For the most part, I agree with my fellow cryptography engineers that the best approach to using FN-DSA is to not. However, prohibition is a failed approach, whether we are talking about drugs or about cryptography, so, in the interest of harm reduction, here are the essential caveats for anyone who wants to use FN-DSA, so that they can do so as safely as possible.
Links
RSS feedA feed of recommended external reading
I played around with exe.dev this weekend and I’m loving
it so far - hopefully I’ll find the brain space to write about my adventures.
In the meantime, this post from David Adrian demonstrates why exe.dev is worth
paying attention to among the ocean of ai-hyped infra bets: it’s all in
the details.
For no particular reason, I got around to finally reviewing this article from the uv maintainers. Excellent advice.
A good reminder.
Modern ML models are astonishingly capable, and they are also blithering idiots. This should not be even slightly controversial.
Kyle Kingsbury recently released the last section of this excellent essay. One of the better attempts to find a common ground between nuance and truth in this rapidly shifting new world. Too much for one sitting? The pdf and epub options are great!
Some humans are full of LLM-generated material now too—a sort of cognitive microplastics problem.
From Mario Zechner, the creator of the pi coding agent. One of the better actors when it comes to forming nuanced takes on this rapidly changing, grifter friendly world.
Did recent events leave you wondering “how could LLMs be useful for spying on citizens”? Here’s just one concrete example.
We show that from a handful of comments, LLMs can infer where you live, what you do, and your interests – then search for you on the web. In our new research, we show that this is not only possible but increasingly practical.
Check out the full paper for details.
Buddy Guy brought the house down at Tiny Desk, with a feature from rising-superstar Miles Caton.
Once again, thank you Sinners.
When you overload a credential used for authentication by also using it for encryption, the ‘blast radius’ for losing that credential becomes immeasurably larger.
Password managers are an important area with surprisingly little formal analysis and this work emphasized the importance of fixing that.
To be presented at Real World Crypto 2026 and published at USENIX Security 2026.
Full paper can be found here: https://eprint.iacr.org/2026/058.
Bitwarden’s blog post on the subject is here: https://bitwarden.com/blog/security-through-transparency-eth-zurich-audits-bitwarden-cryptography/1.
Specific remediation details can be found in the report linked at the end. ↩︎
via Bas Westerbaan
A curated and crowdsourced list of ~*fancy*~ cryptography protocols, currently deployed at scale.
Some rabbit holes I’m falling down:
A super bowl chaser. The only thing more powerful than hate is love.
It’s been more than forty years since Ken Thompson delivered his famous talk, “Reflections on Trusting Trust“, which pointed out how there is no avoiding some level of trust. Hence the question here is not: should we trust someone. That decision is already taken. It’s: should we trust that WhatsApp is not running the biggest fraud in technology history.
Advice as old as time but I often forget. Placed well in the context of today’s workplace.
The EFF also has an age verification resource hub. As usual, it’s full of good resources and advice.
The jobs that were dependent on fundamentals of software aren’t going to stop being dependent on fundamentals of software … if you like doing software development, I don’t think interesting software development jobs are going to go away.
More recommended reading linked within:
Daniel Caesar returned to Tiny Desk this week 😌
Also worth revisiting his first appearance from 2018: https://youtu.be/PBKa-AAy_vo
Hidden in storage, a University of Utah research associate happened upon the only known copy of this ‘revolutionary’ software
Stories like this revitalize my love for computing PLUS it’s great seeing the Flux research group highlighted 🫶.
One way to tell a weak engineer in a discussion thread about some problem is to see who is bringing in specific facts about how the system currently works, and who is making purely general recommendations that could apply to any system. If their messages could all be public tweets, they’re probably not adding much value.
A cool reminder that Let’s Encrypt, Divvi Up, and Prossimo are all run by the same org.
Ivan Krstić at Black Hat 2016, video available
The legendary Melissa Chase recently gave a perfect introduction to Key Transparency, including recent results/active areas.
We need to deliver code that works—and we need to include proof that it works as well. Not doing that directly shifts the burden of the actual work to whoever is expected to review our code.
Cryptography-specific chaser: Implementing As-Safe-As-Possible, Misuse-Resistant Cryptographic Libraries: Part I.
JP Aumasson on Too Much Crypto in 2025:
Too Much Crypto hasnt aged …
\[as expected, just diminishing returns from incremental high-complexity/memory cryptanalysis.\]
Add asserts everywhere.
Also see matklad’s What is an Invariant?.
From USENIX Security 2005!
without [secure deallocation], data can remain in memory for days or weeks, even persisting across reboots.
The span from first write to last read is the ideal lifetime. The data must exist in the system at least this long. The span from first write to deallocation is the secure deallocation lifetime. The span from first write to the first write of the next allocation is the natural lifetime. Because programs often rely on reallocation and overwrite to eliminate sensitive data, the natural lifetime is the expected data lifetime in systems without secure deallocation.