Large File Decryption using , and

Decrypting large files that do not fit in RAM is a very old problem and unfortunately, there are no good solutions for them.
Streaming is certainly NOT a good solution.
In this article, I try to explain the challenges and I present a possible solution that I believe is secure, using a bunch of Linux syscalls and an excellent crypto library written in Go: Nacl.

broken-by-design.fr/posts/larg

Déchiffrement sécurisé de gros fichiers, grâce à

Je sais que le titre ne fait pas rêver, mais en réalité, chiffrer/déchiffrer des gros fichiers de manière sécurisée est beaucoup plus difficile qu'il n'y parait. J'ai mis des années à trouver cette recette, inspirée de mes échanges à l'ANSSI, mais aussi de mon expérience sur le terrain depuis.

Et quand je dis "grâce à Linux", je ne bluffe pas. C'est truffé de syscalls et d'astuces système :)

broken-by-design.fr/posts/larg

I just wrote a tiny Go library to decrypt large files with nacl/box.
The goal is to illustrate how to do it, more than provide a real library. Maybe I'll add support for box.Open, for instance.

I have a blog post (in French, at the moment) on the way to explain the reasons behind this library.

Obviously, this is only compatible with Linux and other compatible kernels.

github.com/X-Cli/large-file-de

Reviews appreciated :)

X_Cli boosted

Email was, and still is today, the most federated, open, and critically important communication system on the Internet.

utcc.utoronto.ca/~cks/space/bl

A few months ago, they told us to never get to the vaccination center more than 5 minutes before the appointment to limit the people you would cross path with. And now that we are facing Omicron, the most contagious of all the variants we have seen to this day, they ask us to queue for hours to get the vaccine. How dumb are they?

What blogging software do you recommend?

I am currently using a static site generator (hugo). While I appreciate it a lot, I am a bit frustrated by the workflow, because I cannot blog easily from my phone, or a chromebook, except if I setup an email hook, or something similar. I would love a simple solution to recommend to non-techies.
I considered Writefreely and @writeas_dev that are excellent, but it looks like the developer burned out 6 months ago and there are no activity since then 😣

Yes, I appreciate the irony of posting this on a microblogging platform.
I believe that unfortunately, a transition period is necessary for people to organize their departure of the microblogging platforms and to build a collection of feeds that we keep them informed once they are no longer fed automatically by the timelines.

Do you share that opinion? If not, I would love to read your opinion on this topic.

Show thread

After a decade of social media and microblogging, I am now convinced that microblogging is no different than comment sections: a toxic environment full of people that have nothing meaningful, relevent nor positive to say.
I believe that to restore our mental health, to reduce the influence from political propaganda, conspirationism and other sources of misleading "information", we ought to avoid social media at all costs and go back to media that are more composed, thoughtful: full-blown blogs

X_Cli boosted

Of course somebody did this...
nitter.eu/mlsec/status/1469374

"""
Did you know that a normal LED can also receive light? 🚨

It can! In this paper, we point a laser at build-in LEDs of offices devices and transmit data to their firmware. This covert communication can bridge 25m with a throughput of 128 kbps.
"""

Full paper:
intellisec.de/pubs/2021-acsac.

#InfoSec

Never heard about this before, but it looks like a good idea to me toneindicators.carrd.co/

/srs

X_Cli boosted

Presse, soutien, Blast 

La presse n'est indépendante que si elle a des financeurs indépendants ou de profils variés (lecteurs ou mécènes).

@blast_info a besoin de votre soutien pour continuer d'exister. Ils sont dans la phase de recherche de stabilité financière.
À titre perso, je crois en Blast et a son utilité publique ; je suis abonné, et j'ai donné 360 euros en don (défiscalisable), soit l'équivalent de 5 abonnements de un an, en plus du mien.

Pourriez-vous contribuer si vous le pouvez ?

X_Cli boosted

Q: What do say you say when the DNS server is broken?

A: nslookdown.

X_Cli boosted

Cool! Breakout rooms just landed in #Jitsi! Makes it suddenly a whole lot more interesting to use for schools & universities.
github.com/jitsi/jitsi-meet/pu #VideoConferencing #VideoCall

Je crois qu'il y a qqn qui a besoin d'apprendre ce qu'est l'effet Streisand. Quelqu'un a une copie du dessin, svp ?

Gilets jaunes : deux personnes interpellées à Paris après un dessin jugé «outrageant» contre Macron

Deux personnes présentes à la manifestation parisienne des «Gilets jaunes» ont été placées en garde à vue le 20 novembre en raison d'un dessin jugé «outrageant» mettant en scène Emmanuel Macron, le préfet de police et Joe Biden.

francais.rt.com/france/92829-g

infosec.exchange/media/wiqLBeM

X_Cli boosted
X_Cli boosted

RT @zkat__@twitter.com

but seriously, if you dismissed Matrix a year ago, or even _six months ago_, like I _definitely_ did, I think it's time to take another look and give it an honest shot.

No, it's not perfect.

But hot damn it's compelling...

🐦🔗: twitter.com/zkat__/status/1461

X_Cli boosted
X_Cli boosted

"I will pay you cash to delete your #npm module" ~ drewdevault.com/2021/11/16/Cas

"I do hope that this idea strikes fear in the hearts of any #node developers that read it, and in other programming language communities which have taken after npm. What are you going to do if one of your #dependencies vanishes? What if someone studies the minified code on your website, picks out an obscure dependency they find there, then bribes the maintainers?"

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.