top | item 45845278

(no title)

hiisukun | 3 months ago

It's not new, and some people would disagree on some minor elements -- but a good place to start was regularly this blog from approximately Matasano/NCC Group members, called Cryptographic Right Answers [1]. It's very clear, gives straight forward answers in clear fashion -- and with multiple opinions often aligning.

It was updated a few times, I wonder if the equivalent exists for PQ?

Edit/Update: Found the PQ one @ [2], definitely check it out!

Maybe I'm mis-remembering, but perhaps the most controversial element was the regular recommendation of AES-GCM. It certainly has excellent security properties, but also a certain brittleness re: nonces.

[1] https://www.latacora.com/blog/2018/04/03/cryptographic-right... [2] https://www.latacora.com/blog/2024/07/29/crypto-right-answer...

discuss

michaelscott|3 months ago

I think this is a primary reason why there is no real "cheatsheet" for this stuff. The application of a given algo (and even what types of inputs you provide) are heavily dependent on the detailed specifics of your use case and how you apply them

thadt|3 months ago

> Random IDs > Latacora, 2018: Use 256-bit random numbers.

> Latacora, 2024: You should get 100 lava lamps, point a camera to them and use the frames as seed for a PRNG.

Man, is my boss gonna be surprised what's getting requisition ordered this morning.

michaelscott|3 months ago

This is how Cloudflare does (did?) PRNG