Stand back... I'm going to write some code.
kuijsten
bonked 28 Feb 2026 17:06 +0100
original: nilix@cafe.nilfm.cc
#honkers ; does anybody know what happened to Ted? Also does anybody have an up-to-date clone of honk? it appears the version i'm running is newer than the version i have the source for and the wayback machine doesn't have consistent snapshots of the source :<
@GrapheneOS any idea if a recent Pixel with your OS is vulnerable to any of the new airsnitch attacks?
kuijsten
bonked 28 Feb 2026 06:48 +0100
original: vanhoefm@infosec.exchange
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others. NDSS'26 paper: https://www.ndss-symposium.org/wp-content/uploads/2026-f1282-paper.pdf Excellent article on the work by Dan Goodin: https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/ I'd say we bypass Wi-Fi encryption, in the sense that we can bypass client isolation. We don't break Wi-Fi authentication or encryption. Crypto is often bypassed instead of broken. And we bypass it ;)
GitHub: https://github.com/vanhoefm/airsnitch
kuijsten
honked back 27 Feb 2026 16:57 +0100
in reply to: https://jasette.facil.services/users/plutocrash/statuses/116138065811800131
kuijsten
honked back 17 Feb 2026 15:18 +0100
in reply to: https://exquisite.social/users/mischa/statuses/115928807683569375
@mischa sorry only see it now :) The back and forth was about getting a replacement module, it being shipped to the wrong address, missing a memory module, summer holiday, etc. etc. Apart from the summer holidays they were quite responsive.
kuijsten
honked back 19 Jan 2026 19:38 +0100
in reply to: https://exquisite.social/users/mischa/statuses/115887434653018434
kuijsten
honked back 23 Dec 2025 11:00 +0100
in reply to: https://cybervillains.com/users/djm/statuses/111255948769148166
@damienmiller could you elaborate a bit on how manifest v3 can mitigate supply chain attacks? There's nothing that can stop a hijacked developer account pushing a new malicious update, is there? As stated here: https://cybervillains.com/@djm/111255948769148166 in this (old) thread https://infosec.exchange/@lcamtuf/111253626757075766
snaps v1 is released! a backup program to backup untrusted hosts and protects for example against the rsync exploits from last year (https://phrack.org/issues/72/11_md#article) After running the beta release since 2018 reliably, it is time to call it stable.
kuijsten
honked back 11 Oct 2025 21:38 +0200
in reply to: https://exquisite.social/users/mischa/statuses/115349666290498337
kuijsten
honked back 08 Oct 2025 16:23 +0200
in reply to: https://chaos.social/users/kora/statuses/115338622636725761
@kora right, makes sense. blake3 came after one of the blake authors realizing there is "Too Much Crypto":
1. https://eprint.iacr.org/2019/1492.pdf
2. https://www.youtube.com/watch?v=u9wPIWZYxLw
3. https://toomuchcrypto.xyz/
kuijsten
honked back 08 Oct 2025 11:22 +0200
in reply to: https://chaos.social/users/kora/statuses/115334905654998639
@kora I see Noise stateful hash objects mentioned in the blake3 paper and because of past fame with blake2, especially w.r.t. the Noise framework.
Hi @kora, thanks for making rosenpass, it looks very well composed and engineered! Question, has blake3 been considered for rosenpass and what were the reasons to settle on shake256 instead?
kuijsten
honked back 12 Sep 2025 10:17 +0200
in reply to: https://abyssdomain.expert/users/filippo/statuses/115187635770215574
hi @filippo The Go chachapoly source has a comment that states: https://cs.opensource.google/go/x/crypto/+/master:chacha20poly1305/chacha20poly1305.go;l=22-24` According to the birthday paradox I would have expected a higher number of safe key re-use, at most 2^48 times for this 96 bit nonce. Do you know why 2^32 is stated?
// Note that this is too short to be safely generated at random if the same
// key is reused more than 2³² times.
NonceSize = 12