Crypto

Because not all crypto is TLS.

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and…

I'm giving up on PGP

After years of wrestling GnuPG with varying levels of enthusiasm, I came to the conclusion that it's just not worth it, and I'm giving up. At least on the concept of long term PGP keys. This is not about the gpg tool itself, or about tools at all. Many already…

TLS nonce-nse

Starting a series of blog posts on TLS 1.3, I published my notes on the landscape of cipher nonces in TLS across versions, to help me clean up the implementation. Comes with hand-drawn diagrams! TLS nonce-nse | CloudFlare Blog (archive)…

An overview of TLS 1.3

I presented TLS 1.3 to the CloudFlare London office. Why it's faster, how it works, why it's safer, what's clever about it. The talk is recorded and comes with colored diagrams. There's a transcript on the CloudFlare blog. Update: you might want to watch my 33c3 talk on the…

So I lost my OpenBSD FDE password

The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. We know things get interesting when I lose a password. I did a weak attempt at finding some public bruteforce tool,…