Efficient Go APIs with the mid-stack inliner
> A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one.
Using Ed25519 Signing Keys For Encryption
> First, we need to understand the difference between Ed25519 and X25519. For that I recommend Montgomery curves and their arithmetic by Craig Costello and Benjamin Smith, which is where I learned most of the underlying mechanics of Montgomery curves. The high level summary is that the twisted Edwards curve used by Ed25519 and the Montgomery curve used by X25519 are birationally equivalent: you can convert points from one to the other, and they behave the same way.
A Go implementation of Poly1305 that makes sense
> Although it’s really a fraction of the complexity of e.g. elliptic curves, most of the implementations I’ve read look decidedly like magic, mysteriously multiplying values by enchanted constants, and shuffling bits like The Sorcerer’s Apprentice in Fantasia. Even the paper does not explain why and how its design decisions lead to faster code!
> Still, after reverse-engineering what the implementations were doing, I grew convinced that cryptography code could be perfectly understandable if only we commented it.
rustgo: calling Rust from Go
> This post is the story of a slightly-less-than-sane experiment to call Rust code from Go fast enough to replace assembly. No need to know Rust, or compiler internals, but knowing what a linker is would help.
Repost, but it’s just so delicious.
The scrypt parameters
> In this post I summed up how each parameter impacts the whole scrypt algorithm. Finally, I had a look at what parameters you should use in 2017.
We need to talk about Session Tickets
> Unfortunately, a combination of deployment realities and three design flaws makes them the weakest link in modern TLS, potentially turning limited key compromise into passive decryption of large amounts of traffic.
A look at how restic encrypts backups, some notes on encryption in go, how to use poly1305, etc.
Rustgo: Calling Rust from Go with near-zero overhead
Lots of information about calling conventions and frame pointers and object formats, etc.
Bleed of the week. A good write up of TLS session debugging, too.
I'm giving up on PGP
Not just the difficulty of using it, but of securing keys. How long can a key be kept secure?