I have written a fairly long article, entitled “Can a Tabula Recta provide security in the XXI Century?” combining several posts from this website. The overarching assumption is that, in a world where connected computers are everywhere, we may get to a point where no electronic means within a given person’s reach can be trusted. What then? Use low-tech means that have been tweaked and optimized using computers, to stand against computer-aided attack if if comes to that. You can find the article here.
Some time ago, I wrote this post about enhancing the built-in sounds of a Casio keyboard, and possibly most other keyboards as well, but I was still unsatisfied because of having to mess with virtual buttons and sliders, which feel unnatural when you are in the thrall of music making. But then, Santa Claus dropped a Korg Nanokontrol2 down my chimney. Now I’ve got all of that intuitive nuance I was missing, plus some, courtesy of the Casio MIDI implementation. This article is essentially the same I posted at the Casio Music Forum a few weeks back, so I’m forgiving my self-plagiarism and reposting it here.
Under wraps for quite some time, now that it is Patent Pending I can finally talk here about one of my latest inventions, the Flutino. It is likely the world’s smallest (playable) musical instrument. It has a range approaching two octaves and loudness over 100 dB. Better yet: it works in every scale, and never needs tuning or even batteries. No fingerings to learn, and you can be playing another instrument (or anything, really) at the same time. You can sound like a pro in very little time.
Some time ago, a user named Steven uncovered a weakness in the FibonaRNG cipher, leading to this other post as a reply. At that time, I did not think that FibonaRNG needed to be strengthened, but recently I have realized that it would not be very difficult to remove that weakness. The result is PolyCrypt. The “Poly” bit comes from the fact that it can not only add security, but also remove it, making it a good platform to test classic human-computable ciphers.
I confess that the development of PassLok learned a lot from a competing app called MiniLock, by Nadim Kobeissi. That app got a lot of press when it was launched 9 years ago but is now defunct. In fact, its successor is also defunct, and so is its successor’s successor. Meanwhile PassLok continues delivering various crypto-related functions and spawning new children. This post collects some of that history and tries to get at the root causes for such a diverse outcome. Morale: sometimes slower is better.
I have mentioned my new app for adding zero-knowledge encryption to file sharing services that don’t have it natively in this and this other post. Right now I have a group of alpha testers uncovering bugs, and the first one coming in is that the instructions on the app itself are rather terse. This post hopefully will help users as well as group administrators.
Problem: A well-defined group of people formerly working at a single location used to pass along pieces of paper containing confidential information so group members could comment and expand. But after covid they find it hard to get together in one place and, since every member has a computer, they would like to be able to do it online. But confidentiality remains very important, along with integrity of the information. What can they do?
Chances are that by now many readers will have moved on to Two-Factor Authentication (2FA) for their most sensitive logins. The industry has been relentless in its support of this feature, sometimes forcing it on you for your own good. But not everything has been a field of daisies. I had a near-miss this very morning, which encouraged me to write this cautionary tale and offer some solutions you may find useful.