#Cryptography
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
12.7% of mobile users access Tumblr.
Text
Hey, cryptographers of Tumblr. If anyone is bored and fancies a challenge, please could you have a go at deciphering this message and tell me how long it takes you? It's for a fic I'm writing, and I need to know if it's realistic for my characters to get the answer late enough for my pacing but quick enough to catch the killer.
242 notes
·
View notes
Text
Pinkslump linkdump
Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.
We're less than a month into 2025 and I'm already overwhelmed by my backlog of links! Herewith, then, is my 25th linkdump post, a grab-bag of artful transitions between miscellaneous subjects. Here's the previous 24:
https://pluralistic.net/tag/linkdump/
Last week's big tech event was the Supreme Court giving the go-ahead for Congress to ban Tiktok, because somehow the First Amendment allows the US government to shut down a speech forum if they don't like the content of its messages. From now on, only Mark Zuckerberg and Sundar Pichai and Elon Musk and Tim Cook and the faceless mere centimillionaires running companies like Match.com will be able to directly harvest Americans' most private, sensitive kompromat. The People's Liberation Army will have to build their dossiers on Americans' lives the old fashioned way: by paying unregulated data-brokers who will sell any fact about you to anyone and who know everything about everyone.
After all, the reason the American market matters so much to Tiktok is that America is the only rich, populous country in the world without a federal privacy law. That's why an American is the most valuable user an ad-tech company can acquire. Keep your wealthy Norwegians: sure, they're saturated in oil money and thus fat prizes for ad-targeting, but they're also protected by the GDPR.
If you're an American (or anyone else, for that matter) who wants to use Tiktok without being spied on, Privacysafe has you covered: their Sticktock tool is a private, alternative, web-based front-end for Tiktok, with optional Tor VPN tunnelling:
https://sticktock.com/
As Privacysafe's Sean O'Brien explains, Sticktock is an free/open utility that's dead easy to use. Just change the URL of any Tiktok video from tiktok.com/whatever to sticktock.com/whatever, and you're have a private viewing experience that easily penetrates the Great Firewall of America:
https://bitsontape.com/p/sticktock-share-tiktok-videos
O'Brien – founder of the Yale Privacy Lab – writes that Privacysafe built this because they wanted to help Americans continue to access the great volume of speech on Tiktok, and because they knew that Americans would be using ad-supported, spyware-riddled VPNs to evade the Great Firewall.
Sticktock is a great hack, but it only defends your privacy while you're using Tiktok. For other social media, you'll need to try something else. For example, Mark Zuckerberg is the last person you want to entrust with your data, and always has been. Never forget that as soon as Zuckerberg's Harvard-based nonconsensual fuckability-rating service TheFacebook was up and running, he started offering copies of all his users' data as a flex to his buds:
Yeah so if you ever need info about anyone at Harvard Just ask I have over 4,000 emails, pictures, addresses, SNS
What? How'd you manage that one?
People just submitted it. I don't know why. They "trust me" Dumb fucks
Don't be a dumb fuck! Lots of people can't manage to leave Meta platforms because they love the people there more than they hate Mark Zuckerberg, and Zuck knows it, which is why he keeps turning the screws on his users. That doesn't mean there's nothing you can do. Over the years, various law enforcement and regulatory agencies have forced Meta to add privacy controls to its services, and though the company has implemented these as a baroque maze of twisty little malicious compliance passages, all alike, it is possible to lock down your data if you try hard enough. My EFF colleague Lena Cohen has a walkthrough of Meta's privacy settings, AKA the world's worst dungeon crawler, which will see you through safely:
https://www.eff.org/deeplinks/2025/01/mad-meta-dont-let-them-collect-and-monetize-your-personal-data
If this kind of thing interests you, you can spend a whole weekend learning about it, chilling and partying with some of the most fun-loving, fascinating weirdos in hackerdom this summer. 2600 magazine's semi-annual Hackers on Planet Earth (HOPE) con – now in its 31st year! – has gone annual, and they're pre-selling tickets at a freakishly low earlybird rate:
https://store.2600.com/products/tickets-to-hope_16
I keynoted HOPE last year and it was every bit as much fun as I remembered. Sure, DEF CON is amazing, but you can't really call a 40,000-person gathering in the Las Vegas Convention Center "intimate." HOPE is a homebrew, homely, cheap, cheerful and delightfully anarchic hacker con with deep history and great people.
Speaking of weird ancient history, my pal Ada Palmer – sf writer, librettist, singer, and Renaissance historian – blew my mind this week with her article on the tower-cities of medieval proto-Italy during the Guelph-Ghibelline wars (1125-1392):
https://www.exurbe.com/the-lost-towers-of-the-guelph-ghibelline-wars/
Once upon a time, Italian city-states were forested with tall towers, like miniature Manhattans. Rich families built these stone towers as a show of wealth and a source of power, since the stone towers were taller than nearby homes and far less flammable, so the plutes of the day could drop flaming garbage on their neighbors, burn them out, and emerge triumphant. This ended with cities like Florence banning towers above a certain height, forcing their warring oligarchs to decapitate their fortresses down to compliance levels.
The images need to be seen to be believed. Ada's got a new book about this, Inventing the Renaissance, "which shows how the supposed difference between a bad 'Dark Ages' and a Renaissance 'golden age' is 100% propaganda, but fascinating propaganda with a deep history":
https://www.adapalmer.com/publication/inventing-the-renaissance/
Palmer is one of the most fascinating writers, thinkers, performers, and speakers I know. This is the book for every history nerd in your life, and also a magic artifact with the power to transform normies into history nerds.
