Matthew Green
@matthewdgreen.bsky.social
I teach cryptography at Johns Hopkins. https://blog.cryptographyengineering.com
Reposted by Matthew Green
The Trump administration's cybersecurity policies are indistinguishable from a foreign attack.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
Trump Cybersecurity Policy Is Indistinguishable From A Foreign Attack
Last year almost a dozen major U.S. ISPs were the victim of a massive, historic intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Ty…
www.techdirt.com
November 7, 2025 at 3:05 PM
The Trump administration's cybersecurity policies are indistinguishable from a foreign attack.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
In many ways they're worse, given they're wrapped in layers of phony operational efficiency.
Imagine how bad things are going to be when these morons actually stumble into AI.
November 8, 2025 at 12:04 AM
Imagine how bad things are going to be when these morons actually stumble into AI.
I was brought up in the era of “without random oracles” and so the increasing dependence on weird random oracle stuff in all our crypto really bums me out.
November 7, 2025 at 4:02 PM
I was brought up in the era of “without random oracles” and so the increasing dependence on weird random oracle stuff in all our crypto really bums me out.
The password has been changed to “Louvre2”, don’t worry
November 3, 2025 at 11:57 PM
The password has been changed to “Louvre2”, don’t worry
Reposted by Matthew Green
November 3, 2025 at 5:56 PM
Reposted by Matthew Green
It's one month until Australia's internet will drastically change. Here's what I'm doing to cover it:
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
November 2, 2025 at 10:42 AM
It's one month until Australia's internet will drastically change. Here's what I'm doing to cover it:
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
(PS: I’ve set up a mailing list to send out an email when I have an article come out, instead of than hoping that an algorithm will serve it to you: camwilson.beehiiv.co...)
I remain not panicked about side channel attacks.
November 2, 2025 at 9:46 PM
I remain not panicked about side channel attacks.
Wow hardcover books have become luxury items all of a sudden.
November 2, 2025 at 4:20 PM
Wow hardcover books have become luxury items all of a sudden.
Did Apple push the “make old iPhone batteries die really fast” update this week?
November 1, 2025 at 11:06 PM
Did Apple push the “make old iPhone batteries die really fast” update this week?
Reposted by Matthew Green
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
November 1, 2025 at 7:02 PM
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
I’m no expert, but it seems like with a little processing you could get a lot of facial information from a thin mask drawn tight against the wearer’s face. Apropos of nothing much.
November 1, 2025 at 5:36 PM
I’m no expert, but it seems like with a little processing you could get a lot of facial information from a thin mask drawn tight against the wearer’s face. Apropos of nothing much.
Reposted by Matthew Green
Good news about chatcontrol: politiken.dk/viden/art106...
Hummelgaard opgiver kontroversielt forslag om overvågning
Viden og Tech | Vi dækker den teknologiske verden, ai og tech-giganternes evige kamp. Læs om den digitale velfærdsstat i temaet 'Den digitale underklasse'.
politiken.dk
October 31, 2025 at 7:01 AM
Good news about chatcontrol: politiken.dk/viden/art106...
Reposted by Matthew Green
The trajectory for digital ID and infrastructure was mainly stagnant for years because of the lack of public demand for it (for obvious reasons). But once governments and businesses saw ways to use it to allegedly prevent fraud and age gate the web, that was a large incentive to roll this out faster
October 31, 2025 at 11:30 AM
The trajectory for digital ID and infrastructure was mainly stagnant for years because of the lack of public demand for it (for obvious reasons). But once governments and businesses saw ways to use it to allegedly prevent fraud and age gate the web, that was a large incentive to roll this out faster
Reposted by Matthew Green
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
FCC will vote to scrap telecom cybersecurity requirements
The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.
www.cybersecuritydive.com
October 30, 2025 at 5:59 PM
Sure, why require telcos to have cybersecurity plans? www.cybersecuritydive.com/news/fcc-cyb...
