Steve Profile picture
Mostly drunk ramblings of a programmer and cryptography enthusiast. I do stuff… sometimes. Creating @hsmVault… eventually. Obviously my views are my employer's.
Jul 26, 2020 6 tweets 2 min read
I watched the trailer for "For All Mankind" season 2 and was like that's a Marilyn Manson song…? "The Beautiful People"?… nope… oh I know it's "Sweet Dreams"… oh fuck he did black face 😳. Also wrong song… hmm was that a cover or something? Ah "Sweet Dreams" by Eurythmics. I think my brain is broken. I'll "Blame It (on the alcohol)" by Jamie Foxx… that song is super rapey. Was that a cover or something because I do not remember the lyrics besides "blame it on the alcohol". This is like when I tweeted "Netflix and chill" not knowing it was sexual.
Feb 8, 2020 4 tweets 1 min read
Correction: there are over one million people on the "have not committed a crime list and are being harassed". Note my previous tweet might make you think I'm picking and choosing but I think far right-wing/Neo-Nazis/white nationalist terrorists should have rights… also should be infiltrated and monitored. Note they should have encryption… it's just spies should be in their group.
Dec 15, 2019 6 tweets 2 min read
Best Xmas movie is "A Christmas Horror Story" (obviously a play on "A Christmas Story")… Also "christmas horror" is like the best movie genre. In "A Christmas Horror Story" just ignore the high school documentary thing, the other three are the only ones I remembered. Just now I'm like "oh there's a forth story?"
Aug 30, 2019 4 tweets 2 min read
I fcuking love whacthing dumb people come up with "solutions" while drunk. @SGgrc's "how to slove hotel mobile phone keys" is fucking stupid because publie key crypto is slow AF and it could use symeterec. Since it's like "AES counter to get nect private key". That's a ratchet. He could just basically-ish do s/asymmetric/symmetric/ and it's good. I had a way more complex solution just because you should not let in someone after they shouldn't (even if the next customer hasn't come in) and clock skew. Also master keys, common doors, & dumping lock's mem.
Jul 13, 2019 9 tweets 3 min read
I've been meaning to do a postmortem on the password hashing competition for probably over 2 years. I wanted optimized defender and attacker code for each algo. So we could make a good choice. We really needed to have an optimization competition with financial rewards. Also if we auto submitted "pre and post hashed bcrypt" it probably would of made us go "oh shit 'memory hard' is not the way to go it's 'cache hard'". Since a better cache hard algo, like Pufferfish, is better for "≲2.5 second" runs than Argon2 (both tuned correctly).
Jul 3, 2019 4 tweets 2 min read
Cool story bro, but:
1 SMS is not encrypted
2 Of those mentioned only Signal is not obviously broken, besides phone numbers
3 Outlawing crypto means we'll get better crypto and only "outlaws" will use it
4 99.9999% of cases don't need to break crypto 5 Terrorism "doesn't exist" (0.0000001%=="doesn't exist")
6 Drugs aren't that bad
7 If you wanted to protect children, then outlaw religions. Because pedos gravitate towards them. (Note only one religion got publicly shamed for it, but all religions "deal with"/hide it.)
Apr 6, 2019 6 tweets 2 min read
Just remembered I forgot to do this to variable names in my blog. Do screen readers read things that are "display: none" in CSS? Also how do you force a translator to see "some Variable" as "some variable"? because Google translate is messing up thinking it's a proper noun. Also which I just found out I never updated it to formulas.php… oh it's unfinished. Anyway I was testing with (en->es->en). Which doesn't translate how it should, except in the hover over text on the last one.
Mar 17, 2019 5 tweets 2 min read
1/5 LOL at Facebook going "E2E"
1) It's a lie because web clients
2) They already have everything on you/friends & apply that to your friends/you
3) If you have an FB app on your phone, you doxxed all of your contacts
4) It's the 9th item on 2/5 Wow, apparently it took a year to tweet that according to the modified date of that file. Oh right I had base64 hashes originally because the 140 character limit… oh shit I did squeeze it into 140. I had longer tweets because roamers of increased tweet size.
Nov 18, 2017 4 tweets 2 min read
Passwords w/ @jpgoldberg…
P.S. LastPass knows where/when you login. URLs are plaintext and they report login events. @jpgoldberg Also there was a bug that caused it to still report logins even when disabled. You can quote me on all of this… you know for legal reasons.
May 27, 2017 4 tweets 1 min read
I found a use for ProtonMail, throw away email addresses to register for stuff. (They don't require a phone number) Sucks that ProtonMail->Facebook->LinkedIn doesn't work. Fucking LinkedIn still requires a phone number to register
Feb 10, 2017 4 tweets 1 min read
*Use Signal*
echo -n "I found a bug in double ratchet. Now to spend 20 hours trying to see if it's in Signal" | sha256sum It's a shitty MitM that I call a "James Bond attack". Figured this out when I heard about Axolotl ratchet (now Signal) & assumed it did 3DH.