Speaking of scholars finding nontraditional ways to do technical communication to the general public: this week, 404 Media's Emmanuel Maiberg reported on Zara Dar, an OnlyFans model who's racked up millions of Pornhub views for videos that consist of detailed, accessible, fully clothed explanations of machine learning:
https://www.404media.co/why-this-onlyfans-model-posts-machine-learning-explainers-to-pornhub/
Dar's videos cover a variety of poorly understood, highly salient mathematical subjects, like this introduction to probability theory:
https://www.pornhub.com/view_video.php?viewkey=65cfae54411b9
Dar's got a pretty straightforward reason for posting her explainers to Pornhub – it pays about 300% more than Youtube does for the same amount of viewership ($1,000 per million views vs. Youtube's $340 per million). But it comes at a cost. Other platforms like Linkedin have banned her for discussing the economics of posting videos to Pornhub, without explanation or appeal.
The reason Dar's in the news now is that the Supremes didn't merely ban Tiktok this week, they also heard arguments about the red state "age verification" laws, in which Alito asked if looking at Pornhub was analogous to reading Playboy, which was famous for interleaving softcore pornography with hefty, serious reporting and editorials. Can you really look at Pornhub "just for the articles?" Seems like the answer is a resounding yes.
These "age verification" laws are jaw-droppingly reckless. Red state lawmakers – and ALEC, the dark money org that wrote the model legislation they're pushing – envision a system where each person who looks at porn is affirmatively identified as a named adult, and where that identity information is indefinitely retained. The most common way of gating services to adults is to demand a credit-card, which means that these weirdos want to create highly leakable databases of every one of their constituents' sexual kinks, which can be sorted by net worth by would-be blackmailers. Remember, any data you collect will probably leak, and any data you retain will almost certainly leak. Good times ahead.
Of course, it wasn't all gruesome policy malpratice this week. In the final days of the Biden admin, antitrust enforcers from multiple agencies launched a flurry of investigations, cases, judgments, fines and sanctions against companies that prey on the American public. The FTC went after John Deere for its repair monopoly:
https://www.404media.co/ftc-sues-john-deere-over-its-repair-monopoly/
And the FTC sued to end a system of secret noncompetes, where employers illegally collude not to hire each others' workers, something the workers are never told:
https://prospect.org/labor/2025-01-17-building-service-workers-ftc-stops-secret-no-hire-agreements/
That's just for starters. Matt Stoller rounds up the "full Tony Montana" of last-week enforcement actions undertaken by Biden's best appointees, an all-out assault on pharmacy benefit managers (most notably Unitedhealth), junk-fee-charging corporate landlords, Capitol One, Cash App, rent-rigging landlords, Southwest Airlines, anesthesia monopolists, Experian and Equifax, private equity plunderers, lootbox-peddling video game companies, AI companies, Honda finance, politically motivatedd debanking, Google, Elon Musk, Microsoft, Hino Motors, and more:
https://www.thebignewsletter.com/p/out-with-a-bang-enforcers-go-after
This is all amazing, but also frustrating, as it exemplifies what David Dayen rightly calls the "essential incoherence" of Bidenism, a political philosophy that sought "balance" between different Democratic Party factions by delegating enormous power to people with opposing goals, then unleashing them to work at cross-purposes:
https://prospect.org/politics/2025-01-17-essential-incoherence-end-of-biden-presidency/
What to make of a president whose final address warned the American public of an out-of-control oligarchy, but whose final executive order was a giant giveaway to the biggest AI companies – and their oligarch owners?
And what to make of a president who oversaw a genocide in Gaza, fronting for an Israeli regime that made a fool of him at every turn, laughed at his "red lines," and demanded (and received) fresh shipments of arms even as they campaigned for Trump?
This had nothing to do with sound electoral politics. The vast majority of Americans supported a cease-fire in Gaza, and have done virtually since the beginning of the bombings. Harris – who reportedly agreed not to criticize Biden's record as a condition of Biden stepping aside – made it clear that she would ignore voters' horror at the mass killing. Voters responded by staying home in droves: 19 million 2020 Biden voters simply refused to cast a ballot in 2024:
https://www.dropsitenews.com/p/kamala-harris-gaza-israel-biden-election-poll
A Yougov poll showed that 29% of the "non-voters" who turned out for Biden in 2020 refused to vote at all in 2024 because of Biden's support for genocide in Gaza. Polling during the campaign made it clear that Harris would improve her electoral chances by promising a cease-fire, but that was a bridge too far, even during an election "where democracy was on the ballot."
America is famously a country where legislators and leaders ignore the policy preferences of voters and give elites everything they want. In that world, not voting – even when "democracy is on the ballot" – makes a lot of sense:
https://www.vox.com/2014/4/18/5624310/martin-gilens-testing-theories-of-american-politics-explained
But Biden did do some popular things that elites hated – fighting corporate power, price-fixing, rent-gouging, and other forms of predatory business conduct. The "compromise" the Biden administration made with its elite backers was to call as little attention as possible to all this stuff. The Biden admin did more on antitrust in four years than all the preceding administrations of the previous forty years, combined. Just last week, the Biden admin did more on antitrust than any presidential administration did in a four-year term. And yet, they barely whispered about it.
