Archive

May 2025

• May 2, 2025 » GitHub Actions is Someone Else's Computer

June 2024

• June 27, 2024 » CVE-2024-5535: `SSL_select_next_proto` buffer overread

October 2023

• October 30, 2023 » Replacing a C library: a testing strategy

June 2020

• June 14, 2020 » Third-party audit of rustls

July 2019

• July 2, 2019 » rustls versus OpenSSL: bulk performance
• July 2, 2019 » rustls versus OpenSSL: handshake performance
• July 2, 2019 » rustls versus OpenSSL: memory usage
• July 2, 2019 » rustls versus OpenSSL: resumption performance
• July 1, 2019 » TLS performance: rustls versus OpenSSL

May 2018

• May 28, 2018 » rustls: modern, faster, safer TLS

January 2018

• January 7, 2018 » TLS bulk performance: rustls versus OpenSSL

July 2017

• July 19, 2017 » Measuring test coverage of Rust libraries

April 2017

• April 3, 2017 » rustls: A Modern, Pure-Rust TLS Library

January 2016

• January 17, 2016 » Using SGX to harden password hashing

November 2015

• November 23, 2015 » Abusing U2F to 'store' keys

August 2015

• August 11, 2015 » PBKDF2: performance matters

July 2015

• July 1, 2015 » Lucky 13 in Amazon S2N

June 2015

• June 11, 2015 » CVE-2015-1788: OpenSSL ECC binpoly denial of service
• June 1, 2015 » Benchmarking Modern Authenticated Encryption on €1 devices

May 2015

• May 28, 2015 » Audio as a low-bandwidth authentic channel

October 2014

• October 21, 2014 » Public comment on FIDO U2F standard

August 2014

• August 28, 2014 » libotr: the code review

June 2014

• June 28, 2014 » How to monetise the IoT through energy markets

April 2014

• April 7, 2014 » Android keystore key leakage between security domains

January 2014

• January 16, 2014 » Analysis of the OpenSSL random API

December 2013

• December 17, 2013 » A novel countermeasure against CRIME and BREACH

September 2013

• September 9, 2013 » TLS128: A secure profile for TLS

August 2013

• August 15, 2013 » Android SecureRandom vulnerability guess

July 2013

• July 7, 2013 » TLS downgrade behaviour