@abacabadabacaba Sure. It might be helpful to comment directly on the github discussion.

@abacabadabacaba Maybe not

https://eprint.iacr.org/2025/554

@abacabadabacaba Yeah, I know. It's not a goal AFAIK.

If you wanted KCI, you'd need ephemeral prekeys on both ends and at that point you might as well just use Signal.

I proposed a way to incorporate Sender Authentication in age with the following advantages:

1. No catch-22 between encryption and signing (no rebinding attacks)
2. You have to be able to decrypt the message to verify the sender
3. No new cryptographic primitives (e.g., signcryption)
4. No in-band signaling or downgrade attacks

However, it does have one requirement that people accustomed to PGP use cases (and tolerant of PGP footguns) may find annoying:

You must know, in advance, the public key of the sender in order to be able to decrypt the message.

https://github.com/FiloSottile/age/discussions/640

#crypto #encryption #cryptography #age

@soatok@furry.engineer I was thinking something similar a few days ago. What would happen if you flooded GitHub with trivial programs with naming or comments that imply it's doing something different. Like a "shortest path" function, but it's actually just fizzbuzz. How long until AI slop would just think that every problem is fizzbuzz and just offer some variation of fizzbuzz for every prompt?

@earthshine @craftxbox Feb 2024

@cinebox How do you know you've typed the correct unsafe one, versus any random sequence of digits?

@charlotte @craftxbox I do use Google Voice

@craftxbox To be clear: the people who deserve insults and terms of derision are the people actively evangelizing Matrix, XMPP, etc. and trying to talk over people with half a goddamn clue.

Lots of innocent and well-meaning people have been misled by these charlatans. I do not blame them.

@craftxbox

having never used signal, nor knowing specifically what the criticism actually is,

The criticism is morons whining about "boo hoo they require a phone number to sign up and nothing else"

It used to be valid criticism (you needed to give people your phone number to chat with you), but Signal fixed that when they rolled out usernames.

Then, said morons decide that Signal is somehow less secure because of this phone number requirement (and literally nothing else).

Meanwhile, you have so-called competitors that let you spew plaintext scoring higher on their idiotic "privacy" checklists.

Then well-meaning people ping me with these documents asking if I'm wrong about Signal (which is the only popular app that uses adequate cryptography to date).

would a successful simswap give an attacker the capability to silently register a new device or perform a lost key recovery?

No.

If you'd like an example of a threat model I wrote (for the Fediverse Key Transparency specification): https://github.com/fedi-e2ee/public-key-directory-specification/blob/main/Specification.md#threat-model

Notice that it has:

1. A list of specific technical assumptions.
2. A list of assets in scope.
3. A list of actors, which represent different types of attacks and tactics.
4. Specific risks for various assets, for which the various actors may be relevant.

NIST has several documents for writing a threat model.

You don't need to be as formal as this about it, but trying to rebut me with not-a-goddamn-threat-model is a waste of everyone's time.

When I say something like, "The people who tut-tut over the phone number requirement never articulate anything resembling a coherent threat model" (when talking about Signal), I want to be very clear:

I mean an actual threat model.

Not a use-case.

Not a user story.

Not a set of wants.

Threat.
Model.

Learn what that is before replying.

@AVincentInSpace That isn't a threat model, that's a user story!

Anyway, I already addressed this requirement on my blog: https://soatok.blog/2024/05/14/its-time-for-furries-to-stop-using-telegram#second-account

I have to Signal accounts from one mobile phone. It's not exactly impossible.

By the way, if you use Signal, go to Privacy > Phone Number and you can configure it like so:

I just saw somebody refer to a human person, like an actual meat-and-bone possessed-of-inalienable-rights-and-inherent-dignity human person, as "agentic".

Bernard Avishai once famously said that the danger of computers is not that they will eventually get as smart as people, but that we will meanwhile agree to meet them halfway, and I think about that every day. Not just in terms of smarts, but dignity, kindness and decency.

@gsuberland My favorite is when the statement of work explicitly says "SGX side-channels are out of scope"

it's 2025 and this is still the funniest security meme.

@nytpu @ret "why would they even do it this specific unnatural way" is pretty much the running theme with PHP

one must imagine sysadmins happy

On X11 and the Fascists Maggots

I can't believe I needed to write this but here we are.

https://blogs.gnome.org/alatiera/2025/06/23/the-fascist-maggots/