This is a great example of what Anat Shenker-Osorio calls "Pizzaburger politics." Imagine half your family wants pizza for dinner and the other half wants burgers, so you make a disgusting pizzaburger that makes them all equally miserable and claim that everyone being mad at you is proof that you've been "fair":
https://pluralistic.net/2024/05/29/sub-bushel-comms-strategy/#nothing-would-fundamentally-change
Handing billionaires a bunch of voter-enraging gimmes and sucking up to ghouls like Liz Cheney didn't buy the loyalty of America's tower-owning, neighbor-incinerating princelings. They gave millions to Trump, whom they knew would hand them billions in tax breaks and a license to loot the country. Worse, this pizzaburger strategy caused voters to stay home by the millions, convinced that they couldn't trust Biden or Harris.
We're heading into another four years of planet-incinerating, human-rights-destroying, immigrant-pogroming, mass-imprisoning misery. The incoming dictator has promised to throw all kinds of people in prison, so maybe we should learn a little about how America's prolific, crowded, nightmare penitentiaries actually function.
David Skarbek is a political scientist who studies prison gangs. In a fascinating interview with Asterisk, he describes the forces that led to the rise of race-segregated prison gangs, from virtually nonexistent for 100 years to ubiquitous:
https://asteriskmag.com/issues/08/why-we-have-prison-gangs
It boils down to this: in small prisons, it's possible to enforce a social code among prisoners that maintains order. Each prisoner can keep track of the trustworthiness of others and of the safety risks they pose. But once we started building larger prisons, this system broke down, requiring hierarchical, authoritarian structures – gangs – to keep people in line. Gangs are brutal, but they also keep the peace, regulating financial disputes, contraband trade, and the use of violence.
Skarbek thinks that building more, smaller prisons would eliminate gangs – as would increasing the number of guards, which would give the institution the capacity to step in and fill the regulatory void filled by gangs. He's not saying prison gangs are good, but he's explaining why they emerged and why they have remained.
There is no pleasure quite like reading the work of top-flight scholars explaining their areas of research. That's why I subscribe to the RSS feed for Matthew Green's blog about cryptography. Green is a great explainer who works in fascinating areas.
In his latest post, Green talks about the way that AI interacts with end-to-end encryption. After decades of rising catastrophes, mobile device makers and cloud providers finally standardized on end-to-end encrypted cloud storage, meaning that your data in the cloud is so scrambled that the cloud provider can't even guess about what it is (which means that if the cloud gets breached, none of that data can be read by hackers or sold on the darknet):
https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/
This works great for cloud storage, but it poses a serious impediment to cloud computing. You can't offload computationally intensive tasks onto someone else's giant data-center if you scramble your data so thoroughly that it can't be read or understood by the computers there. This is especially salient when we're talking about "AI," which involves a lot of data-processing that exceeds the capacity of your phone or laptop.
This presents a serious privacy risk, because it implies that AI companies are going to abandon the idea of end-to-end cloud encryption. They'll need the capacity to decrypt (and possibly retain) all the data you ask their "AI" services to munge in some way. Green uses this conundrum to discuss Apple's solution to this: a "trusted computing" server environment.
I've been fascinated (and horrified) by Trusted Computing ever since a group of Microsoft engineers came by EFF in 2002 to explain their plans for something called "Next Generation Secure Computing Base" (AKA "Palladium") to us:
https://pluralistic.net/2020/12/05/trusting-trust/#thompsons-devil
The idea was to put a second, secure computer into every device. This "trusted platform module" (or, sometimes, "technical protection measure") would be tamper-evident and tamper-resistant, contain some factory-installed, non-modifiable cryptographic signing keys, and run an extremely limited set of programs. It would observe and record the code your computer ran, from the bootloader to the OS and on up.
Other computers elsewhere in the world could "challenge" your computer to prove that it was running an OS and programs that would behave in certain way (for example, that it would block screenshots of confidential messages). This challenge would include a long random number. Your computer's TPM would combine that number with hashes of all the other elements of your computer's operating environment – it's bootloader, OS, etc – and cryptographically sign that using its signing keys. This is then sent back to the other computer as a "remote attestation" about how your computer is configured.
Notably, it's an attestation that is outside of your own control – you can't override it or falsify it. That TPM in your computer isn't loyal to you, it doesn't take orders from you. It's a snitch that tells other people truthful things about your computer, including things you'd rather it not disclose.
Over the years, variations on this idea and its applications have popped up. TPMs aren't necessarily a second chip anymore – these days, they're more likely to be a "secure enclave" – a rectangle of logic gates on your computer's CPU that is designated as "secure" and subject to more strict testing and scrutiny than the rest of the chip. These secure enclaves are used to prevent you from installing a third-party app store on your games console or phone, and to prevent your car from being serviced by an independent mechanic.
But despite all these anti-user applications, Trusted Computing remains a fascinating subject. For example, you could use Trusted Computing to ask a remote technician to assess whether your phone had been infected with spyware, and the spyware (theoretically) couldn't hide from that helper.
This is how Apple proposes to solve the privacy/AI conundrum. Its remote AI servers are outfitted with their own TPMs, and before your phone sends them your data to be AIed, it can challenge the server to send it an attestation that proves that it is running software that will not leak or retain that data, or use it in any way other than for the task you're asking it to perform.
Apple calls this "Private Cloud Compute" and if it comes into widespread use, it'll be the first time in a quarter century that there is a major pro-user application for Trusted Computing, something the industry has touted as on the horizon since the first days of the second Gulf War.
That said, Green writes that he's "not thrilled" with Apple's privacy solution:
it still centralizes a huge amount of valuable data, and its security relies on Apple getting a bunch of complicated software and hardware security features right, rather than the mathematics of an encryption algorithm.
