2024

June

• June 27, 2024 » CVE-2024-5535: `SSL_select_next_proto` buffer overread

2023

October

• October 30, 2023 » Replacing a C library: a testing strategy

2020

June

• June 14, 2020 » Third-party audit of rustls

2019

July

• July 2, 2019 » rustls versus OpenSSL: resumption performance
• July 2, 2019 » rustls versus OpenSSL: memory usage
• July 2, 2019 » rustls versus OpenSSL: handshake performance
• July 2, 2019 » rustls versus OpenSSL: bulk performance
• July 1, 2019 » TLS performance: rustls versus OpenSSL

2018

May

• May 28, 2018 » rustls: modern, faster, safer TLS

January

• January 7, 2018 » TLS bulk performance: rustls versus OpenSSL

2017

July

• July 19, 2017 » Measuring test coverage of Rust libraries

April

• April 3, 2017 » rustls: A Modern, Pure-Rust TLS Library

2016

January

• January 17, 2016 » Using SGX to harden password hashing

2015

November

• November 23, 2015 » Abusing U2F to 'store' keys

August

• August 11, 2015 » PBKDF2: performance matters

July

• July 1, 2015 » Lucky 13 in Amazon S2N

June

• June 11, 2015 » CVE-2015-1788: OpenSSL ECC binpoly denial of service
• June 1, 2015 » Benchmarking Modern Authenticated Encryption on €1 devices

May

• May 28, 2015 » Audio as a low-bandwidth authentic channel

2014

October

• October 21, 2014 » Public comment on FIDO U2F standard

August

• August 28, 2014 » libotr: the code review

June

• June 28, 2014 » How to monetise the IoT through energy markets

April

• April 7, 2014 » Android keystore key leakage between security domains

January

• January 16, 2014 » Analysis of the OpenSSL random API

2013

December

• December 17, 2013 » A novel countermeasure against CRIME and BREACH

September

• September 9, 2013 » TLS128: A secure profile for TLS

August

• August 15, 2013 » Android SecureRandom vulnerability guess

July

• July 7, 2013 » TLS downgrade behaviour