized bed, king sized duvet/blanket.
Truly, words to love by.
Abstract. Signal is a secure messaging app offering end-to-end security for pairwise and group communications. It has tens of millions of users, and has heavily influenced the design of other secure messaging apps (including WhatsApp). Signal has been heavily analysed and, as a result, is rightly regarded as setting the βgold standardβ for messaging apps by the scientific community. We present two practical attacks that break the integrity properties of Signal in its advertised threat model. Each attack arises from different features of Signal that are poorly documented and have eluded formal security analyses. The first attack, affecting Android and Desktop, arises from Signalβs introduction of identities based on usernames (instead of phone numbers) in early 2022. We show that the protocol for resolving identities based on usernames and on phone numbers introduced a vulnerability that allows a malicious server to inject arbitrary messages into one-to-one conversations under specific circumstances. The injection causes a user-visible alert about a change of safety numbers, but if the users compare their safety numbers, they will be correct. The second attack is even more severe. It arises from Signalβs Sealed Sender (SSS) feature, designed to allow sender identities to be hidden. We show that a combination of two errors in the SSS implementation in Android allows a malicious server to inject arbitrary messages into both one-to-one and group conversations. The errors relate to missing key checks and the loss of context when cryptographic processing is distributed across multiple software components. The attack is undetectable by users and can be mounted at any time, without any preconditions. As far as we can tell, the vulnerability has been present since the introduction of SSS in 2018. We disclosed both attacks to Signal. The vulnerabilities were promptly acknowledged and patched: the first vulnerability was fixed two days after disclosure, while the second one was patched after eight days. Beyond presenting these devastating attacks on Signalβs end-to-end security guarantees, we discuss more broadly what can be learned about the challenges of deploying new security features in complex software projects.
Image showing part 2 of abstract.
Signal Lost (Integrity): The Signal App is More than the Sum of its Protocols (Kien Tuong Truong, Noemi Terzo, Kenneth G. Paterson) ia.cr/2026/484
Just finished presenting this work at Real World Crypto in Taipei :)
TL;DR: We found 2 attacks on Signal (Android, Desktop) where a malicious server can inject messages in conversations.
Super fun project! Thanks a bunch to Noemi Terzo, @kennyog.bsky.social, and @cryptojedi.bsky.social
We are proud to share that Professor David Basin and Dr Ralf Sasse from D-INFK, together with Professors Cas Cremers and Jannik Dreier, have received the Levchin Prize for Real-World Cryptography. Congratulations! π₯³
Read more: inf.ethz.ch/news-and-eve...
Off to #RealWorldCrypto to present my work on online (streaming) and random-access encryption!
Taipei, here I come!
None at all.
Smooth, safe, interfaces. If they need to think about the tool at all it means there is room for improvement.
The United States if it was an Oregon donor
I once, accidentally, did a headstand in fire.
It's only a man trap if it's from the Isle of Mann. Otherwise it's just a sparkling vestibule.
Cryptography engineering has an intrinsic duty of care.
Yeah. Reads fine to me (programmer/cryptographer).
I think that along with their beliefs in eugenics and pre-germ theory, they've also brought back phrenology.
Honestly, I'd support prescriptive phrenology in their cases.
Haha, this one was written about 5 years before chatgpt launched. www.smbc-comics.com/comic/conver...
The greatest offense to being presented with LLM generated text isn't just them thinking it coul be helpful to me, it's specifically that they think I'd be better off from *them* being the ones doing it despite their lack of context and lack knowledge about my process
soatok.blog/2026/02/17/c... #Matrix #security #cryptography
Context: soatok.blog/2026/02/17/c...
One nice thing about Instagram as a host for my short form vidya is you don't need to post every day to maintain momentum. That was really wearing me down on Tiktok.
Also check me out here for the curious: www.instagram.com/jabrassey/
I'm convinced AI is our generation's radium - a discovery with genuinely useful applications in specific, controlled circumstances that we stupidly put in everything from kid's toys to toothpaste until we realised the harm far too late where future generations will ask if we were out of our minds.
the nazis have once again forgotten one of the most important rules in combat: never get involved in a logistics war with the americans
It's on broadcast in the Seattle area. NBC 5.1 looks to have it.
He went inside to change his boots, dropping them off by the front door. As he was grabbing his sneakers from the jumbled pile of shoes, someone turned on the TV in the living room. It was an old tube set that didn't work so great, so there were small bursts of static between each channel flip. As Gabe tied his shoes he heard a burst of what sounded like some morning show (which was weird, neither Agnes or John watched those, and he was about to use the fact that somebody was watching TV to slip out unnoticed when he heard his name. "Gabriel-" Weird. He wondered what was on that channel. Then the channel flipped again. "we need" Someone must've been looking for something specific. John wasn't usually this impatient. Nor was anyone else who watched TV. "to talk." A slow chill ran down his spine. Hearing those words strung together from patchwork was disquieting, but it was probably coincidence. He took two steps back. The pattern of flipping channels repeated, and this time Gabe couldn't ignore the string of words coming from different voices. "Gabriel" "-we" "need" "to" "talk_"
The cover of Glassblade by Joseph Brassey, featuring a drawing of a teenage boy, a glass sword hilt, a pencil, a necklace, and an iPhone.
A drawing of a young man with dark hair, purple eyes, and a black jacket. The name on the side reads βGabeβ
Glassblade chapter 3 is up on Wattpad! Head on over and catch up with the story, and drop a review or a vote if youβre so inclined! Chapter 4 drops for subs at the early access tiers on Monday! #booksky
Wattpad page: www.wattpad.com/story/406254...
Subscribe: josephs-newsletter-41aee1.beehiiv.com
Don't worry. There's always tomorrow.
Want to catch up on Glassblade before subscribing to my newsletter? The first few chapters are available on Wattpad! Head on over and give em a read. The third chapter gets added on Friday, and be sure to leave a vote or a review! #booksky #wattpad
NEW: This isn't about "training." The two agents who murdered Alex Pretti - Jesus Ochoa and Raymundo Gutierrez - have been with Border Patrol for 8 and 12 years respectively. You can't reform CBP. Abolish ICE/CBP. www.propublica.org/article/alex...
Abolish ICE and fire all agents is the moderate position.
This judge does the thing quoting the Declaration of Independence at the Trump regime then adds for good measure: "Observing human behavior confirms that for some among us, the perfidious lust for unbridled power & the imposition of cruelty in its quest know no bounds & are bereft of human decency."
I wonder if thereβs good resources for protest beginners about how to tell the difference between higher and lower risk protests.
If youβve been doing it for a long time you can just kinda feel it out, but for those who havenβtβ¦.