Hacker News: some_furry

New comment by some_furry in "A cryptography engineer's perspective on quantum computing timelines"

some_furry — Mon, 06 Apr 2026 18:33:43 +0000

Which governments are you thinking of?

New comment by some_furry in "Why Switzerland has 25 Gbit internet and America doesn't"

some_furry — Mon, 06 Apr 2026 00:38:51 +0000

Another thing that I think Europeans often fail to take into consideration is scale.

USA: 9,147,590 km^2

Switzerland: 41,295 km^2

That's a factor of 221.5 to 1.

New comment by some_furry in "Securing Elliptic Curve Cryptocurrencies Against Quantum Vulnerabilities [pdf]"

some_furry — Tue, 31 Mar 2026 19:18:31 +0000

What?

Quantum computers don't break SHA256, nor would this attack be "reasonably attributable" to a SHA256 break.

In fact, if you have funds in a wallet that has never spent a transaction before (only received), it's still reasonably difficult for a CRQC to steal your funds. The trick is, the moment you've ever spent a transaction, now your public key is known (and therefore breakable).

(Yes, I'm aware of the literature on quantum search vs hash functions, but it's not a complete break like RSA or ECC.)

New comment by some_furry in "Why did the chicken cross the road?"

some_furry — Wed, 25 Mar 2026 13:43:48 +0000

The Other Side = the "afterlife" apparently

New comment by some_furry in "WolfGuard: WireGuard with FIPS 140-3 cryptography"

some_furry — Tue, 24 Mar 2026 18:45:56 +0000

No.

Getting a crypto module validated by FIPS 140-3 simply lets you sell to the US Government (something something FedRAMP). It doesn't give you better assurance in the actual security of your designs or implementations, just verifies that you're using algorithms the US government has blessed for use in validated modules, in a way that an independent lab has said "LGTM".

You generally want to layer your compliance (FIPS, etc.) with actual assurance practices.

New comment by some_furry in "Convincing Is Not Persuading"

some_furry — Sun, 22 Mar 2026 14:37:51 +0000

And the people who repeat such statements uncritically to their reports will also get mildly annoyed when they have no Earthly clue what that actually means.

New comment by some_furry in "Cert Authorities Check for DNSSEC from Today"

some_furry — Mon, 16 Mar 2026 19:16:20 +0000

> "Bloats record sizes"

> - ECC sigs can be sent in a single packet.

It's 2026. If you're deploying a cryptosystem and not considering post-quantum in your analysis, you'd best have a damn good reason.

ECC signs might be small, but the world will be moving to ML-DSA-44 in the near future. That needs to be in your calculus.

New comment by some_furry in "E2E encrypted messaging on Instagram will no longer be supported after 8 May"

some_furry — Fri, 13 Mar 2026 13:50:13 +0000

I wonder if this is the start of a trend or just a one-off?

New comment by some_furry in "CBP tapped into the online advertising ecosystem to track peoples’ movements"

some_furry — Fri, 06 Mar 2026 03:38:14 +0000

It starts with you. Doesn't matter if others won't. You can't expect anything to chamge if you, yourself, are not willing to change.

New comment by some_furry in "CBP tapped into the online advertising ecosystem to track peoples’ movements"

some_furry — Thu, 05 Mar 2026 23:57:53 +0000

There are dozens of us!

But, yeah, anti-fingerprinting is still a useful signal if less people do it. So more people should do it; especially if they're less likely to be targeted.

"More haystack" makes their job harder.

New comment by some_furry in "Meta’s AI smart glasses and data privacy concerns"

some_furry — Tue, 03 Mar 2026 01:06:41 +0000

Good reporting, but this has always been Meta's M.O. so I'm really not surprised.

The sooner we collectively stop trusting them (and maybe even actively campaign to have the U.S. government meaningfully regulate them), the better.

Personally, I would like to see the company stop existing and its executive board destitute.

New comment by some_furry in "“Microslop” filtered in the official Microsoft Copilot Discord server"

some_furry — Mon, 02 Mar 2026 16:10:25 +0000

I guess I'll have to go out of my way to refer to their shitty product as "Microslop Copilot" then.

What are they going to do? Ban me from using their operating system?

New comment by some_furry in "This time is different"

some_furry — Thu, 26 Feb 2026 17:19:00 +0000

Usually HN only auto-edits on first submission. If you go in and undo it manually as the submitter, you can force it to read how you intend.

Cryptography Engineering Has an Intrinsic Duty of Care

some_furry — Thu, 26 Feb 2026 16:25:47 +0000

Article URL: https://soatok.blog/2026/02/25/cryptography-engineering-has-an-intrinsic-duty-of-care/

Comments URL: https://news.ycombinator.com/item?id=47168206

Points: 8

# Comments: 0

New comment by some_furry in "Hegseth gives Anthropic until Friday to back down on AI safeguards"

some_furry — Tue, 24 Feb 2026 21:20:52 +0000

Daria was ahead of its time.

New comment by some_furry in "Hacker News.love – 22 projects Hacker News didn't love"

some_furry — Mon, 23 Feb 2026 15:04:38 +0000

I still dislike almost everything on that list (GitHub is still the least bad offender so far).

New comment by some_furry in "Analysis of reported issues in vodozemac (In response to Soatok post)"

some_furry — Thu, 19 Feb 2026 02:22:49 +0000

A disappointing response. Like, yeah, it checks all the PR speak boxes, but the substance is disappointing.

See https://soatok.blog/2026/02/17/cryptographic-issues-in-matri...

New comment by some_furry in "Cryptographic Issues in Matrix's Rust Library Vodozemac"

some_furry — Thu, 19 Feb 2026 02:22:04 +0000

https://soatok.blog/2026/02/17/cryptographic-issues-in-matri...

New comment by some_furry in "Cryptographic Issues in Matrix's Rust Library Vodozemac"

some_furry — Wed, 18 Feb 2026 23:28:31 +0000

https://soatok.blog/2026/02/17/cryptographic-issues-in-matri...

New comment by some_furry in "Cryptographic Issues in Matrix's Rust Library Vodozemac"

some_furry — Wed, 18 Feb 2026 17:05:07 +0000

> It explains why the implementation can produce a fixed secret under malicious input, and that there’s an RFC saying “don’t implement it like this” but not what effect it has on the security of the system.

https://soatok.blog/2026/02/17/cryptographic-issues-in-matri...