Reposted by Matthew Green
The PRF extension is designed to be used for end-to-end encryption. It's a good fit for them!
bitwarden.com/blog/prf-web...
bitwarden.com/blog/prf-web...
PRF WebAuthn and its role in passkeys | Bitwarden
Accessing and unlocking the Bitwarden vault with a passkey leverages an extension for WebAuthn called the pseudo-random function or PRF. Learn more about this leading-edge standard and how it may impa...
bitwarden.com
October 30, 2025 at 1:21 PM
The PRF extension is designed to be used for end-to-end encryption. It's a good fit for them!
bitwarden.com/blog/prf-web...
bitwarden.com/blog/prf-web...
Reposted by Matthew Green
what; Passkeys are a web-based authentication scheme, not an encryption scheme
October 30, 2025 at 1:14 PM
what; Passkeys are a web-based authentication scheme, not an encryption scheme
Not to brag, but I’m a two time Test of Time winner now. Ok I’m bragging.
October 29, 2025 at 8:13 PM
Not to brag, but I’m a two time Test of Time winner now. Ok I’m bragging.
Reposted by Matthew Green
Every time I see physical attacks on TEEs, I wish someone would put out a position paper on @hdevalence.bsky.social 's "guy with a glock" model
x.com/hdevalence/s...
x.com/hdevalence/s...
October 29, 2025 at 4:46 PM
Every time I see physical attacks on TEEs, I wish someone would put out a position paper on @hdevalence.bsky.social 's "guy with a glock" model
x.com/hdevalence/s...
x.com/hdevalence/s...
Reposted by Matthew Green
New incredible detail here: ICE says a match in its facial recognition app Mobile Fortify is a "definitive" determination of a person's status, and that this overrides birth certificates. This is an app ICE is using in the field to scan people
www.404media.co/ice-and-cbp-...
www.404media.co/ice-and-cbp-...
October 29, 2025 at 3:03 PM
New incredible detail here: ICE says a match in its facial recognition app Mobile Fortify is a "definitive" determination of a person's status, and that this overrides birth certificates. This is an app ICE is using in the field to scan people
www.404media.co/ice-and-cbp-...
www.404media.co/ice-and-cbp-...
Great article about how TEEs are providing much less security than folks believe they will. arstechnica.com/security/202...
New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel
On-chip TEEs withstand rooted OSes but fall instantly to cheap physical attacks.
arstechnica.com
October 29, 2025 at 4:30 PM
Great article about how TEEs are providing much less security than folks believe they will. arstechnica.com/security/202...
I know this is an old point, but normally-trained engineers are really bad at imagining how systems can operate outside their design constraints.
October 24, 2025 at 10:20 AM
I know this is an old point, but normally-trained engineers are really bad at imagining how systems can operate outside their design constraints.
Reposted by Matthew Green
This story from @lorenzofb.bsky.social is absolutely wild. Totally worth a read!
techcrunch.com/2025/10/21/a...
techcrunch.com/2025/10/21/a...
Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware
A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and was fired. Weeks later, Apple notified him that his personal iPhone was targeted with...
techcrunch.com
October 22, 2025 at 9:29 PM
This story from @lorenzofb.bsky.social is absolutely wild. Totally worth a read!
techcrunch.com/2025/10/21/a...
techcrunch.com/2025/10/21/a...
I spent yesterday outlining my theory to ChatGPT that the NSA totally has a classical discrete log break and “PQC transition” is just cover. chatgpt.com/share/68f705...
ChatGPT - NSA ECDLP Algorithm Impact
Shared via ChatGPT
chatgpt.com
October 22, 2025 at 9:02 PM
I spent yesterday outlining my theory to ChatGPT that the NSA totally has a classical discrete log break and “PQC transition” is just cover. chatgpt.com/share/68f705...
A little baffled by European hotel room doors. Isn’t there supposed to be a lock here? Instead there’s a little button that says “privacy”. What does that do?
October 22, 2025 at 9:00 PM
A little baffled by European hotel room doors. Isn’t there supposed to be a lock here? Instead there’s a little button that says “privacy”. What does that do?