Hacker News: honzaik

New comment by honzaik in "Ask HN: Who wants to be hired? (June 2026)"

honzaik — Wed, 03 Jun 2026 14:30:08 +0000

Location: Prague, Czechia (CET)

Remote: Yes

Willing to relocate: Open

Technologies: cryptography (post-quantum, provable security, applied cryptography, security protocols, elliptic curves), PKI, Rust, Java, PHP, Python, Sage, C++, SQL, SAML, AdES

CV: https://files.honza.phd/resume.pdf

Email: joupicky@gmail.com

Security researcher specializing in post-quantum cryptography and applied protocol security. Experienced in designing and evaluating real-world migration strategies for cryptographic infrastructure (PKI, TLS, SAML), with contributions to open-source libraries and standards-related validation efforts.

I am finishing my PhD in cryptography in a month. The focus of my PhD work was to develop a migration plan to post-quantum cryptography for a Qualified Trust Service Provider in Luxembourg.

New comment by honzaik in "Seattle Shield, an intelligence-sharing network operated by the Seattle police"

honzaik — Thu, 21 May 2026 21:38:17 +0000

this is like arguing that laws are useless because theyre not bulletproof. please stop with this pseudological thinking

New comment by honzaik in "Instructure pays ransom to Canvas hackers"

honzaik — Tue, 12 May 2026 21:13:39 +0000

maybe they were using quantum computers the whole time https://eprint.iacr.org/2022/1178 /s

New comment by honzaik in "Google Cloud fraud defense, the next evolution of reCAPTCHA"

honzaik — Thu, 07 May 2026 08:40:42 +0000

I can't wait to give Google more data about my browsing habits! Seriously, this is insane and everyone who supports this lost the plot.

New comment by honzaik in "Where the goblins came from"

honzaik — Thu, 30 Apr 2026 08:28:58 +0000

although emdashes are not common on the internet, there are prevalent in books.

New comment by honzaik in "ChatGPT Images 2.0"

honzaik — Tue, 21 Apr 2026 21:09:51 +0000

I was just wondering about that. Did they embrace it as a “signature look”? it cant be accidental, right?

New comment by honzaik in "NSA is using Anthropic's Mythos despite blacklist"

honzaik — Mon, 20 Apr 2026 12:11:55 +0000

last week's "truth" (https://truthsocial.com/@realDonaldTrump/posts/1164091464198...)

"I am willing to risk the giving up of my Rights and Privileges as a Citizen for our Great Military and Country! Our Military Patriots desperately need FISA 702, and it is one of the reasons we have had such tremendous SUCCESS on the battlefield."

New comment by honzaik in "LinkedIn Is Illegally Searching Your Computer"

honzaik — Thu, 02 Apr 2026 14:57:45 +0000

I am aware that google will take looong time to act. that is why I mentioned that it is LinkedIn (Microsoft) or its contracted fingerprinting/"monitoring" partner who may have more direct ways to report this if they actually investigate malicious extensions.

but that doesn't really matter. for the sake of the argument assume the extensions are not malicious (as evidenced e.g. by the PQC one with ?16 users?) does that change the situation?

New comment by honzaik in "LinkedIn is searching your browser extensions"

honzaik — Thu, 02 Apr 2026 14:22:13 +0000

well if they have evidence why they dont report it? why are these extensions on the store? im sure linkedin has enough motion to report it directly to google

also, having a PQC enabled extension doesnt seem like a good "large user base capture" tactic.

the source code is as usual obfuscated react but that doesnt mean its malicious...

EDIT: i debuged the extension quickly and it doesnt seem to do anything malicious. it only sends https://pqc-extension.vercel.app/?hostname=[domain] request to this backend to which it has permissions. it doesnt seem to exfiltrate anything else. it might get triggered later but it has very limited permissions anyway so it doesnt seem to be a malicious extension. (but im no expert)

New comment by honzaik in "LinkedIn is searching your browser extensions"

honzaik — Thu, 02 Apr 2026 14:16:26 +0000

it apparently scans for something like "PQC Checker", an extension for checking if TLS connection is PQC-enabled? how is that a spam extension (and thats just a random one i saw)

New comment by honzaik in "Quantum computing bombshells that are not April Fools"

honzaik — Thu, 02 Apr 2026 08:13:38 +0000

1) yes, everything is affected, but everything else is being migrated to PQC as we speak

2) "256-bit encryption" has different meanings in different contexts. "256-bit security" generally refers to cryptosystem for which an attack takes roughly 2^256 operations. this is true for AES-256 (symmetric encryption) assuming classical adversaries. this is not true for elliptic curve-based algorithms even though the standard curves are "256-bit curves", but that refers to the size of the group and consequently to the size of the private key. the best general attacks use Pollard's rho algorithm which takes roughly 2^128 operations, i.e., 256-bit curves have 128-bit security.

