fuklief | 1 year ago | on: EUCLEAK Side-Channel Attack on the YubiKey 5 Series
fuklief's comments
fuklief | 2 years ago | on: Double encryption: Analyzing the NSA/GCHQ arguments against hybrids
I didn't know US/UK gov were against hybrids. AFAIU, the French and Germans are recommending hybrids as a first step before stand alone PQC [0].
[0]: https://cyber.gouv.fr/en/publications/follow-position-paper-...
fuklief | 2 years ago | on: Enable ARMv9 Memory Tagging Extension (MTE) on Pixel 8
This survey by the same author also provides a good comparison https://saaramar.github.io/memory_safety_blogpost_2022/
fuklief | 2 years ago | on: Compiler Development: Rust or OCaml?
I believe it means flattening the AST, here is a nice blog post about this technique https://www.cs.cornell.edu/~asampson/blog/flattening.html
fuklief | 2 years ago | on: Nvidia’s CEO Is the Uncle of AMD’s CEO
I personally did not know about classes prépa before the last year of high school. I will forever be thankful for my maths teacher who told me about it that year, since I would have probably slacked off at university.
fuklief | 2 years ago | on: Nvidia’s CEO Is the Uncle of AMD’s CEO
- Make them good at science, i.e., Maths and Physics.
- Get them into a decent high school, e.g., Henri 4 or Louis Le Grand in Paris.
- Hope they have good grades and manage to get into a good preparatory class [1], e.g., Henri 4, Louis Le Grand in Paris, or Hoche and Sainte-Geneniève in Versailles.
- Make sure they don't slack off, and hope they get into a good engineer school, e.g., Ecole Polytechnique, Ecole des Mines, Ecole Nationale des Ponts et Chaussés, CentraleSupelec.
(Lists are not exhaustive)
If they manage to get into one of these schools, they will most likely end up not have any difficulty to find a somewhat well-paid job in France.
[1]: https://en.wikipedia.org/wiki/Classe_pr%C3%A9paratoire_aux_g...
fuklief | 2 years ago | on: Your.Online: Gandi continues its development
Maybe they thought it's spelled "your" instead of "you're".
fuklief | 2 years ago | on: Parquet: An efficient, binary file format for table data
> Google put in significant engineering effort into "Ryu", a parsing library for double-precision floating point numbers: https://github.com/ulfjack/ryu
It's not a parsing library, but a printing one, i.e., double -> string. https://github.com/fastfloat/fast_float is a parsing library, i.e., string -> double, not by Google though, but was indeed motivated by parsing JSON fast https://lemire.me/blog/2020/03/10/fast-float-parsing-in-prac...
fuklief | 3 years ago | on: Low-Level Software Security for Compiler Developers
See CHERI and Arm Morello https://www.arm.com/blogs/blueprint/morello
fuklief | 3 years ago | on: AWS Creates New Policy-Based Access Control Language Cedar
> Probably was some dude’s L7 promo project in AWS.
Actually a former CS prof at Maryland moving to industry. https://mhicks.me/
fuklief | 3 years ago | on: How Memory safety approaches speed up and slow down development velocity
> In other words, CHERI can reduce memory-unsafety related slowdowns by two thirds, which is pretty incredible. AMD CPUs are even starting to have hardware support for it, bringing its run-time overhead down to 6.8%.
Source on AMD CPUs having support for CHERI-style capabilities ? Afaik, there is only the Arm Morello prototype out right now and FPGAs.
fuklief | 3 years ago | on: Running Rust on Logic Gates
I believe it means High Level Synthesis in this context.
fuklief | 3 years ago | on: Billing systems are a nightmare for engineers
You might be interested in [Catala](https://catala-lang.org/en/), a domain specific language for implementing legislative texts. Iirc, they have worked on the french tax code, and are starting on the us one now.
fuklief | 4 years ago | on: Using Computer Modern on the web (2013)
I'm using the following for fonts.
\usepackage[T1]{fontenc}
\usepackage[utf8]{inputenc}
\usepackage[largesc]{newpxtext}
\usepackage{newpxmath}
\usepackage[supsfam=newpx]{superiors}fuklief | 4 years ago | on: SeL4 on RISC-V Verified to Binary Code
Would virtual memory still be necessary on a capability machine architecture [0] ? My understanding is that would not be the case since all programs can only access memory that's been allocated to it. By definition, capabilities cannot be created out of thin air like pointers can be ?
[0]: https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/
fuklief | 4 years ago | on: SeL4 on RISC-V Verified to Binary Code
By "register allocation verifier", I meant the checker as mentioned in the post you quote.
fuklief | 4 years ago | on: SeL4 on RISC-V Verified to Binary Code
In CompCert's case though, the register allocation verifier itself is verified. I'm not so sure the SMT solver used here are.
fuklief | 4 years ago | on: Preparing Rustls for Wider Adoption
Word on the block is that there is a RFC to add support for secret types in LLVM, and Rust is waiting for them to also provide it in Rust [0].
fuklief | 5 years ago | on: Lion: A formally verified, 5-stage pipeline RISC-V core
> ... leakage by timing side-channels depends in parts on how accurate your time-measurements are (e.g. Javascript's timer resolution was degraded, in order to make transient failure attacks like Spectre harder [1]).
But that doesn't matter if how long it takes for your instructions to execute is data independent, no ?
fuklief | 5 years ago | on: Lion: A formally verified, 5-stage pipeline RISC-V core
So what kind of formal verification is it ? Is it proof assistant, model checking ?
And what does it verify ? It's not really clear from a first glance.
page 1
Crypto noob here, but isn't modular inverse the same as modular exponentiation through Fermat's little theorem? I.e., x^-1 mod n is the same as computing x^{n - 2} mod n which we know how to do in a constant-time way with a Montgomery ladder. Or is that too slow?