Introducing PolyCrypt

Some time ago, a user named Steven uncovered a weakness in the FibonaRNG cipher, leading to this other post as a reply. At that time, I did not think that FibonaRNG needed to be strengthened, but recently I have realized that it would not be very difficult to remove that weakness. The result is PolyCrypt. The “Poly” bit comes from the fact that it can not only add security, but also remove it, making it a good platform to test classic human-computable ciphers.

Read More

PassLok vs. Minilock – 9 years later

I confess that the development of PassLok learned a lot from a competing app called MiniLock, by Nadim Kobeissi. That app got a lot of press when it was launched 9 years ago but is now defunct. In fact, its successor is also defunct, and so is its successor’s successor. Meanwhile PassLok continues delivering various crypto-related functions and spawning new children. This post collects some of that history and tries to get at the root causes for such a diverse outcome. Morale: sometimes slower is better.

Read More

Sharing files confidentially in 2023

Problem: A well-defined group of people formerly working at a single location used to pass along pieces of paper containing confidential information so group members could comment and expand. But after covid they find it hard to get together in one place and, since every member has a computer, they would like to be able to do it online. But confidentiality remains very important, along with integrity of the information. What can they do?

Read More

Two-Factor Nightmares

Chances are that by now many readers will have moved on to Two-Factor Authentication (2FA) for their most sensitive logins. The industry has been relentless in its support of this feature, sometimes forcing it on you for your own good. But not everything has been a field of daisies. I had a near-miss this very morning, which encouraged me to write this cautionary tale and offer some solutions you may find useful.

Read More

More control for your keyboard

The Casio keyboard I bought a few months ago to learn piano is working great, but it does not give me a lot of control over the sound, since it’s relatively inexpensive. For instance, it has no native way to quiet down a layered instrument so it doesn’t overpower the base sound. This is has been reported by many owners. I found a simple solution that likely is valid for most modern keyboards from most brands.

Read More