Crypto

Because not all crypto is TLS.

Using Ed25519 signing keys for encryption

@Benjojo12 and I are building an encryption tool that will support SSH keys as recipients. For Ed25519 keys that requires converting points between different elliptic curves. Let's see why and how.…

A Go implementation of Poly1305 that makes sense

Cryptography code could be understandable if only we commented it. This Poly1305 implementation is an attempt to prove it. It should be readable with just an idea of what MACs are for, a beginner level of Go, and high school math.…

Live streaming Cryptopals

tl;dr: I'm livecoding the Cryptopals in Go on Twitch, one set every Sunday. The recordings are on YouTube. Oh, wow. I love the idea. Would anyone here seriously watch 20 to 40 hours of me doing crypto, math and Go? Mic, screen, and everything. https://t.co/jx3s736bGm—…

The scrypt parameters

The recommended scrypt parameters in the Go docs were recently brought up for discussion given they haven't changed since 2009. Even if at this point I memorized the three numbers (N=16384, r=8, p=1) I only have a vague understanding of their meaning, so I took some time…

Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it only supports TLS version…