Makura no Soshi

On crypto and security …

• Cryptographic Right Answers – Latacora
  You should keep things simple and conventional and easy to analyze; ‘boring’, as the Google TLS people would say.
• The PGP Problem – Latacora
  Serious cryptographers have largely given up on PGP and don’t spend much time publishing on it anymore (with a notable exception). Well-understood problems in PGP have gone unaddressed for over a decade because of this.
• The New Illustrated TLS Connection – Michael Driscoll
  A revised edition in which we dissect the new manner of secure and authenticated data exchange, the TLS 1.3 cryptographic protocol.
• Curl to shell isn’t so bad – Martin Tournoij
  [It] is a very direct way to run code from the internet, whereas the other methods are running code from the internet, but with extra steps. It may ‘feel’ different, but in reality it’s just the same.
• Why Don’t People Use Formal Methods? – Hillel Wayne
  Verifying code is a hard problem. More and more people are doing it, though, as theorem provers and SMT solvers get more sophisticated. It will probably remain a specialist thing for the foreseeable future.
• Running servers (and services) well is not trivial – Chris Siebenmann
  These days, it’s often relatively easy to ‘just set up a server’ or a service, especially if you already work in the cloud. Spin up a VM or a Docker image, install some stuff, done, right? Well, not if you want this to be reliable infrastructure.

This entry was posted on Monday, February 10th, 2020 at 9:13 and is filed under english, Links. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.