Exciting news for the privacy community! A blind signature protocol has been standardized for practical use. Originally introduced by Chaum for untraceable payments, this cryptographic construct is now available for a wider range of applications. Check out the details and expect more privacy in technology products near you. While it is not resistant to attacks using theoretical (today) quantum computers, it is #GDPR compliant.
have #privacy about health info (think genetic disorders)
be anonymous in terms of DNA-person match (which means ethically working researchers can not include their data in studies, e.g. GWAS etc.)
Sensitive data matters. Biodata is one of the most sensitive types of data you can think of. My advice: Don't use it as a first auth factor. And definitely not as a sole key for crypto.
NIST "botched" security analysis of Kyber in order to ensure it's selection, have kept the reasons secret and also happen to be working with the NSA. Doesn't look great does it: https://blog.cr.yp.to/20231003-countcorrectly.html
Does ECH (Encrypted Client Hello) make sense in the context of "small tech", i.e. hosting your own services, or only when using global CDNs / platforms? I'm guessing the latter...
It is tough place to be in. ECH makes some sense and could "protect" the users, but only if you use Cloudflare. But then Cloudflare gets all the data 🤷
Between the standard Java Runtime and the Bouncy Castle APIs there is a rich tool set of APIs to help work with the maze of standards and protocols needed for secure communication, storage and identity management. This book will help you navigate that maze and shine light into some of the darker corridors. https://leanpub.com/javacryptotoolsandtech#books#cryptography#Java
Would you pay for a book (ebook or print) that walks through #cryptography ideas from PRNGs through XOR through simple ciphers through Libsodium with detailed examples in #PHP
As I'm sure with many of you, I have a fascination with #cryptography by hand.
There's something intriguing about agents behind enemy lines, tuned into shortwave radio, transcribing numbers, and decrypting messages with a one-time pad.
Impractical for 99% of use cases, highly error-prone, insecure, and mind-numbingly slow to execute. Still, learning such things can be educational and fun.
But instead of encryption, what about randomness? What can we do by hand here?
We're also pleased to have @cdteurope's Iverna McGowan moderate the discussion 🌟 & to hear from Noémie Levain, Legal Expert at @LaQuadrature, Beatriz Ramalho da Silva, Investigative Journalist at @lhreports & Bart Staszewski LGBTI+ activist, founder and chairman of Basta Fundacja 🤩