Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.
Quick access to articles on this page:
more on the next page...
I wanted to learn Python, so a few months ago (I forgot to post about it here!) I redid my old blog in Django.
It's way different than PHP but it was a lot of fun :) I love learning different technologies. You can check it out here but be careful, it's in french!
Here's a list of what I want to learn right now:
I recently advised a colleague to try Brackets since he's learning html, css, etc...
But I've never really used it myself for a project. I've tried it, found it really cool, but never had a chance to start a project with it yet. As I was trying to convince my colleague to give it a try I ran into this cool video from Jeffrey Way the guy who made Tutsplus (and the amazing sublime text tutorial) Check it out!
comment on this storyThere's a few reasons for this. First, the Tarsnap client-server protocol does not use TLS
I was also lucky: The Tarsnap webserver happens to be running an older version of OpenSSL which never had the vulnerable code
http://www.daemonology.net/blog/2014-04-09-tarsnap-no-heartbleed-here.html
For those who are curious about the protocol that Tarsnap uses : it's explained here
comment on this storySo, I've learned about Fourier every year in my bachelor of Mathematics and I'm learning about the efficient algorithm dealing with the Fourier Transform in my class of Algebra right now.
I found a really nice video explaining really quick what it is, concretely.
Here's wikipedia way of showing that 
made by LucasVB, this crazy guy doing all those math gifs you've probably seen before :) more here
There's also a visualization in d3.js here: http://bl.ocks.org/jinroh/7524988
comment on this storyI remember reading about how the newly facebook chat was made using long pollings, years ago. Now with HTML5 with have sockets and webhooks made easy. I wonder if they're still using long polling now...
Anyway, Zapier. A start up that is making APIs easy, is writing a lot of interesting tutorials these last few months. Their new Chapter 7 was released and it's about polling and web hooks. And as usual it's great!
https://zapier.com/learn/apis/chapter-7-real-time-communication
1 commentAfter messing around with this code for about a month I decided to write this up for the tubes in the hope that I can save some souls. I have come to the conclusion that OpenSSL is equivalent to monkeys throwing feces at the wall. It is, bar none, the worst library I have ever worked with. I can not believe that the internet is running on such a ridiculous complex and gratuitously stupid piece of code. Since circa 1998 the whole world has been trusting their secure communications to this impenetrable morass that calls itself the "OpenSSL" project. I bet that the doctors that work on that shitshow can not prescribe anything useful either!
worrying essay, read it here: https://www.peereboom.us/assl/assl/html/openssl.html
comment on this storyWe have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
A pretty bad bug has been found in open SSL during the Codenomicon. more info here: http://heartbleed.com/
List of vulnerable websites from the Alexa top 10,000 websites: https://gist.github.com/dberkholz/10169691
You can test a website here: http://filippo.io/Heartbleed/
And also, if you have a lot of time to waste, this random dude seems to know a lot about it :D
comment on this storyA great article from AskAmathematician about true randomness.
The question is actually geared towards physicists and the tl;dr is: true randomness exists. Take that causality believers.
And as I expected, the experience to prove this is done with photons:
http://www.askamathematician.com/2009/12/q-do-physicists-really-believe-in-true-randomness/
comment on this story
My book Real-World Cryptography is finished and shipping! You can purchase it here.
If you don't know where to start, you might want to check these popular articles:
Here are the latest links posted:
You can also suggest a link.