Security Cryptography Whatever

https://t.co/EKmiAoYBzX

You can check out co-lead of this report Nicholas Carlini detailing his approach to finding vulns with models like Mythos in our latest episode

If you visibly know what you're talking about, mic-dropping SIDH in conversations about MLKEM mostly signals that you have contempt for your audience, who you count on not to understand the distinction between isogenies and lattices.

It would help a lot if people would stop name-dropping SIDH any time anybody talks about how well we understand MLKEM (the Euro-sourced NIST contest winner, which we understand *quite* well).

This sounds obvious but I can't count how many people I've seen show up to say PQC is untrustworthy because SIDH was broken with a laptop. SIDH being broken says nothing about how safe/unsafe PQC is generally.

PQC isn't like a design philosophy, like Feistel vs. SPNs or FFDH vs. ECDH. It's a property some constructions have that others don't, about perceived/believed resistance to QC.

A thing you see over and over again in HN-type discussions of post-quantum cryptography is the implication that "post-quantum" is a kind of cryptography. No. PQC is a functional attribute of many different kinds of cryptography.

Fun time to be working in information/software security. The field is going out with a bang! First AI, then an imminent CRQC. We need, like, a big SCADA event to hit the trifecta.

Frankly, I'm appalled by the prospect of LLMs taking offensive security research jobs from honest, hard-working fuzzers

Yeah, so, I'm going to have more to say about this later, but, for now... yeah. https://t.co/VVeiChX5QF

NEW EPISODE! In retrospect, if adderall'd up college kids can find vulnerabilities, it not that surprising today's foundation models can to. We talk to Nicholas Carlini about the Vulnpocalypse. https://t.co/hRzyWsKRR0

https://t.co/QXsdpdhs2R