7 Jul 2025
You Should Run a Certificate Transparency Log
31 Dec 2024
Benchmarking RSA Key Generation
5 Dec 2024
frood, an Alpine initramfs NAS
9 Oct 2024
Accumulated Test Vectors
25 Sep 2024
The FIPS Compliance of HKDF
21 Aug 2024
Let’s All Agree to Use Seeds as ML-KEM Keys
17 Jul 2024
age Plugins
8 Jul 2024
Geomys, a blueprint for a sustainable open source maintenance firm
26 Jun 2024
XAES-256-GCM
6 Apr 2024
My Maintenance Policy
14 Feb 2024
PINs for Cryptography with Hardware Secure Elements
30 Jan 2024
Post-quantum Cryptography for the Go Ecosystem
7 Nov 2023
Enough Polynomials and Linear Algebra to Implement Kyber
24 Oct 2023
Why We Don’t Generate Elliptic Curves Every Day
5 Oct 2023
Announcing the $12k NIST Elliptic Curves Seeds Bounty
6 Jul 2023
I want XAES-256-GCM/11
11 Apr 2023
A Cryptographic Near Miss
23 Mar 2023
Planning Go 1.21 Cryptography Work
3 Mar 2023
Avoid The Randomness From The Sky
2 Feb 2023
I’m Now a Full-Time Professional Open Source Maintainer
8 Jan 2023
ssh whoami.filippo.io
4 Jan 2023
Go 1.20 Cryptography
28 Dec 2022
My age+YubiKeys Password Management Solution
9 Nov 2022
A GC-Friendly Go Interning Cache
2 Nov 2022
Why Did the OpenSSL Punycode Vulnerability Happen
26 Oct 2022
The Reciprocal Value of Access to Maintainers
29 Sep 2022
age and Authenticated Encryption
12 Sep 2022
Planning Go 1.20 Cryptography Work
4 Aug 2022
A Wide Reduction Trick
29 Jul 2022
KEMs and Post-Quantum age
17 Mar 2022
How to pay professional maintainers
11 Dec 2021
Professional maintainers: a wake-up call
16 Sep 2021
From the Go Blog: Automatic Cipher Suite Ordering in crypto/tls
10 Jan 2021
The Most Backdoor-Looking Bug I’ve Ever Seen
18 Dec 2020
Re-Deriving the edwards25519 Decoding Formulas
8 Oct 2020
Reconstruct Instead of Validating
8 Sep 2020
NaCl Is Not a High-Level API
22 Aug 2020
Registries Considered Harmful
19 Jul 2020
Replace PGP With an HTTPS Form
4 Jul 2020
DSA Is Past Its Prime
27 May 2020
Is X25519 Associative? Sometimes!
24 Apr 2020
OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys
18 Apr 2020
Hacking together a USB-C charger for a cheap Chromebook
15 Mar 2020
Install Go tools from modules with brew-gomod
28 Feb 2020
New Crypto in Go 1.14
10 Feb 2020
The Linux CSPRNG Is Now Good!
18 Jul 2019
Efficient Go APIs with the mid-stack inliner
6 Jul 2019
Hello World, and OpenPGP Is Broken
18 May 2019
Using Ed25519 signing keys for encryption
2 Apr 2019
A Go implementation of Poly1305 that makes sense
7 Jan 2019
mkcert: valid HTTPS certificates for localhost
10 Sep 2018
Touch-to-operate password-store with YubiKey 4
3 May 2018
Making a Gmail bot with Apps Script and TypeScript
7 Feb 2018
Easy Windows and Linux cross-compilers for macOS
14 Oct 2017
Live streaming Cryptopals
4 Oct 2017
The scrypt parameters
28 Sep 2017
We need to talk about Session Tickets
16 Sep 2017
A secure captive portal browser with automatic DNS detection
6 Sep 2017
Playing with kernel TLS in Linux 4.13 and Go
29 Aug 2017
restic cryptography
15 Aug 2017
rustgo: calling Rust from Go with near-zero overhead
12 Aug 2017
Cleaning up my GOPATH with Homebrew
23 Apr 2017
Reproducing Go binaries byte-by-byte
31 Mar 2017
Setting a custom FileVault (macOS FDE) passphrase
9 Feb 2017
Finding Ticketbleed
7 Feb 2017
Go Time #32 - Hellogopher, whosthere?
1 Feb 2017
TLS 1.3 at 33c3
23 Jan 2017
How to protect yourself from the WebEx extension
2 Jan 2017
So you want to expose Go on the Internet
6 Dec 2016
I'm giving up on PGP
12 Oct 2016
TLS nonce-nse
24 Sep 2016
An overview of TLS 1.3
31 Aug 2016
So I lost my OpenBSD FDE password
18 Jul 2016
The complete guide to Go net/http timeouts
5 Jul 2016
Securing a travel iPhone
3 Jul 2016
Analyzing Go Vendoring with BigQuery
2 Jul 2016
git fixup: --amend for older commits
12 Jun 2016
Stale GOROOT and gorebuild
26 May 2016
Untrusting an intermediate CA on OS X
9 May 2016
Self-host analytics for better privacy and accuracy
9 May 2016
vendorcheck: the simplest Go static analysis tool
7 May 2016
"LuckyMinus20": Yet Another Padding Oracle in OpenSSL CBC Cipher Suites
17 Apr 2016
Shrink your Go binaries with this one weird trick
4 Apr 2016
Understanding Metrics in the Age of the TSDB
23 Mar 2016
Technical notes: mixing speaker and slides recording with FFmpeg
22 Jan 2016
Coverage for end-to-end tests of Go programs
5 Jan 2016
Bleichenbacher'06 signature forgery in python-rsa
18 Dec 2015
Most Go tools now work with GO15VENDOREXPERIMENT
8 Dec 2015
SSLv2 redux: patching Go crypto/tls to work with IE6
11 Nov 2015
"Automated Testing with go-fuzz" @ GothamGo
29 Oct 2015
Creative foot-shooting with Go RWMutex
25 Aug 2015
Building Python modules with Go 1.5
6 Aug 2015
DNS parser, meet Go fuzzer
4 Aug 2015
A deep look at CVE-2015-5477
4 Aug 2015
ssh whoami.filippo.io
3 Aug 2015
Quick and dirty annotations for Go stack traces
2 Aug 2015
Technical notes: convert a partition image to a bootable disk image
1 Jul 2015
Setting Go variables at compile time
18 Jun 2015
Go has a debugger—and it's awesome!
6 Jun 2015
How Plex is doing HTTPS for all its users
21 May 2015
Logjam explained
8 Apr 2015
The unofficial Chrome SHA1 deprecation FAQ
31 Mar 2015
The sad state of SMTP encryption
20 Feb 2015
Komodia/Superfish SSL Validation is broken
20 Feb 2015
Make your own Superfish infected VM
12 Feb 2015
So I lost my NAS password
11 Jan 2015
scrypt all the things!
10 Nov 2014
PSA: enable automatic updates. Please.
28 Jun 2014
"The Heartbleed Test" @ OWASP / NYU Poly
28 May 2014
Salt & Pepper, please: a note on password storage
31 Mar 2014
On Keybase.io and encrypted private key uploading
26 Mar 2014
Why Go is elegant and makes my code elegant
18 Mar 2014
My remote shell session setup
13 Mar 2014
Native scrolling and iTerm2
12 Dec 2013
How the new Gmail image proxy works and what this means for you
10 Nov 2013
The ECB Penguin