Nevertheless, this is way better than the approach of Apple's competitors, like Openai/Microsoft, who are just YOLOing it. Green points out that even if this works, it's only one of the many privacy issues raised by AI, notably the use of private information in AI training, which this does nothing for. He also worries that techniques like this will cause lawmakers to insist that "client-side scanning" (where your device runs a program that scans it constantly for illegal content and uploads anything suspicious to the police) can be done in a "privacy-preserving" way. It's not true, but it's easy to see how bad-faith would-be spies could spin, "There is a way to do some AI stuff in a more-private way" to "there are no privacy risks with this other AI stuff."
It's a gnarly issue, and like I say, it's one you can easily spend decades chewing on (or at least, one that I have spent decades chewing on). It's interesting how many of the fundamental tech policy questions have been with us since the start of the internet age. This week, I happened on a viral 1994 post explaining the difference between "the internet" and the promised "information superhighway":
https://www.wired.com/1994/11/q-what-is-the-information-superhighway/
It's not entirely prophetic, but it sure lands some blows that still sting, 30 years later:
It's just like the Internet, except:
* It's a lot more expensive. * You can't post, and there's no killfile. * There's no alt.sex or alt.drugs. * The new rec.humor.funny has a laugh track. * There's a commercial break every 10 minutes. * Everything is formatted to 40 columns for TVs. * The free software costs you US$2 per Mbyte to ftp, more for long distance. * There's a commercial break every 10 minutes.
It's just like cable TV, except:
* It's a lot more expensive. * The picture isn't as good. * There are 500 channels of pay-per-view and home shopping. * You can watch any episode of Gilligan's Island or any Al Gore speech for only $2. * There are no public-access channels. * There's a commercial break every 10 minutes.
It's just like renting videos, except:
* It's a lot more expensive. * There's only 1 percent of the selection. * There's no porn. * There's no pause, fast-forward, or rewind, and it costs you another $3.95 if you want to watch something twice. * There's a commercial break every 10 minutes.
It's just like the telephone, except:
* It's a lot more expensive. * There's no one to talk to. * Every number is a toll call. * There's a commercial break every 10 minutes.
(Image: Jen, CC BY 2.0, cropped)
Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2025/01/18/ragbag/#reading-pornhub-for-the-articles
#pluralistic#ai#end to end encrytption#encryption#pizzaburgers#cryptography#crypto#matthew green#matt green#creator economy#machine learning#pornhub#age gating#anonymity#hackers on planet earth#hope#2600#hacker cons#linkdump#linkdumps#democrats in disarray#election 2024#gaza#genocide#democratic party#dems#dinos#prison gangs#sociology#noncompetes
61 notes
·
View notes
Note
----- .---- ----- .---- ----- ----- ----- .---- / ----- .---- .---- .---- ----- .---- ----- .---- / ----- .---- .---- ----- ----- .---- ----- .---- / ----- .---- .---- ----- ----- .---- ----- .---- / ----- .---- .---- ----- .---- .---- .---- ----- / ----- ----- .---- ----- ----- .---- .---- .---- / ----- .---- .---- .---- ----- ----- .---- .---- / ----- ----- .---- ----- ----- ----- ----- ----- / ----- ----- .---- .---- .---- ----- ----- ----- / ----- .---- .---- .---- ----- .---- ----- ----- / ----- .---- .---- ----- .---- ----- ----- ----- / ----- ----- .---- ----- ----- ----- ----- ----- / ----- .---- .---- ----- ----- ----- ----- .---- / ----- .---- .---- ----- .---- .---- ----- ----- / ----- .---- .---- ----- ----- ----- .---- ----- / ----- .---- .---- .---- ----- .---- ----- .---- / ----- .---- .---- ----- .---- .---- ----- .----
Well played anon, well played.
I will not translate for y’all, but protip, get a morse to text decoder, and then a binary to text decoder.
Figure it out for yourself.
It’ll be more impactful that way.
#rickroll answers#anon#cognitohazard#infohazard#morse code#binary#cryptography#tumblr games#silly#txt#unicode#ascii#not a rickroll
116 notes
·
View notes
Text
BILL'S CONTRACT FINE PRINT DECIPHERED
I'm sure someone has beat me to this, but because I decided to decipher/translate all 1000ish words of the fine print on this here totally normal contract (by hand)
Bold code is theraprism substitution cipher, the rest is the author's substitution cipher, i've reformatted the text to be more readable but i've also made a version with the more accurate, original line formatting here
YOU ARE NOW TWENTY ONE GRAMS LIGHTER
THIS CONTRACT IS LEGAL AND BINDING, WE RESERVE THE RIGHT TO USE YOUR LIKENESS, FACE, VOICE AND SMALL TOWN PLUCK IN WHATEVER NEFARIOUS MANNER IS DEEMED NECESSARY.
SANS SOUL YOUR SOULMATE WILL NOT RECOGNIZE YOU AND WILL WALK RIGHT PAST YOU ON A COLD AUTUMN DAY, NEVER MAKING EYE CONTACT, NOT EVEN PROCESSING THAT YOU HAVE EYES AT ALL. NO AMOUNT INTERACTION WILL MOVE THEM TO A PLACE WHERE THEY CAN REMEMBER - IN FEELING THE THOUSANDS OF LIFETIMES YOU HAVE ALREADY SPENT TOGETHER, EACH TIME CHOOSING WHATEVER FORM WOULD KEEP YOU CLOSEST LIKE OTTERS HOLDING HANDS IN A TUMULTUOUS RIVER. YOU WERE BIRDS, YOU WERE TREES WITH ROOTS ENTWINED, DRINKING IN THE SUNLIGHT TOGETHER. WHEREVER WE GO NEXT, WHATEVER YOU CHOOSE, I WILL ALWAYS BE RIGHT THERE WITH YOU. -
THATS DONE BUDDY, CONGRATULATIONS YOU HAVE CHOSEN BILL INSTEAD.