in the context of quantum attackers, AES-256 is still fine although theoretically QCs halve the security; however its not that big of a deal in practice and ultimately AES-128 is still fine, because doing 2^64 "quantum operations" is presumed to be difficult to do in practice due to parallelization issues etc.

the elliptic curve signatures (used in Bitcoin) are attacked using Shor's algorithm where the big deal is that it is asymptotically polynomial (about O(n^3)) meaning that factoring a 256-bit number is only 256^3/4^3 = 262144x more difficult compared to factoring 15. this is a big difference from "standard" exponential complexity where the difficulty increases exponentially by factors of 2^n. (+ lets ignore that elliptic curve signatures dont rely on factoring but the problem is essentially the same because Shor does both because those are hidden subgroup problems)

the analysis is more complex but most of it is essentially in that paper and explains it nicely.

New comment by honzaik in "US asked Ukraine for help fighting Iranian drones, Zelensky says"

honzaik — Fri, 06 Mar 2026 09:50:20 +0000

the NYT is reporting this was the US https://www.nytimes.com/2026/03/05/world/middleeast/iran-sch... i recommend employing more critical thinking in the future and less propaganda spreading

New comment by honzaik in "OpenAI needs to raise $207B by 2030 so it can continue to lose money"

honzaik — Wed, 26 Nov 2025 09:45:41 +0000

this comment feels so eerie as I am currently reading Zuboff's "The Age of Surveillance Capitalism," which itself is interesting to read now since its written before the huge AI leap.

Also, it reminded me of the following quote, mentioned in the book, from Langdon Winner

The changes and disruptions that an evolving technology repeatedly caused in modern life were accepted as given or inevitable simply because no one bothered to ask whether there were other possibilities.

New comment by honzaik in "Quantum Computation Lecture Notes (2022)"

honzaik — Thu, 12 Jun 2025 21:23:29 +0000

this may give you an idea about his current outlook https://www.youtube.com/watch?v=DQFyQgA_GE4

New comment by honzaik in "Why cryptography is not based on NP-complete problems"

honzaik — Thu, 13 Feb 2025 09:22:11 +0000

afaik the "right kind of code" does a lot of heavy lifting for practical implementations, such as Classical McEliece.

correct me if I am wrong as I havent spent much time looking into it, but the security analysis essentially says "we assume the Goppa code is indistinguishable from a random code so the best attack is to do generic decoding for a random code (NP-hard problem)". but there is no reduction to some NP-hard problem that Goppa code (the specific code used in Classical McEliece) is indistinguishable.

the assumption is reasonable as nobody has been able to find a distinguisher for decades. also, if a distinguisher exists, it also doesn't translate into a direct attack against the system, it just means you cannot rule out "structural attacks" and jump to NP-hard problem.

New comment by honzaik in "U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report"

honzaik — Thu, 06 Feb 2025 17:15:48 +0000

OK, hoarding discovered zero-days might not be the best strategy, BUT if we actually create a backdoor and don't tell anyone about it, then this should be safer right? right? /s

https://www.wired.com/2015/12/researchers-solve-the-juniper-...

https://en.wikipedia.org/wiki/Dual_EC_DRBG

https://en.wikipedia.org/wiki/Juniper_Networks#ScreenOS_Back...

New comment by honzaik in "Understanding Memory Management, Part 1: C"

honzaik — Fri, 24 Jan 2025 09:35:23 +0000

i am no C programmer, but doesnt the first pseudocode make no sense (and others after since they reuse it)?

  address = X
  length = *X
  address = address + 1
  while length > 0 {
    address = address + 1
    print *address
  }

1) length is never updated so while is infinite loop (if length is not 0)

2) the first character is never output since at address 0 (assuming X=0 at the start) is the value length but then the pointer is incremented twice so the first print *address prints the character at address 2?

if I am mistaken I'd be happy if someone explained why it makes sense

New comment by honzaik in "Benchmarking RSA Key Generation"

honzaik — Fri, 03 Jan 2025 16:09:07 +0000

well, it depends on the size of the quantum computer. of course you can make large enough RSA keys (depends whats your security margin/assumptions) but the problem is that the size/computational increase is exponential whereas the solving speed scales polynomially.

https://eprint.iacr.org/2017/351

New comment by honzaik in "Benchmarking RSA Key Generation"

honzaik — Fri, 03 Jan 2025 16:01:51 +0000

it might be this https://facthacks.cr.yp.to/fermat.html

if N=p*q and p-q < sqrt(p) then its easy to factor

New comment by honzaik in "Hezbollah pager explosions kill several people in Lebanon"

honzaik — Tue, 17 Sep 2024 15:58:43 +0000

It may be a combination of making the battery overheat which would trigger the planted explosives from a supply chain attack. Of course, I am no hardware engineer/bomb expert to know if that is possible.