Pascal Junod
LightNews LightNews
cryptopathe.me
Pascal Junod
@cryptopathe.me
810 followers 740 following 160 posts
applied cryptographer - certified nerd god - head of cryptography & research at duokey - founder modulo p - ex-Snap - co-founder ex-strong.codes - has-been professor - trail runner - aidjolat
Posts Replies Media Videos
Reposted by Pascal Junod
cryspen.com
Excited to share our latest work on formally verifying the Rust standard library! We developed a new methodology to specify and test the Rust core library, helping to find and fix a bug in Rust's platform-specific SIMD functions.

Learn more about our approach: buff.ly/IwMkWVm
Formally Specifying and Testing the Rust Standard Library
Cryspen found and fixed bugs in the Rust SIMD libraries using formal specs
cryspen.com
October 29, 2025 at 9:47 AM
Reposted by Pascal Junod
meredithmeredith.bsky.social
📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).

It’s also concerning. 1/
meredithmeredith.bsky.social Meredith Whittaker @meredithmeredith.bsky.social · 23d
PSA: we're aware that Signal is down for some people. This appears to be related to a major AWS outage. Stand by.
October 27, 2025 at 10:38 AM
Reposted by Pascal Junod
preskill.bsky.social
When and how will quantum computing broadly benefit humanity? Despite exhilarating recent progress, we still don’t know. Here my friend Jens Eisert and I assess the current status and the challenges ahead.
arxiv.org/abs/2510.19928
Mind the gaps: The fraught road to quantum advantage
Quantum computing is advancing rapidly, yet substantial gaps separate today's noisy intermediate-scale quantum (NISQ) devices from tomorrow's fault-tolerant application-scale (FASQ) machines. We ident...
arxiv.org
October 24, 2025 at 4:40 AM
cryptopathe.me
The morning taste of cryptography standards NOT defining test vectors for edge cases...
October 22, 2025 at 8:15 AM
cryptopathe.me
👀
Meta Uncovers RDSEED Architectural Issue In AMD Zen 5 CPUs
Over the years we have seen various workarounds like disabling RDSEED for select AMD CPUs due to hardware bugs and early on in the Zen days were also some RdRand issues due to different problems
www.phoronix.com
October 20, 2025 at 12:12 PM
Reposted by Pascal Junod
tree.fail
It's striking how first-generation hackers dismissed pseudonyms as juvenile while championing freedom - not realizing that persistent identity would become the foundation of surveillance capitalism.

www.catb.org/~esr/faqs/ha...
The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser.
October 17, 2025 at 10:48 AM
Reposted by Pascal Junod
threema.ch
You don’t need a reason to protect your privacy.
October 17, 2025 at 8:32 AM
Reposted by Pascal Junod
matthewdgreen.bsky.social
This is amazing research by Nadia Heninger and her co-authors Wenyi Morty Zhang, Annie Dai, Keegan Ryan, Dave Levin and Aaron Schulman. TL;DR a huge number of satellite links over our heads are totally unencrypted. satcom.sysnet.ucsd.edu
🛰️ SATCOM Security
Research project homepage for SATCOM Security: papers, source code, and recent satellite communications vulnerabilities.
satcom.sysnet.ucsd.edu
October 14, 2025 at 1:16 AM
cryptopathe.me
👀 ⬇️
campuscodi.risky.biz Catalin Cimpanu @campuscodi.risky.biz · 28d
Firefox 144 is out with hardened encryption for locally stored passwords

