Cryptography – WindowsTechs.com

Why ProtonDrive uses so many layers of encryption that looks redundant

Posted on April 8, 2025 by Dana v

I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security
Files and folders are structured in a tree and called nodes. Each node (file/folder) have a password and asymmetric … Continue reading Why ProtonDrive uses so many layers of encryption that looks redundant→

AIs as Trusted Third Parties

Posted on March 28, 2025 by Bruce Schneier

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties:

Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them…

Continue reading AIs as Trusted Third Parties→

Is there any reason to choose A256GCMKW over A256KW in JSON Web Encryption?

Posted on March 27, 2025 by Simon Kissane

When implementing JSON Web Encryption (JWE), I understand the reasons why you might choose A256KW over DIR. But, now I notice there is also A256GCMKW as an optional part of the JWE standard (see RFC7518 page 19 which defines it in detail, … Continue reading Is there any reason to choose A256GCMKW over A256KW in JSON Web Encryption?→

GPG: importing a friend’s signature on my public key demotes "ultimate" to "full"

Posted on March 22, 2025 by Tom Stepleton

This may be a newbie question. A friend ("Bob") and I have tried to sign each others’ keys according to these instructions. I want to get Bob’s signature on my public key into my own keychain. We get to step 6, where Bob has sent… Continue reading GPG: importing a friend’s signature on my public key demotes "ultimate" to "full"→

NCSC Releases Post-Quantum Cryptography Timeline

Posted on March 21, 2025 by Bruce Schneier

The UK’s National Computer Security Center (part of GCHQ) released a timeline—also see their blog post—for migration to quantum-computer-resistant cryptography.
It even made The Guardian.
Continue reading NCSC Releases Post-Quantum Cryptography Timeline→

Stega’nography in the Bitcoin White Paper? [closed]

Posted on March 14, 2025 by explrr

Steg Puzzle in the Bitcoin WP? (Decoded)
Check my answer or solve independently.

I’m pretty new to steg having only recently seen it in the wild.
I found on some mailing lists and a few other forums at the end of last year. I didn’t think… Continue reading Stega’nography in the Bitcoin White Paper? [closed]→

What are some reliable and well-maintained Post-Quantum Cryptography (PQC) libraries with Go support? [closed]

Posted on March 10, 2025 by Geek

I am looking for reputable libraries or solution providers that offer reliable, well-maintained, and well-documented implementations of post-quantum cryptographic (PQC) algorithms. Specifically, I am interested in:

Digital signature schem… Continue reading What are some reliable and well-maintained Post-Quantum Cryptography (PQC) libraries with Go support? [closed]→

What does the parallelism parameter in memory-hard password hashing algorithms adjust?

Posted on March 8, 2025 by The Death Sidius

When I change the parallelism parameter on Scrypt or on Argon2, which processing unit’s threads do I influence? The CPU’s threads? The GPU’s threads? How does this all work?

Continue reading What does the parallelism parameter in memory-hard password hashing algorithms adjust?→

StreamCipher security when you reuse keys [migrated]

Posted on March 7, 2025 by Jane Tran

Is a stream cipher secure if one uses the same key to encrypt many files (image, text, audio,..)?

Continue reading StreamCipher security when you reuse keys [migrated]→

Combined Crypto, Anglo-American Style

Posted on March 7, 2025 by Al Williams

If you think about military crypto machines, you probably think about the infamous Enigma machine. However, as [Christos T.] reminds us, there were many others and, in particular, the production …read more Continue reading Combined Crypto, Anglo-American Style→