Sven Slootweg @joepie91@pixie.town
- Website
- http://cryto.net/~joepie91/
- Matrix
- @joepie91:pixie.town
- Pronouns
- they/them, he/him, whatever, it's not like I have any idea either 🙃
Technical debt collector and general hype-hater. Early 30s, non-binary, ND, poly, relationship anarchist, generally queer.
- No alt text (request) = no boost.
- Boosts OK for all boostable posts.
- DMs are open.
- Flirting welcome, but be explicit if you want something out of it!
- The devil doesn't need an advocate; no combative arguing in my mentions.
Sometimes horny on main (behind CW), very much into kink (bondage, freeuse, CNC, and other stuff), and believe it or not, very much a submissive bottom :p
My spoons are limited, so I may not always have the energy to respond to messages.
Strong views about abolishing oppression, hierarchy, agency, and self-governance - but I also trust people by default and give them room to grow, unless they give me reason not to. That all also applies to technology and how it's built.
Joined Aug 2019
@dequbed The honest answer is that I have no idea :)
My rationale was something along the lines of: stay as close as possible to the standard recommended approach, and verify that specific deviations do not break the security model (I do not like rolling my own crypto).
By that reasoning, the closest thing that does what I want is "it still has a nonce, but it can be derived from the content/key". It's very possible that that's functionally indistinguishable from a nonce of zero - I simply don't know whether that is true! And so I did not take that step in my approach (yet).
@bananas If I can find the relevant documentation, yes 😅
@bananas Isn't a content-derived key scheme inherently secure against those types of attacks (as long as the hash function is)? As there is no way to obtain different ciphertexts from the same key
@unnick Huh. Isn't ed25519 public-key crypto rather than secret-key?
@bananas Yep, I'm aware of confirmation attacks - in this case, that's an acceptable weakness in the scheme (as it seems to be unavoidable if you want convergent encryption)
@benaryorg (Which has been an absolute pain in the design process, but that's a different discussion 🙃)
@benaryorg That's not sufficiently deterministic for my case, unfortunately; part of the protocol involves "checking if encrypted/sharded chunks already exist in the storage cluster, before uploading anything", for which the whole process (encoding, encryption, sharding) needs to be fully deterministic with zero 'external' malleable factors
@benaryorg The problem is that just about everything seems to require a nonce nowadays. Which is understandable, given how important it is for typical cases, but convergent encryption is very much an edgecase.
@bananas Right, but I'm looking to understand the actual cryptographic implications, rather than just following a rule of thumb, which may or may not apply here.
My understanding, for example, is that the *reason* for nonces being single-use, is that if you reuse them across plaintexts/ciphertexts, you can end up divulging information about the key used. But in this case, there is still a guarantee that they are not reused between *different* plaintexts, only identical ones (since it is derived from the plaintext with a cryptographic hash).
So does that mean that the actual necessary property of a nonce is still upheld here? Or is there some *other* reason why nonces need to be unique, that this is not accounting for?
#Cryptography question: I would like to use libsodium for secret-key encryption, but it requires a nonce, and I need the encryption to be deterministic/convergent (for deduplication).
Is "deriving the nonce from the data by hashing it" a reasonable solution to this problem, or does that have some issue I am not aware of?
Sven Slootweg
boosted
#OH: a transfem card costs 49eur in germany i think
@Sh41 @aral That's their problem, though, and they shouldn't make their ignorance the problem of marginalized folks. The effect is the same regardless of whether it's with malice or not.
By all means, if you can afford the time and energy, try and turn people around, because yes, it's often possible. But it's not a thing you can expect of anyone else, and it's not helpful to raise it as a 'defense' against this sort of criticism.
re: Neil Gaiman
@afewbugs It doesn't make the problem you describe any less real, of course, and there are much longer conversations that can be had about "watching things from shitty creators" in general, but perhaps piracy could serve as an individual immediate-term solution?
@Qyriad@chaos.social (I've long been experiencing browser-breaking issues about once a day with Firefox, often seems like some kind of internal IPC process crashes and some UI / notification integration / set of tabs / whatever just freezes up permanently, but that's been true in X11 and remains true under Wayland, and has been a problem for years now)
@Qyriad@chaos.social Firefox has been giving me trouble since forever, previously under KWin X11, but under KWin Wayland it has grown a new failure mode - constant intermittent <1 sec freezes of the (UI/page) rendering (sound and background processes not affected), and occasional total hangs of videos on YouTube until I refresh the page or change the video stream. NixOS stable with amdgpu.
Sven Slootweg
boosted
🦾 How Much Is a Browser Worth?
ᐅ @wezm
「 Apparently people are excited about funding independent browser efforts this week. I have little interest in funding yet another browser built in C++ in 2024 but Servo is still alive. Since Mozilla refuse to let us directly fund Firefox I shall set up a recurring donation to Servo 」
https://www.wezm.net/v2/posts/2024/how-much-is-a-browser-worth/
re: CW-boost: nlpol
@bananas I wonder if we might actually end up beating Liz Truss
re: CW-boost: nlpol
I don't think we're allowed to make fun of Belgian politics anymore, going forward
@kescher Apparently Network Solutions suspended their domain due to a bodged phishing complaint, and is not responding to attempts to get it unsuspended...
which is pretty hilarious considering it's very likely that HE folks and Network Solutions folks have likely literally sat next to each other at some conference table in the past, I don't understand how they could fuck that one up
- Website
- http://cryto.net/~joepie91/
- Matrix
- @joepie91:pixie.town
- Pronouns
- they/them, he/him, whatever, it's not like I have any idea either 🙃
Technical debt collector and general hype-hater. Early 30s, non-binary, ND, poly, relationship anarchist, generally queer.
- No alt text (request) = no boost.
- Boosts OK for all boostable posts.
- DMs are open.
- Flirting welcome, but be explicit if you want something out of it!
- The devil doesn't need an advocate; no combative arguing in my mentions.
Sometimes horny on main (behind CW), very much into kink (bondage, freeuse, CNC, and other stuff), and believe it or not, very much a submissive bottom :p
My spoons are limited, so I may not always have the energy to respond to messages.
Strong views about abolishing oppression, hierarchy, agency, and self-governance - but I also trust people by default and give them room to grow, unless they give me reason not to. That all also applies to technology and how it's built.
Joined Aug 2019
