Daniel J. Bernstein

@hashbreaker

Chicago, Illinois
cr.yp.to/djb.html
Joined July 2009
5 Photos and videos Photos and videos

Tweets

You blocked @hashbreaker

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @hashbreaker

  1. Aug 24

    PKE/KEM decryption failures strike again: Looks like Hamburg has broken the new (patented?) Round5 proposal to . Round5 is a semi-merge of HILA5 with the (patented) Round2 proposal; by "semi-merge" I mean that it has some new design elements in it.

    2 replies 11 retweets 20 likes
    Undo
  2. Aug 22

    The quote is excerpted from the entertaining collection of anonymous reviews of the original Curve25519 paper. See for more.

    1 retweet 12 likes
    Show this thread
    Show this thread
    Undo
  3. Aug 22

    Has anyone verified the details of ? This is the latest attack against NSA's Simon cipher. The central claim is that the smallest version of Simon is broken for 27 rounds, i.e., almost 85% of the full 32 rounds. Best previous result was 23, already scary.

    4 replies 15 retweets 36 likes
    Undo
  4. Retweeted
    Aug 21

    I wrote up (some of) my thoughts on Sunday's Encryption & Surveillance workshop, and why it was worth having even though LE officials are just going to pervert it for their own ends. cc

    2 replies 21 retweets 36 likes
    Undo
  5. Aug 19

    "Responsible disclosure" as defined by recalcitrant company where security is not job #1: you (1) find security problem, (2) write an exploit, (3) spend time discussing with company, (4) publish exploit. A better alternative, "accelerated responsible disclosure": do #4 before #3.

    3 replies 25 retweets 46 likes
    Undo
  6. Aug 19

    Unlike , I recommend: 1. Require+verify DH primality proofs, as in and . 2. Standardize primes so this is cheap. 3. Ignore nitwits writing "the appendix that shows that 3 numbers are prime should be removed."

    2 replies 6 retweets 31 likes
    Show this thread
    Show this thread
    Undo
  7. Retweeted
    Aug 14

    Trying again to get some attention for this. Please send your input to show that the new law still has issues. Openbare consultatie Wijziging Wiv 2017

    6 retweets 1 like
    Undo
  8. Aug 2

    Patching ACPI DSDT on your new Lenovo ThinkPad X1 Carbon 6th gen to get normal S3 suspend working under Linux? I'm looking for people to test a kernel patch so that the DSDT patch can be avoided in the future: Works for me.

    2 replies 7 retweets 13 likes
    Undo
  9. Jul 30

    To be clear, I recommend ChaCha20 instead of ChaCha8. It's hard to find applications where such a fast RNG is a bottleneck. More importantly, after DES and RSA-512 and SHA-1 and Sweet32 and so on, hasn't the cryptographic community learned to stop cutting things so close?

    9 retweets 28 likes
    Show this thread
    Show this thread
    Undo
  10. Jul 30

    It seems to me that the 3.02 number comes from Jan Wassenberg reimplementing ChaCha8 and then reimplementing some sort of RNG on top of that, instead of reusing existing (faster) ChaCha8 stream software and fast-key-erasure RNG software from the SUPERCOP software collection.

    1 reply 3 likes
    Show this thread
    Show this thread
    Undo
  11. Jul 30

    Puzzled by the comparative cycles/byte claims for Google's Randen () on Westmere. 1.54 for Randen, ok, but 3.02 for ChaCha8? I see 1.34 for ChaCha8 generating 1536 bytes, so 1536-byte fast-key-erasure RNG () should be well under 1.54.

    1 reply 14 likes
    Show this thread
    Show this thread
    Undo
  12. Jul 29

    New djbsort release, version 20180729: Rewritten avx2 code (fully supported by latest verifier), now just 7328 Haswell cycles for the int32_sort(x,1024) benchmark. Large arrays are now sorted in place. Types now supported: int32, uint32, float32.

    1 reply 15 retweets 55 likes
    Undo
  13. Retweeted
    Jul 27

    Will be talking about cryptanalysis of ; hope to see you there!

    Is your safe? Workshop on Attacks in Cryptography! Featuring experts , , , , , & more! Aug 18 Register now!
    5 retweets 12 likes
    Undo
  14. Retweeted
    Jul 20

    It's not looking good for tri-linear maps. See Ben Smith's rump session talk at

    1 reply 12 retweets 29 likes
    Undo
  15. Jul 19

    Slides now available from rump session:

    4 retweets 9 likes
    Undo
  16. Jul 17

    New djbsort release, version 20180717: Verification now handles all five int32 implementations (avx2, portable1, portable2, portable3, portable4). API now provides both int32_sort and uint32_sort.

    19 retweets 34 likes
    Undo
  17. Retweeted
    Jul 16

    ... and just in time we've posted all deliverables and libraries (libpqcrypto, pqm4, pqhw) from PQCRYPTO: Also check out our scientific papers and talk slides!

    8 retweets 13 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    Jul 16

    Tomorrow (17 July) Wouter Castryck will present the achievements of PQCRYPTO to the HWP on Cyber Security.

    1 reply 4 retweets 5 likes
    Show this thread
    Show this thread
    Undo
  19. Retweeted
    Jul 16

    More in news: Partner Academia Sinica organized a PQCRYPTO Mini-School and Workshop. Slides from the talks are now online at

    5 retweets 6 likes
    Undo
  20. Jul 14

    "Sorting integer arrays: security, speed, and verification." Slides for first djbsort talk now available:

    1 reply 28 retweets 78 likes
    Undo

@hashbreaker hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·