A: They are rotating at the same time.
Reliable time is handy like that.
#realworldcrypto
A: Not all, there are some requirements
#realworldcrypto
A: Those reports are considered outliers and are filtered out (?)
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN2V8irX4AA4ayf.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2WawzWoAAnLsX.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2X3hwWoAAGB_E.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2YHSeX0AAWCay.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2ZHIfX4AMH1ps.jpg)
A: Didn't benchmark, got it from the Zcash spec 🦓
#realworldcrypto
#realworldcrypto
* maybe not in speed but in cost, space, etc
#realworldcrypto
![](https://pbs.twimg.com/media/EN2jK_NWAAAE51U.jpg)
More consistent security margins across primitives.
Better nomenclature for better understanding.
#realworldcrypto
A: Agreed. Also I'm not responsible for any damage as a result of this talk. 😆
#realworldcrypto
GIT GIT GIT
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN2nKCVW4AANJGq.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2nmZJWoAAa_uA.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2od8WWkAEEWr-.jpg)
A: Correct no known attacks on HMAC, but why keep using SHA-1 there or anywhere else? I wouldn't recommend using HMAC-MD5 either.
// @SchmiegSophie
#realworldcrypto
github.com/freedomofpress…
sunder.readthedocs.io/en/latest/
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN2r3h5WAAACI_s.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN2swPSX4AA1Re7.jpg)
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN2t4V-X4AAbF2d.jpg)
#realworldcrypto
#realworldcrypto
#realworldcrypto
github.com/BLAKE3-team/BL…
#realworldcrypto
github.com/str4d/rage
github.com/FiloSottile/age
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3KiK8X0AA7YyK.jpg)
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3LrotUEAAL6tW.jpg)
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3MrBvX4AUQHFB.jpg)
#realworldcrypto
#realworldcrypto
A: Server keys in the browser on the client.
#realworldcrypto
A: The variance grows with the square root of the number or reporters, and the noise will wash out the signal in the data
#realworldcrypto
A: Mozilla already has a system for the regular telemetry reporting to protect against sybil attacks. 👍
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3TvnwU0AA6t7l.jpg)
A: If we change the timestamp range we can do that, the current scheme has kept it to 15 minutes.
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3V0gBX4AE-lZQ.jpg)
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3dHqpUUAEqAAL.jpg)
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3egSJXkAAaNzR.jpg)
- patch everything
- TEST YOUR PATCHES
- did you actually test them???
#realworldcrypto
![](https://pbs.twimg.com/media/EN3ewAoU0AATsa2.jpg)
- isolate your agent to a single _physical_ core on Intel CPUs
- harden your agents with SLH if you can afford it
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3lUpMU4AAAAAS.jpg)
#realworldcrypto
#realworldcrypto
0.04ms to check a cert, <8ms to check a whole chain
#realworldcrypto
#realworldcrypto
A: The paper we were implementing suggested them, but it did mention other options like hashing
#realworldcrypto
A: OCSP-must staple is an idea that's been around for a while without much adoption, we think CRLite is a replacement.
#realworldcrypto
#realworldcrypto
#realworldcrypto
#realworldcrypto
![](https://pbs.twimg.com/media/EN3twuVU4AAuZNi.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN3vEV_U8AA6Fom.jpg)
- If that's too long, truncate the stronger hash instead
- PKI like CT should scan for MD5 and SHA-1 thumbprints w/ collision detection
- be wary
#realworldcrypto
A: While computing an mD5 or SHA-1 hash, check for diffs in input blocks while hashing (i'm a little confused by this)
#realworldcrypto
#realworldcrypto
- very painful
- expensive
- "know where all your crypto is" oooof for some orgs this is _not_ feasible
#realworldcrypto
![](https://pbs.twimg.com/media/EN3ybuKVUAACDjd.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN3zI3dWoAEkeft.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN3zYQRUwAAZZSv.jpg)
#realworldcrypto
![](https://pbs.twimg.com/media/EN3z5ToU8AAWe3V.png)
A: Need inventory of all your current usage, waiting for asymmetric standards (NIST), can double symmetric keys sizes today.
#realworldcrypto
#realworldcrypto
No need to recombine as in secret sharing
Better performance than MPC
#realworldcrypto
![](https://pbs.twimg.com/media/EN32TErUwAAor71.jpg)
#realworldcrypto
#realworldcrypto
- minimal API
- connection broker
Avoiding single points of failure and mitigating attack surface
#realworldcrypto
Security people, what do you think about this strategy?
#realworldcrypto
A: Not yet, we would not necessarily do this for every project
#realworldcrypto