Crypto
[The State of Crypto Security. Hackers have stolen more than $2B from… | by Kofi Kufuor | Oct, 2022 | The Control](https://thecontrol.co/the-state-of-crypto-security-d628ac5b609d) |
cloudflare/circl: CIRCL: Cloudflare Interoperable Reusable Cryptographic Library
Google’s Fully Homomorphic Encryption Compiler — A Primer – Math ∩ Programming
Making Crypto Hacking Less Lucrative - Bloomberg
[XREX CSO Publishes Web3 Open-source Tools to Enhance Smart Contract Development Security | by The XREX team | Aug, 2022 | XREX Crypto Threat Research Blog](https://research.xrex.io/xrex-cso-publishes-web3-open-source-tools-to-enhance-smart-contract-development-security-94f9b432399b) |
Ethereumwallet.com - A Case Study — Unciphered
“Responsible Rescue” — Unciphered
Decurity/semgrep-smart-contracts: Semgrep rules for smart contracts based on DeFi exploits
Replicant: Reproducing a Fault Injection Attack on the Trezor One https://voidstarsec.com/about.html https://twitter.com/wrongbaud
Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling – NCC Group Research
Building Safe End-to-End Encrypted Services for Business - a Google Workspace perspective
Web3 Is Going Great People rush to steal some of the $190 million in the Nomad bridge after an exploit is discovered
Is It Possible to Reconcile Encryption and Child Safety? - Lawfare
Cryptocurrency 2022 Legislation
MIke Privette: Thirty-seven US states have addressed legislation regarding cryptocurrency, digital or virtual currencies and other digital assets in the 2022 legislative session
Too Many Secrets - by Andy Manoske - Reality Deviance
A no math introduction to cryptography and secure protocols
H/T HashiCorp’s Mitch Pronschinske.
In defense of crypto(currency) – A Few Thoughts on Cryptographic Engineering
TLS validation: implement OCSP and CRL verifiers in Go - Cossack Labs We explore OCSP and CRL – the protocols for validating TLS certificates. These protocols are often seen as “too scary” or “too advanced”, while they are not.
OCSP and CRL are often used in PKI context: after the certificate generation there should be a procedure to handle their revocation.
The standard Golang library doesn’t support these protocols out-of-the-box, which led us to deep diving into the topic and building OCSP / CRL validation tooling in Go.
We describe the things we’ve learnt: design, implementation and security tips, example code and popular mistakes.
@vixntael
Application Level Encryption for Software Architects
Secure Search Over Encrypted Data
Maintaining cryptographic library for 12 languages - Speaker Deck
Announcing our open source security key test suite
Google open sourced its security key test suite, that can be used to test for bugs in security keys’ implementation of the CTAP protocol, the part of FIDO2