Post 9oPKVXTK7BK5NJOfAW by rumpelsepp@mastodon.social
 (DIR) More posts by rumpelsepp@mastodon.social
 (DIR) Post #9oP2hv8EAy6Z3RHeee by sir@cmpwn.com
       2019-10-29T01:24:42Z
       
       0 likes, 0 repeats
       
       It would be nice if there was a little command line tool whose only job was ed25516 key generation, encryption, decryption, signing, and signature verification. With no dependencies, implemented in POSIX C99. Hint, hint
       
 (DIR) Post #9oP2hxHACiRPhjTorQ by lanodan@queer.hacktivis.me
       2019-10-29T01:29:22.522637Z
       
       0 likes, 0 repeats
       
       @sir Not for {en,de}cryption, but minisign does that (with libsodium) and it's small enough that it could probably be made to use POSIX C99.
       
 (DIR) Post #9oP2k79gRa4uvL0jo0 by sir@cmpwn.com
       2019-10-29T01:24:52Z
       
       1 likes, 0 repeats
       
       inb4 someone mentions Rust
       
 (DIR) Post #9oP2pMXgf7O85tjzqC by sir@cmpwn.com
       2019-10-29T01:25:35Z
       
       1 likes, 0 repeats
       
       *puts on nasly voice* it's irresponsible to implement encryption in an unsafe language like C *pushes glasses up nose*
       
 (DIR) Post #9oP2pwqNh5jSgIlQye by sir@cmpwn.com
       2019-10-29T01:26:14Z
       
       1 likes, 0 repeats
       
       Bonus points if the actual encryption algorithm was opaque to the CLI usage
       
 (DIR) Post #9oP2pxpM2OVNjPI812 by seven@social.panthermodern.net
       2019-10-29T01:29:43Z
       
       0 likes, 0 repeats
       
       @sir Your newsletter is good...
       
 (DIR) Post #9oP2pyN21BRZPr31VY by sir@cmpwn.com
       2019-10-29T01:29:59Z
       
       0 likes, 0 repeats
       
       @seven ?
       
 (DIR) Post #9oP2vbJudDJnfFGxbE by ignaloidas@mastodon.gamedev.place
       2019-10-29T01:57:11Z
       
       0 likes, 0 repeats
       
       @sir It is (usually) irresponsible to implement encryption yourself.
       
 (DIR) Post #9oP32OTim8Jbra6Eq0 by sir@cmpwn.com
       2019-10-29T01:58:06Z
       
       0 likes, 0 repeats
       
       @ignaloidas I reckon it's irresponsible to make your own encryption _algorithm_, but so long as you stick "this hasn't been audited" on top of your readme I'm cool with implementing it yourself
       
 (DIR) Post #9oP38KO6teUCukIxBQ by djmoch@mastodon.danielmoch.com
       2019-10-29T01:37:54Z
       
       0 likes, 0 repeats
       
       @sir Isn’t this basically OpenBSD’s signify(1)?
       
 (DIR) Post #9oP3IKUFNpmw7JwbpI by ignaloidas@mastodon.gamedev.place
       2019-10-29T02:01:31Z
       
       0 likes, 0 repeats
       
       @sir Well that's why I added usually. I don't know for ECC, but RSA is notable for being easy to fuck up while implementing in subtle but important ways.
       
 (DIR) Post #9oP3kQp3QBUvsJ4p6m by sir@cmpwn.com
       2019-10-29T01:40:01Z
       
       0 likes, 0 repeats
       
       @djmoch signify, as the name implies, does not deal with encryption/decryption, but just signatures.
       
 (DIR) Post #9oP3kR4eUByUegNHQ8 by djmoch@mastodon.danielmoch.com
       2019-10-29T01:44:47Z
       
       0 likes, 0 repeats
       
       @sir touché
       
 (DIR) Post #9oP4ByCTQpV7DGA86S by nonlinear@soliton.nonlinear.zone
       2019-10-29T02:12:16.836530Z
       
       0 likes, 1 repeats
       
       @sir @djmoch signify(1) does not deal with encryption/decryption. But the follow-on reop(1) does.
       
 (DIR) Post #9oP4IMAjDZOvIWOKMS by sir@cmpwn.com
       2019-10-29T02:12:37Z
       
       0 likes, 0 repeats
       
       @nonlinear @djmoch still, BSD syndrome is a problem
       
 (DIR) Post #9oP4T6CWwCZGwyMAdM by nonlinear@soliton.nonlinear.zone
       2019-10-29T02:15:23.291177Z
       
       0 likes, 1 repeats
       
       @sir Please excuse my ignorance, what is BSD syndrome? I assume it’s related to licensing, but would like to clarify.  Thank you. @djmoch
       
 (DIR) Post #9oP4f0iz7p2FRLDVgG by sir@cmpwn.com
       2019-10-29T02:16:55Z
       
       0 likes, 0 repeats
       
       @nonlinear @djmoch no, it's related to portability.
       
 (DIR) Post #9oP4pwX33MLJceqYCm by nonlinear@soliton.nonlinear.zone
       2019-10-29T02:19:30.229185Z
       
       0 likes, 1 repeats
       
       @sir @djmoch ah, fair enough, thanks!
       
 (DIR) Post #9oPKVXTK7BK5NJOfAW by rumpelsepp@mastodon.social
       2019-10-29T05:14:08Z
       
       0 likes, 0 repeats
       
       @sir there is something similar available in go called age: https://github.com/FiloSottile/agehttps://age-tool.com/
       
 (DIR) Post #9oPVbzvWKfxorKrt8y by the_gayest_doggo@whomst.dog
       2019-10-29T04:27:37Z
       
       0 likes, 0 repeats
       
       @ignaloidas @sir we desperately need more people to get into crypto and step one unfortunately is shitty homespun translations tables and leaky ineffective implementstions
       
 (DIR) Post #9oPVc09LVH1TYDKvh2 by Wolf480pl@niu.moe
       2019-10-29T07:19:31Z
       
       0 likes, 0 repeats
       
       @the_gayest_doggo @ignaloidas @sir and then there are timing side channels, cache side channels, power side channels, and the like, and if you want to avoid those you need to be very careful to never use secret data in an if condition or array index.
       
 (DIR) Post #9oPXd4YGp2FdOwdK4G by the_gayest_doggo@whomst.dog
       2019-10-29T07:42:06Z
       
       0 likes, 0 repeats
       
       @Wolf480pl @ignaloidas @sir yes for sure, and beyond that theres linear and differential power analysis and other attacks that are extremely hard to solve at the software level. My hope in encouraging people to pursue cryptography is to introduce more and more people to this problem domain. Im not saying we should all use homespun crypto, but if we all gave it a shot the industry would be better equipped to critically analyse security techniques and algos
       
 (DIR) Post #9oPYLjze6YRMfhjmfh by bn4t@social.bn4t.me
       2019-10-29T07:49:56.534904Z
       
       0 likes, 1 repeats
       
       @ignaloidas ed25519 is specifically made to be easy to implement correctly.