MCDONALDS RESERVES THE RIGHT TO PUT A GIANT YELLOW M ON YOUR TORSO AND FOREHEAD AND SEND YOU WALKING THROUGH A CROWDED TIMES SQUARE WHILE YOU SCREAM “THE FRIES, THE FRIES, THEY DON'T DEGRADE IN NATURE… ITS AN IMMORTAL FOOD… THEY WILL BE IN THE LANDFILLS LONG PAST OUR DEATHS.”
GOOD GOD, THE THINGS S I’VE SEEN, ME. WHO AM I? OH BILL'S PREVIOUS LAWYER, HE PUT MY SOUL INTO A QUILL PEN SO I CAN WRITE HIS LEGAL DOCUMENTS UNTIL THE SUN SNUFFS OUT LIKE A CANDLE IN THIS SICK UNIVERSE. I USED TO BE SO HOT. I WAS SO FINE. NOW I'M FINE PRINT.
SPEAKING OF WHICH, BILL RESERVES THE RIGHT TO PUT YOUR SOUL INTO AN INANIMATE OBJECT, A STRANGE CREATURE, A CONCEPT, A SENTENCE, A TASTEFUL BUT RUSTIC MASON JAR WITH WILDFLOWERS IN IT.
IF AT ANY POINT YOU WISH TO HAVE VISITATION RIGHTS WITH YOUR SOUL YOU WILL BE SWIFTLY DENIED UNLESS YOU HAD A COOL DAY PLANNED FOR THE BOTH OF YOU, THEN BILL MIGHT COME ALONG.
BY SIGNING THIS DOCUMENT YOU FORFEIT ANY RIGHTS TO EATING SOUL FOOD, IT WILL TURN TO ASH IN YOUR MOUTH, A FITTING PUNISHMENT FOR A FOOL WHO SQUANDERED THE ONLY TRUE GIFT LIFE OWES YOU.
BILL RESERVES THE RIGHT TO DRESS YOUR SOUL HOWEVER HE DEEMS NECESSARY, ESPECIALLY IF YOUR SOUL WAS A NERD BEFORE ACQUISITION, SOUL MAKEOVERRR!
YOUR SOUL MAY BECOME FRACTURED AND PLACED INTO DIFFERENT OBJECTS. THIS HAS NO PURPOSE AND WILL NOT RESURRECT YOU WHEN YOU DIE.
SIGNEE HAS FORFEITED ALL RIGHTS OF ANY AFTERLIFE INCLUDING BUT NOT LIMITED TO: HEAVEN, HELL, PURGATORY, BIG CORNER, FLOW STATE, THE DREAM HOUSE, THE REINCARNATION PROCESSING CENTER, AXOLOTL'S TANK AND CONSEQUENCES HOLE.
SIGNEE CAN NO LONGER BOARD THE SOUL TRAIN AND IS ADVISED TO DISCARD ALL BELLBOTTOMS.
SIGNEE CAN NO LONGER HAVE A PUPPY AS A BEST FRIEND, THEY CAN SENSE WHAT IS GONE. CATS ARE INDIFFERENT.
SIGNEE MAY EXPERIENCE OCCASIONAL DEMON POSSESSION FROM HORCULUS THE RED, PLABOS THE MERCILESS, MORBUS SON OF MORTEM, PLAGA THE OOZING AND OTHER SUCH COMMON DEMONS ROAMING EARTH SEARCHING FOR WEAKENED/EMPTY VESSELS.
TIPS FOR RIPPING YOUR SOUL OUT: WATCHING YOUTUBE COMMENTARY CHANNELS, ATTENDING AN EXTENDED FAMILY EVENT WITH AN OPEN BAR, USING GENERATIVE AI AND ASSERTING THAT YOU ARE CREATIVE, TURNING A BLIND EYE TO HUMAN SUFFERING, AMASSING MORE WEALTH THAN NEEDED, PURCHASING A BLUE CHECKMARK.
#gravity falls#this is not a website dot com#thisisnotawebsitedotcom#bill cipher#the book of bill#cryptography#i like how it just turns into alex ranting near the end brennan lee mulligan style#also “i was fine. now i'm fine print.” took me out#also 21 grams experiment mentioned??#lmk if theres any mistakes the lines bled together when reading a lot
61 notes
·
View notes
Text
Branch Runes
Cipher:
left branches of the tree stand for the row
right branches of the tree stand for the column
#runes#runic#futhark#younger futhark#norse#norse paganism#heathen#heathenry#cryptography#calligraphy
108 notes
·
View notes
Text
LJS 51 is a 15th century collection of encrypted correspondence between the compiler and various correspondents. It is written using approximately 150 invented alphabets, accompanied by transcriptions of the letters in Arabic.
🔗:
46 notes
·
View notes
Text
"In December 2013, a curator and archaeologist purchased an antique silk dress with an unusual feature: a hidden pocket that held two sheets of paper with mysterious coded text written on them. People have been trying to crack the code ever since, and someone finally succeeded: University of Manitoba data analyst Wayne Chan. He discovered that the text is actually coded telegraph messages describing the weather used by the US Army and (later) the weather bureau. Chan outlined all the details of his decryption in a paper published in the journal Cryptologia. [...]
