|
You are here |
hardenedvault.net | ||
| | | | |
david.nepozitek.cz
|
|
| | | | | I've reversed-engineered the X Android app to find out whether it is as secure as claimed. It is not. | |
| | | | |
noiseprotocol.org
|
|
| | | | | ||
| | | | |
nfil.dev
|
|
| | | | | I've been reading up on the Double Ratchet algorithm and its implementations lately, as it's an exciting piece of crypto that offers some very nice guarantees: forward secrecy (ie. by breaking a key at some point you can't read older messages), eventual break-in recovery (ie. by breaking a key you can only read a few messages before the protocol recovers), and of course confidentiality and deniability. It's all done through the use of "ratchets", which are used to update the key used with each message. The algorithm comes at a nice time, when consumers are becoming more privacy-aware and governments more determined to perform mass surveillance, which is where E2E encryption becomes the only way to protect your data. | |
| | | | |
www.schneier.com
|
|
| | | Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways. Abstract: The recently published "MERGE" protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsou... | ||