www.firefox.com/en-US/firefo...
October 14, 2025 at 2:12 PM
Reposted by Pascal Junod
gregoirebarbey.com
L'intelligence artificielle est-elle l'infrastructure du techno-fascisme? J'ai reçu @nastasiahadjadji.bsky.social et @oliviertesquet.bsky.social, auteurs d'Apocalypse Nerds (Ed. Divergences) pour en parler dans ce nouvel épisode www.letemps.ch/podcasts/ia-...
Podcast – L'intelligence artificielle, infrastructure du techno-fascisme? - Le Temps
Une partie non négligeable des investisseurs et entrepreneurs de la Silicon Valley ne cachent pas leur fascination pour des idées eugénistes, racialistes et anti-démocratiques. IA qu'à m'expliquer reç...
www.letemps.ch
October 13, 2025 at 7:48 AM
cryptopathe.me
Looks obvious to me...
ccanonne.github.io Clément Canonne @ccanonne.github.io · Oct 3
I... I just don't know what to do
A red button, with a label taped on it that says PLEASE DO NOT PRESS
October 3, 2025 at 6:55 AM
Reposted by Pascal Junod
financialtimes.com
The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users’ data on.ft.com/4nonyx0
October 1, 2025 at 2:10 PM
cryptopathe.me
Everybody knows Levenshtein distance, but only @cosic.bsky.social people know Leuvenshtein distance.
Created by Wouter Leiet, COSIC - KU Leuven / Accelerated on FPGA by Belfort / Leuvenshtein Database Demo / Preprocessing / Encrypting and processing the database
September 30, 2025 at 7:58 AM
cryptopathe.me
googleprojectzero.blogspot.com/2025/09/poin... ⬅️ 😍
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how...
googleprojectzero.blogspot.com
September 29, 2025 at 9:00 AM
Reposted by Pascal Junod
matthewdgreen.bsky.social
I’m flagging this nice book/paper on FHE schemes not necessarily because it’s correct and I endorse it, but because it looks pretty useful. arxiv.org/pdf/2503.05136
arxiv.org
September 22, 2025 at 7:21 PM
Reposted by Pascal Junod
quarkslab.bsky.social
RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀
In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
Security review of PHP documentation - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.
blog.quarkslab.com
September 22, 2025 at 3:51 PM
Reposted by Pascal Junod
durumcrustulum.com
a bug in this may have already been found
September 17, 2025 at 11:27 PM
Reposted by Pascal Junod
durumcrustulum.com
not again

arxiv.org/pdf/2509.12341
September 17, 2025 at 10:03 PM
Reposted by Pascal Junod
halvarflake.bsky.social
I have often stated that well-implemented memory tagging will be a game changer for memory corruptions. And it seems that with the next iPhone it's finally here: security.apple.com/blog/memory-...
Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our adv...
security.apple.com
September 10, 2025 at 8:06 AM
Reposted by Pascal Junod
cosic.bsky.social
Check out the new open letter signed by more than 450 scientists who have serious concerns on the latest (July 2025) version of the chat control proposal. csa-scientist-open-letter.org/Sep2025
csa-scientist-open-letter.org
September 9, 2025 at 9:00 AM
Reposted by Pascal Junod
signal.org
Until now, if you lost or broke your phone, your Signal message history was *gone,* a real challenge for everyone whose most important conversations happen in Signal. So, with careful design and development, we’re rolling out opt-in secure backups.

signal.org/blog/introducing-secure-backups
Introducing Signal Secure Backups
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal. Think family photos, sweet...
signal.org
September 8, 2025 at 4:03 PM
cryptopathe.me
"Stefan Wolf, der Gastgeber der Runde, formuliert seine Sorge klar: Die E-ID führe zur Überidentifizierung. [...] Wolf befürchtet, dass die E-ID mit der Zeit faktisch obligatorisch würde, selbst für Alltägliches wie den Einkauf in einem Onlineshop." ⬅️ Stefan nails it, this is a very valid point.
August 21, 2025 at 7:50 AM
Reposted by Pascal Junod
grapheneos.org
Swissquote has launched official support for GrapheneOS for their main app instead of it only being available for Yuh:

play.google.com/store/apps/d...

> What’s new
> - We now officially support GrapheneOS!
> - Bug fixes and minor improvements

They're verifying GrapheneOS via hardware attestation.
Swissquote - Apps on Google Play
Trade, invest and bank! Your all-in-one banking solution for smarter finances.
play.google.com
August 20, 2025 at 7:09 PM
cryptopathe.me
We can agree on this point, and the security community is well aware of this fact. Yet, this is also the case for e.g., many important open-source projects that have experienced some success.
gro-tsen.bsky.social Gro-Tsen @gro-tsen.bsky.social · Aug 12
And it misses the point, because the problem isn't just complexity, it's also the creation of a single point of failure: “Let's Encrypt” could either be taken down by a DDOS attack, or it could go out of business. And this would take down something like half of the Web.
August 12, 2025 at 12:04 PM