Designing cryptography (deployed now: X25519, Ed25519, ChaCha20, sntrup, Classic McEliece) to proactively reduce risks. Coined phrase "post-quantum" in 2003.

This profile is from a federated server and may be incomplete. View on remote instance

@djb@cr.yp.to avatar djb , to random

Major new release of djbsort, my library for sorting numeric arrays: https://sorting.cr.yp.to More AVX2 speed, more data types supported (int32, uint32, float32, int64, uint64, float64), many test improvements, easier-to-use packaging, more documentation, multi-library benchmarks.

@djb@cr.yp.to avatar djb , to random

Posted a fast demo https://cr.yp.to/2025/20251215-recover-isc-key.c for CVE-2025-40780, where https://gitlab.isc.org/isc-projects/bind9/-/commit/6876753c7ccd67d445a6a2341219fe79cff6c77f says it was "discovered during research for an upcoming academic paper" that BIND's ID RNG is predictable. The attack is easy; what's interesting is why such a poor RNG ended up deployed.

@djb@cr.yp.to avatar djb , to random

Impressed with the level of compatibility of the new memory-safe C/C++ compiler Fil-C (filcc, fil++; https://fil-c.org/) based on clang. Many libraries and applications that I've tried work under Fil-C without changes, and the exceptions haven't been hard to get working.

@djb@cr.yp.to avatar djb , to random

New blog post "MODPOD: The collapse of IETF's protections for dissent." https://blog.cr.yp.to/20251005-modpod.html --- Note that there's useful action here that you can take by "Tuesday October 7 (in any time zone)".

@djb@cr.yp.to avatar djb , to random

Interesting new overview "What we in the open world are messing up in trying to compete with big tech" from Bert Hubert: https://berthub.eu/articles/posts/what-the-open-world-must-do-better/ Hmmm, not sure about this part: "Your post-quantum crypto library does not need to be available as a service or have an attractive UI."

@djb@cr.yp.to avatar djb , to random

The gcc/clang excuse for changing program behavior, often introducing bugs and security holes (see https://www.usenix.org/system/files/usenixsecurity23-xu-jianhao.pdf), is performance. But a new paper https://web.ist.utl.pt/nuno.lopes/pubs/ub-pldi25.pdf modifies clang to eliminate most (all?) such changes, and finds negligible effect on benchmarks.

@djb@cr.yp.to avatar djb , to random

New blog post "McEliece standardization: Looking at what's happening, and analyzing rationales." https://blog.cr.yp.to/20250423-mceliece.html