grittygrease | 6 years ago | on: Introducing time.cloudflare.com
It's harder to publish papers that attack a system that is already secure.
grittygrease's comments
grittygrease | 6 years ago | on: Speech2Face: Learning the Face Behind a Voice
Wow. It looks like my image and voice were used in this study. I was never contacted.
grittygrease | 7 years ago | on: Introducing Cloudflare’s IPFS Gateway
This browser extension can help you guarantee e2e integrity in the meantime: https://blog.cloudflare.com/e2e-integrity/
grittygrease | 7 years ago | on: Dear customers of Cloudflare: an appeal regarding Tor
The main problem with whitelisting Tor is that you open the door to abuse.
Cloudflare is working on a new solution to this problem that allows us to differentiate between abusive visitors and legitimate users without de-anonymizing them.
If you’re a Cloudflare user and want to sign up for this feature, email [email protected] for details.
grittygrease | 8 years ago | on: NIST Post-Quantum Cryptography Round 1 Submissions
Cloudflare has a Go implementation of SIDH with p751:
https://blog.cloudflare.com/sidh-go/
Here’s an overview of the performance from a patch by Armando Faz Hernandez: https://github.com/cloudflare/p751sidh/pull/2
grittygrease | 9 years ago | on: Rustls: new, modern TLS library written in Rust
tls13.cloudflare.com now speaks draft 13
grittygrease | 10 years ago | on: Why it’s harder to forge a SHA-1 certificate than to find a SHA-1 collision
Good catch. CloudFlare's optimizations are often too good for their own good. Fixing.
grittygrease | 10 years ago | on: Go crypto: bridging the performance gap
The OpenSSL AES-GCM and P256 assembly code was also written by Vlad. There's no better person to write the Golang version.
grittygrease | 11 years ago
This is something more people should pay attention to when implementing forward secrecy. Session resumption counteracts forward secrecy when done incorrectly.
grittygrease | 11 years ago | on: Announcing Keyless SSL
The key server only accepts mutually authenticated TLS 1.2 connections with a strong cipher suite. We also require both certificates to be signed by CloudFlare's internal Certificate Authority.
grittygrease | 11 years ago | on: Announcing Keyless SSL
Breaking into a CloudFlare server does not get you this private key. CloudFlare does not keep this authentication key unencrypted on disk.
grittygrease | 11 years ago | on: Introducing CFSSL – CloudFlare's PKI toolkit
We find that Android 2.2 and 2.3 are also relevant platforms that require alternative toolchains. Upgrades are not possible for many of these devices.
As for setting up your CA, openssl's command line interface can be very clunky. CFSSL not only has a clean and simple command line interface, but it has a nice RESTful JSON API for simple integration into web services.
grittygrease | 11 years ago | on: Cloudflare crypto meetup
Sign up for the next one on July 16 here:
http://www.meetup.com/CloudFlare-Meetups/events/191252182/
grittygrease | 12 years ago | on: OpenSSL Heartbleed Security Update
Thanks for the update. Happy revocation day!
grittygrease | 12 years ago | on: OpenSSL Heartbleed Security Update
The CSR contains the public key for a unique private key. How do you have a new private key with an old CSR?
grittygrease | 12 years ago | on: OpenSSL Heartbleed Security Update
This is completely the wrong approach. Your private key might have been compromised and you're generating another certificate for the same compromised private key? What is that supposed to do?
grittygrease | 12 years ago | on: OpenSSL Security Advisory: TLS heartbeat read overrun
If your site is protected by CloudFlare (like HN is), you are automatically protected from this vulnerability (see: http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerab...).
grittygrease | 12 years ago | on: Red October crypto app adopts “two-man rule” used to launch nukes
Not currently, but the system is open source and designed to be easily extensible.
page 1