When Rivers-Cofield turned the dress inside-out, she found a small hidden pocket. Many women's dresses of the era had pockets, but this one would only be accessible by hiking up the overskirt. She puzzled over why anyone would make a pocket so inaccessible and thought it might have been used to smuggle messages. Hidden inside, she found two sheets of wadded-up translucent paper measuring about 7.5 inches by 11 inches. The text on each sheet consisted of 12 lines of recognizable common English words—except they made no sense. "Bismark omit leafage buck bank"? "Paul Ramify loamy event false new event"? [...]
With the invention of the telegraph, "For the first time in history, observations from distant locations could be rapidly disseminated, collated, and analyzed to provide a synopsis of the state of weather across an entire nation," Chan wrote in his paper. But it was expensive to send telegrams since companies charged by the word, so codes were developed to condense as much information into as few words as possible.
The challenge was figuring out which code book had been used since, otherwise, it would be nearly impossible to decode the message. Chan perused some 170 telegraphic code books, finally coming across a section about signals used by the US Army Signal Corps that were similar to the pages found in the antique silk dress. Eventually, he realized that the words were codes used by weather stations in the US and Canada to condense telegraph messages about meteorological observations. He relied on old maps to narrow the date to May 27, 1888."
Mysteries remain: who was the owner of the silk dress (a telegraph operator?), and why would she keep these papers in a hidden pocket?
108 notes
·
View notes
Note
can you actually talk about bitwarden / password managers, or direct me to a post about them? Idk my (completely uneducated) instinct says that trusting one application with all your passwords is about as bad as having the same password for everything, but clearly that isn’t the case.
So it is true that online password managers present a big juicy target, and if you have very stringent security requirements you'd be better off with an offline password manager that is not exposed to attack.
However, for most people the alternative is "reusing the same password/closely related password patterns for everything", the risk that one random site gets compromised is much higher than the risk that a highly security focussed password provider gets compromised.
Which is not to say it can't happen, LastPass gets hacked alarmingly often, but most online password managers do their due diligence. I am more willing to stash my passwords with 1Password or Bitwarden or Dashlane than I am to go through the rigamarole of self-managing an array of unique passwords across multiple devices.
Bitwarden and other password managers try to store only an encrypted copy of your password vault, and they take steps to ensure you never ever send them your decryption key. When you want a password, you ask them for your vault, you decrypt it with your key, and now you have a local decrypted copy without ever sending your key to anyone. If you make changes, you make them locally and send back an encrypted updated vault.
As a result, someone who hacks Bitwarden should in the absolute worst case get a pile of encrypted vaults, but without each individuals' decryption key those vaults are useless. They'd still have to go around decrypting each vault one by one. Combining a good encryption algorithm, robust salting, and a decent key, you can easily get a vault to "taking the full lifetime of the universe" levels on security against modern cryptographic attacks.
Now there can be issues with this. Auto-fill can be attacked if you go onto a malicious website, poorly coded managers can leak information or accidentally include logging of passwords when they shouldn't, and obviously you don't know that 1Password isn't backdoored by the CIA/Mossad/Vatican. If these are concerns then you shouldn't trust online password managers, and you should use something where you remain in control of your vault and only ever manually handle your password.
Bitwarden is open source and fairly regularly audited, so you can be somewhat assured that they're not compromised. If you are worried about that, you can use something like KeePassXC/GNU Pass/Himitsu/ (which all hand you the vault file and it's your job to keep track of it and keep it safe) or use clever cryptographic methods (like instead of storing a password you use a secret key to encrypt and hash a reproducible code and use that as your password, e.g. my netflix password could be hash(crypt("netflixkalium", MySecretKey)), I know a few people who use that method.
Now with any luck because Apple is pushing for passkeys (which is just a nice name for a family of cryptographic verification systems that includes FIDO2/Webauthn) we can slowly move away from the nightmare that is passwords altogether with some kind of user friendly public key based verification, but it'll be a few years before that takes off. Seriously the real issue with a password is that with normal implementations every time you want to use it you have to send your ultra secret password over the internet to the verifying party.
243 notes
·
View notes
Text
So, I am away from computer for four days for a really cool event and I come back and in the mean time they maybe found a polynomial quantum attack against Learning With Errors, a lattice problem? (https://eprint.iacr.org/2024/555) If this paper is correct then this is some serious breaking news shit, because lattices are like the main candidate for quantum-secure public key cryptography. (there are others but they are much less practical and for other types there have also been attacks) I mean, this paper seems to attack just a particular setting, is very impractical and does not work for schemes that are actually proposed, but an existing impractical attack often signals the way for more practical attacks. So, if it is not a false alarm, this is pretty big. It could signal the attackability of lattice schemes and undermine the trust in them. And it takes a long time to move to a new standard. Oh well. I guess we have to wait for experts to check the paper for mistakes before we can say anything.
76 notes
·
View notes
Text
FUCK YOU MEAN NOBODY KNOWS VIGENERE CIPHERS DUDE LIKE????
okay. so. in a college class we were in groups of 3 and we were supposed to encode a message in a way where we would write a key on another paper and without that key it was not solvable.
so I. of course. made a vigenere cipher with my group. because??? that's like???? the most obvious answer??????
WELL APPARENTLY NOT! THE OTHER GROUP COULDNT DECODE IT, THEY DIDNT FUCKING KNOW WHAT TO DO WITH IT! WE GAVE EM THE FUCKING TABLE FOR IT, THE KEY.
