Filippo Valsorda
Subscribe to Cryptography Dispatches for more!

The FIPS Compliance of HKDF

Let’s All Agree to Use Seeds as ML-KEM Keys

age Plugins

Geomys, a blueprint for a sustainable open source maintenance firm

XAES-256-GCM

My Maintenance Policy

PINs for Cryptography with Hardware Secure Elements

Post-quantum Cryptography for the Go Ecosystem

Enough Polynomials and Linear Algebra to Implement Kyber

Why We Don’t Generate Elliptic Curves Every Day

Announcing the $12k NIST Elliptic Curves Seeds Bounty

I want XAES-256-GCM/11

A Cryptographic Near Miss

Planning Go 1.21 Cryptography Work

Avoid The Randomness From The Sky

I’m Now a Full-Time Professional Open Source Maintainer

ssh whoami.filippo.io

Go 1.20 Cryptography

My age+YubiKeys Password Management Solution

A GC-Friendly Go Interning Cache

Why Did the OpenSSL Punycode Vulnerability Happen

The Reciprocal Value of Access to Maintainers

age and Authenticated Encryption

Planning Go 1.20 Cryptography Work

A Wide Reduction Trick

KEMs and Post-Quantum age

How to pay professional maintainers

Professional maintainers: a wake-up call

Automatic Cipher Suite Ordering in crypto/tls

The Most Backdoor-Looking Bug I’ve Ever Seen

Re-Deriving the edwards25519 Decoding Formulas

Reconstruct Instead of Validating

NaCl Is Not a High-Level API

Registries Considered Harmful

Replace PGP With an HTTPS Form

DSA Is Past Its Prime

Is X25519 Associative? Sometimes!

OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys

Hacking together a USB-C charger for a cheap Chromebook

Install Go tools from modules with brew-gomod

New Crypto in Go 1.14

The Linux CSPRNG Is Now Good!

Efficient Go APIs with the mid-stack inliner

Hello World, and OpenPGP Is Broken

Using Ed25519 signing keys for encryption

A Go implementation of Poly1305 that makes sense

mkcert: valid HTTPS certificates for localhost

Touch-to-operate password-store with YubiKey 4

Making a Gmail bot with Apps Script and TypeScript

Easy Windows and Linux cross-compilers for macOS

Live streaming Cryptopals

The scrypt parameters

We need to talk about Session Tickets

A secure captive portal browser with automatic DNS detection

Playing with kernel TLS in Linux 4.13 and Go

restic cryptography

rustgo: calling Rust from Go with near-zero overhead

Cleaning up my GOPATH with Homebrew

Reproducing Go binaries byte-by-byte

Setting a custom FileVault (macOS FDE) passphrase

Finding Ticketbleed

Go Time #32 - Hellogopher, whosthere?

TLS 1.3 at 33c3

How to protect yourself from the WebEx extension

So you want to expose Go on the Internet

I'm giving up on PGP

TLS nonce-nse

An overview of TLS 1.3

So I lost my OpenBSD FDE password

The complete guide to Go net/http timeouts

Securing a travel iPhone

Analyzing Go Vendoring with BigQuery

git fixup: --amend for older commits

Stale GOROOT and gorebuild

Untrusting an intermediate CA on OS X

Self-host analytics for better privacy and accuracy

vendorcheck: the simplest Go static analysis tool

"LuckyMinus20": Yet Another Padding Oracle in OpenSSL CBC Cipher Suites

Shrink your Go binaries with this one weird trick

Understanding Metrics in the Age of the TSDB

Technical notes: mixing speaker and slides recording with FFmpeg

Coverage for end-to-end tests of Go programs

Bleichenbacher'06 signature forgery in python-rsa

Most Go tools now work with GO15VENDOREXPERIMENT

SSLv2 redux: patching Go crypto/tls to work with IE6

"Automated Testing with go-fuzz" @ GothamGo

Creative foot-shooting with Go RWMutex

Building Python modules with Go 1.5

DNS parser, meet Go fuzzer

A deep look at CVE-2015-5477

ssh whoami.filippo.io

Quick and dirty annotations for Go stack traces

Technical notes: convert a partition image to a bootable disk image

Setting Go variables at compile time

Go has a debugger—and it's awesome!

How Plex is doing HTTPS for all its users

Logjam explained

The unofficial Chrome SHA1 deprecation FAQ

The sad state of SMTP encryption

Komodia/Superfish SSL Validation is broken

Make your own Superfish infected VM

So I lost my NAS password

scrypt all the things!

PSA: enable automatic updates. Please.

"The Heartbleed Test" @ OWASP / NYU Poly

Salt & Pepper, please: a note on password storage

On Keybase.io and encrypted private key uploading

Why Go is elegant and makes my code elegant

My remote shell session setup

Native scrolling and iTerm2

How the new Gmail image proxy works and what this means for you

The ECB Penguin

Subscribe to Cryptography Dispatches for more!