Hacking together a USB-C charger for a cheap Chromebook
https://blog.filippo.io/usb-c-charger-for-a-cheap-chromebook/ [blog.filippo.io]
2020-04-19 13:39
tags:
hardware
solder
Only one thing won’t charge with USB-C, my awfully cheap ($190 for 4GB of RAM) Samsung Chromebook 3, a machine I use when I want the extra security of the Chrome OS platform. Instead, this laptop charges from an old-school 12V barrel connector, forcing me to carry around an extra brick.
What we need is called a “USB-C PD trigger”, a little board that negotiates a specific PD voltage with a charger. There are a few variants, including ones with a button to select the voltage, but the most common one is a tiny board with a female USB-C connector called ZYPDS.
Efficient Go APIs with the mid-stack inliner
https://blog.filippo.io/efficient-go-apis-with-the-inliner/ [blog.filippo.io]
2019-07-18 17:09
tags:
garbage-collection
go
malloc
perf
programming
A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one.
Using Ed25519 Signing Keys For Encryption
https://blog.filippo.io/using-ed25519-keys-for-encryption/ [blog.filippo.io]
2019-05-19 16:39
tags:
crypto
security
First, we need to understand the difference between Ed25519 and X25519. For that I recommend Montgomery curves and their arithmetic by Craig Costello and Benjamin Smith, which is where I learned most of the underlying mechanics of Montgomery curves. The high level summary is that the twisted Edwards curve used by Ed25519 and the Montgomery curve used by X25519 are birationally equivalent: you can convert points from one to the other, and they behave the same way.
source: HN
A Go implementation of Poly1305 that makes sense
https://blog.filippo.io/a-literate-go-implementation-of-poly1305/ [blog.filippo.io]
2019-04-04 02:52
tags:
crypto
development
go
math
programming
security
Although it’s really a fraction of the complexity of e.g. elliptic curves, most of the implementations I’ve read look decidedly like magic, mysteriously multiplying values by enchanted constants, and shuffling bits like The Sorcerer’s Apprentice in Fantasia. Even the paper does not explain why and how its design decisions lead to faster code!
Still, after reverse-engineering what the implementations were doing, I grew convinced that cryptography code could be perfectly understandable if only we commented it.
source: L
rustgo: calling Rust from Go
https://blog.filippo.io/rustgo/ [blog.filippo.io]
2019-03-16 03:40
tags:
development
dupe
go
library
programming
rust
turtles
This post is the story of a slightly-less-than-sane experiment to call Rust code from Go fast enough to replace assembly. No need to know Rust, or compiler internals, but knowing what a linker is would help.
Repost, but it’s just so delicious.
The scrypt parameters
https://blog.filippo.io/the-scrypt-parameters/ [blog.filippo.io]
2017-12-29 22:36
tags:
auth
crypto
hash
security
In this post I summed up how each parameter impacts the whole scrypt algorithm. Finally, I had a look at what parameters you should use in 2017.
We need to talk about Session Tickets
https://blog.filippo.io/we-need-to-talk-about-session-tickets/ [blog.filippo.io]
2017-09-29 02:14
tags:
crypto
networking
security
standard
Unfortunately, a combination of deployment realities and three design flaws makes them the weakest link in modern TLS, potentially turning limited key compromise into passive decryption of large amounts of traffic.
source: L
restic cryptography
https://blog.filippo.io/restic-cryptography/ [blog.filippo.io]
2017-08-30 05:16
tags:
crypto
go
investigation
programming
storage
swtools
A look at how restic encrypts backups, some notes on encryption in go, how to use poly1305, etc.
source: green
Rustgo: Calling Rust from Go with near-zero overhead
https://blog.filippo.io/rustgo/ [blog.filippo.io]
2017-08-16 01:40
tags:
compiler
go
perf
programming
rust
Lots of information about calling conventions and frame pointers and object formats, etc.
source: HN
Finding Ticketbleed
https://blog.filippo.io/finding-ticketbleed/ [blog.filippo.io]
2017-02-09 13:52
tags:
bugfix
crypto
exploit
investigation
networking
security
standard
web
Bleed of the week. A good write up of TLS session debugging, too.
I'm giving up on PGP
https://blog.filippo.io/giving-up-on-long-term-pgp/ [blog.filippo.io]
2016-12-06 19:54
tags:
networking
opsec
security
swtools
ux
Not just the difficulty of using it, but of securing keys. How long can a key be kept secure?