THEY NEVER HEARD OF IT!
BRO WE ARE ALL STUDYING INFORMATICS THE FUCK YOU MEAN YALL DONT KNOW WHAT A VIGENERE IS? MY ART-SCHOOL ROOMMATE KNEW WHAT IT WAS!
#irl stuff#cryptography#person watched gravity falls and suddenly thinks shit like this is normal#fuck me ig#im reblogging this with an image of dipper#i think this is something he would say
29 notes
·
View notes
Text
Why Not Write Cryptography
I learned Python in high school in 2003. This was unusual at the time. We were part of a pilot project, testing new teaching materials. The official syllabus still expected us to use PASCAL. In order to satisfy the requirements, we had to learn PASCAL too, after Python. I don't know if PASCAL is still standard.
Some of the early Python programming lessons focused on cryptography. We didn't really learn anything about cryptography itself then, it was all just toy problems to demonstrate basic programming concepts like loops and recursion. Beginners can easily implement some old, outdated ciphers like Caesar, Vigenère, arbitrary 26-letter substitutions, transpositions, and so on.
The Vigenère cipher will be important. It goes like this: First, in order to work with letters, we assign numbers from 0 to 25 to the 26 letters of the alphabet, so A is 0, B is 1, C is 2 and so on. In the programs we wrote, we had to strip out all punctuation and spaces, write everything in uppercase and use the standard transliteration rules for Ä, ��, Ü, and ß. That's just the encoding part. Now comes the encryption part. For every letter in the plain text, we add the next letter from the key, modulo 26, round robin style. The key is repeated after we get tot he end. Encrypting "HELLOWORLD" with the key "ABC" yields ["H"+"A", "E"+"B", "L"+"C", "L"+"A", "O"+"B", "W"+"C", "O"+"A", "R"+"B", "L"+"C", "D"+"A"], or "HFNLPYOLND". If this short example didn't click for you, you can look it up on Wikipedia and blame me for explaining it badly.
Then our teacher left in the middle of the school year, and a different one took over. He was unfamiliar with encryption algorithms. He took us through some of the exercises about breaking the Caesar cipher with statistics. Then he proclaimed, based on some back-of-the-envelope calculations, that a Vigenère cipher with a long enough key, with the length unknown to the attacker, is "basically uncrackable". You can't brute-force a 20-letter key, and there are no significant statistical patterns.
I told him this wasn't true. If you re-use a Vigenère key, it's like re-using a one time pad key. At the time I just had read the first chapters of Bruce Schneier's "Applied Cryptography", and some pop history books about cold war spy stuff. I knew about the problem with re-using a one-time pad. A one time pad is the same as if your Vigenère key is as long as the message, so there is no way to make any inferences from one letter of the encrypted message to another letter of the plain text. This is mathematically proven to be completely uncrackable, as long as you use the key only one time, hence the name. Re-use of one-time pads actually happened during the cold war. Spy agencies communicated through number stations and one-time pads, but at some point, the Soviets either killed some of their cryptographers in a purge, or they messed up their book-keeping, and they re-used some of their keys. The Americans could decrypt the messages.
Here is how: If you have message $A$ and message $B$, and you re-use the key $K$, then an attacker can take the encrypted messages $A+K$ and $B+K$, and subtract them. That creates $(A+K) - (B+K) = A - B + K - K = A - B$. If you re-use a one-time pad, the attacker can just filter the key out and calculate the difference between two plaintexts.
My teacher didn't know that. He had done a quick back-of-the-envelope calculation about the time it would take to brute-force a 20 letter key, and the likelihood of accidentally arriving at something that would resemble the distribution of letters in the German language. In his mind, a 20 letter key or longer was impossible to crack. At the time, I wouldn't have known how to calculate that probability.
When I challenged his assertion that it would be "uncrackable", he created two messages that were written in German, and pasted them into the program we had been using in class, with a randomly generated key of undisclosed length. He gave me the encrypted output.
Instead of brute-forcing keys, I decided to apply what I knew about re-using one time pads. I wrote a program that takes some of the most common German words, and added them to sections of $(A-B)$. If a word was equal to a section of $B$, then this would generate a section of $A$. Then I used a large spellchecking dictionary to see if the section of $A$ generated by guessing a section of $B$ contained any valid German words. If yes, it would print the guessed word in $B$, the section of $A$, and the corresponding section of the key. There was only a little bit of key material that was common to multiple results, but that was enough to establish how long they key was. From there, I modified my program so that I could interactively try to guess words and it would decrypt the rest of the text based on my guess. The messages were two articles from the local newspaper.
When I showed the decrypted messages to my teacher the next week, got annoyed, and accused me of cheating. Had I installed a keylogger on his machine? Had I rigged his encryption program to leak key material? Had I exploited the old Python random number generator that isn't really random enough for cryptography (but good enough for games and simulations)?
Then I explained my approach. My teacher insisted that this solution didn't count, because it relied on guessing words. It would never have worked on random numeric data. I was just lucky that the messages were written in a language I speak. I could have cheated by using a search engine to find the newspaper articles on the web.
Now the lesson you should take away from this is not that I am smart and teachers are sore losers.
Lesson one: Everybody can build an encryption scheme or security system that he himself can't defeat. That doesn't mean others can't defeat it. You can also create an secret alphabet to protect your teenage diary from your kid sister. It's not practical to use that as an encryption scheme for banking. Something that works for your diary will in all likelihood be inappropriate for online banking, never mind state secrets. You never know if a teenage diary won't be stolen by a determined thief who thinks it holds the secret to a Bitcoin wallet passphrase, or if someone is re-using his banking password in your online game.
