@durumcrustulum, @tqbf, @davidcadrian. “Freewheelin’ dynamic”.
Joined August 2021
- Tweets 320
- Following 3
- Followers 1,750
- Likes 366
40 Photos and videos
Pinned Tweet
NEW EPISODE!
The gang learns a bitter lesson about AI and bug finding! Returning champion Nicholas Carlini is back to talk about Claude for vulnerability research.
securitycryptographywhatever…
youtube.com/watch?v=_IDbFLu9…
1
1
11
655
It is.
This bug is also fun: github.com/advisories/GHSA-v…
Did you know that South Korea invented their own block cipher and managed to get it to wolfSSL? Their cipher implementation of GCM mode is horribly broken. Kim Jung Un would love this!
2
9
37
11,981
Security Cryptography Whatever retweeted
Apr 11
THIS IS GOING JUST GREAT.
6
25
243
46,690
You can check out co-lead of this report Nicholas Carlini detailing his approach to finding vulns with models like Mythos in our latest episode
Apr 7
You can read a detailed technical report on the software vulnerabilities and exploits discovered by Claude Mythos Preview here: red.anthropic.com/2026/mytho…
1
1
3
438
Security Cryptography Whatever retweeted
Apr 7
If you visibly know what you're talking about, mic-dropping SIDH in conversations about MLKEM mostly signals that you have contempt for your audience, who you count on not to understand the distinction between isogenies and lattices.
1
1
6
1,653
Security Cryptography Whatever retweeted
Apr 7
It would help a lot if people would stop name-dropping SIDH any time anybody talks about how well we understand MLKEM (the Euro-sourced NIST contest winner, which we understand *quite* well).
1
1
6
787
Security Cryptography Whatever retweeted
Apr 7
This sounds obvious but I can't count how many people I've seen show up to say PQC is untrustworthy because SIDH was broken with a laptop. SIDH being broken says nothing about how safe/unsafe PQC is generally.
1
1
17
1,019
Security Cryptography Whatever retweeted
Apr 7
PQC isn't like a design philosophy, like Feistel vs. SPNs or FFDH vs. ECDH. It's a property some constructions have that others don't, about perceived/believed resistance to QC.
1
1
14
1,193
Security Cryptography Whatever retweeted
Apr 7
A thing you see over and over again in HN-type discussions of post-quantum cryptography is the implication that "post-quantum" is a kind of cryptography. No. PQC is a functional attribute of many different kinds of cryptography.
2
1
29
3,714
Security Cryptography Whatever retweeted
Apr 7
Fun time to be working in information/software security. The field is going out with a bang! First AI, then an imminent CRQC. We need, like, a big SCADA event to hit the trifecta.
6
15
143
16,977
Security Cryptography Whatever retweeted
Mar 27
Yeah, so, I'm going to have more to say about this later, but, for now... yeah.
securitycryptographywhatever…
3
30
227
39,745
Security Cryptography Whatever retweeted
Mar 26
chat is the vulnpocalypse real?
1
2
193
Security Cryptography Whatever retweeted
Mar 26
NEW EPISODE! In retrospect, if adderall'd up college kids can find vulnerabilities, it not that surprising today's foundation models can to. We talk to Nicholas Carlini about the Vulnpocalypse.
youtube.com/watch?v=_IDbFLu9…
1
1
2
4,049
It was @tqbf!
Feb 11
podcasts.apple.com/us/podcas…
Host (is it @tqbf) laughter at 28:19 cures cancer.
I joke CS is a karmic wheel but how did anyone now think imposing OSSL_PARAM at loss of C type checking was a good idea?
“It was not called PyRuby, it was called Topaz.”
Nextstep shoutout on point too.
1
3
461
obviously you have to do a string compare to load a nonce key in openssl 3
1
2
5
532
Security Cryptography Whatever retweeted
Feb 2
New episode! I have a cool jacket! Much cooler than OpenSSL 3!
securitycryptographywhatever…
New episode! We have returning champion Alex Gaynor and special guest Paul Kehrer to talk about running PyCA cryptography and how much OpenSSL 3 sucks.
1
5
487