Posts about security

2019-07-24 18:56How (not) to sign a JSON object
2019-07-16 20:14The PGP problem
2018-08-03 19:00The default OpenSSH key encryption is worse than plaintext
2018-07-18 10:59Factoring the Noise protocol matrix
2018-07-05 07:59Self-compressing pickles
2018-06-12 15:27A child's garden of inter-service authentication schemes
2018-05-29 16:14Gripes with Google Groups
2016-05-19 12:25Nonce misuse resistance 101
2016-04-30 09:00Supersingular isogeny Diffie-Hellman 101
2016-03-12 09:35Introducing Teleport
2015-09-23 14:54Don't expose the Docker socket (not even to a container)
2015-07-09 08:26Today's OpenSSL bug (for techies without infosec chops)
2015-07-02 08:53HTTPS requests with client certificates in Clojure
2015-03-07 08:56Conflicting threat models
2015-02-20 22:24Securing APIs with shims
2014-07-28 23:58On discussing software security improvements
2013-01-30 18:55Securing against timing attacks with Twisted