Lesson two: When you build a security system, you often accidentally design around an "intended attack". If you build a lock to be especially pick-proof, a burglar can still kick in the door, or break a window. Or maybe a new variation of the old "slide a piece of paper under the door and push the key through" trick works. Non-security experts are especially susceptible to this. Experts in one domain are often blind to attacks/exploits that make use of a different domain. It's like the physicist who saw a magic show and thought it must be powerful magnets at work, when it was actually invisible ropes.
Lesson three: Sometimes a real world problem is a great toy problem, but the easy and didactic toy solution is a really bad real world solution. Encryption was a fun way to teach programming, not a good way to teach encryption. There are many problems like that, like 3D rendering, Chess AI, and neural networks, where the real-world solution is not just more sophisticated than the toy solution, but a completely different architecture with completely different data structures. My own interactive codebreaking program did not work like modern approaches works either.
Lesson four: Don't roll your own cryptography. Don't even implement a known encryption algorithm. Use a cryptography library. Chances are you are not Bruce Schneier or Dan J Bernstein. It's harder than you thought. Unless you are doing a toy programming project to teach programming, it's not a good idea. If you don't take this advice to heart, a teenager with something to prove, somebody much less knowledgeable but with more time on his hands, might cause you trouble.
350 notes
·
View notes
Text
Second-most audacious thing I did in my academic career happened in a cryptography exam. One question gave us a message to encrypt, the method we had to use, and some of the numbers that would be used. We were allowed to choose the remaining values for the encryption algorithm. We had to choose values that would be appropriate and show the process needed to calculate the encryption and decryption keys and show the encryption and decryption process.
The encryption method used exponents and modulo in the encryption and decryption process and instead of actually doing any math on it, I realized I could exploit Fermat's (pronounced fair-ma) little theorem (which the professor had taught earlier that semester) using the numbers the professor gave to make the encryption key equal to 1. As a result, I was able to skip the entire process of showing the encryption process, determining the decryption key, and decrypting the message, because the encryption key I made literally didn't change the message at all.
When I got the exam back, the professor made it very clear how annoyed he was with my answer but gave me full points because I did technically demonstrate how the algorithm works. I'm glad too cause that question was 20% of the exam grade.
He even called me out for my shenanigans when he went over the exam later and modified the question for future semesters to stop others from using my exploit.
183 notes
·
View notes
Text
Section 25. Always Now
#Section 25#Section Twentyfive#bands#musicians#punk#design#designers#Peter Saville#Grafica Industria#Brel Wik#Brett Wickens#typography#cryptography#record covers#album covers#albums
65 notes
·
View notes
Text
Tinkering with a simple shift cipher that outputs emojis since I want to actually make a "cute cipher" (re my primary social username), can you guess what this one says?
#cybersec#cryptography#no id for this one since i dont have a way to do that without giving too many cluea#*clues
34 notes
·
View notes
Text
Cryptography Enthusiasts Requested
As promised, a post about... something. Secret codes!
Several of the blog posts begin with "TRANSMISSION// [something here] // AURORA." The middle section is different in each of these-- one is text in Chinese, another one is Morse Code, and one is what Travis identified as shorthand for elements of the periodic table. I believe all of them probably have some kind of code, but I do not know enough about cryptography to begin with most of them.
Which is where we could use a hand! If anyone has any insight or ideas on any of these (as transcribed below), and would be willing to help us decode them, that would be fantastic!
From January 13, 2013:
TRANSMISSION // 032::3834K::00003 // AURORA
From February 11, 2013:
TRANSMISSION // 0002/02/00002012 // AURORA之動得?違言語?何意味?待・之押that should fix it.
Google Translate says the text here is Chinese (Traditional) and reads, "Can it move? Breaking the rules? What does it mean? Wait and pledge". However, Google translate is obviously not the greatest source, so confirmation or correction would be welcome.
From March 12, 2013:
TRANSMISSION // 052::9JU324::00005 // AURORA
From April 13, 2013:
TRANSMISSION//AURORA//RANDOMGIBBERISHFILTERMALFUNCTION07 RESTARTY/N?
This one seems pretty straightforward, but I'm including it in case others have additional insights.
From May 6 2013:
TRANSMISSION//AURORA//890::E6::FREQ–GK10//–./../…-/.//..-/…//–/—/-././-.–//SEND
The morse code here translates to "give us money".
From June 17 2013:
TRANSMISSION // UUDD::LRLR::BARTN // AURORA
From September 25 2013:
TRANSMISSION // AqPArT::GCaLeV::LiScSaCa // AURORA
Travis translated the elements here as: AqPArT: Aq: aqueous solution is a solution in which the solvent is water, Phosphorous, Argon, Titanium
GCaLeV: Gallium, Calcium, Lanthanum, Vanadium
LiScSaCa: Lithium, Scandium, Samarium, Calcium
For reasons I lack the chemistry knowledge to understand, he took these as numbers, or dates, and translated it as such: X/31205723/3216220.
So that what we've got so far! Thoughts?
#mod miralines#travis if you wanna chime in on those elements please do#the mechanisms#the mechs#cryptography
54 notes
·
View notes
Text
Guys I solved this code!!!!
(Spoiler under the cut)
It says “prepare for his coming” and holy shit baby, I AM PREPARED
27 notes
·
View notes