BLUE
Login
PostsUsersHashtags
Cconatusprinciple.bsky.social

Printed the text from a text-only Word/.docx file into markdown and org to compare file sizes just out of curiosity. The .docx was almost 10x as large as the .md file. #plaintext

0
Hhalvasweb.space

that's a security thing chromium tries saving secrets via secret service rather than in plaintext, and kde's secret service implementation happens to be kwallet but honestly you should probably use gnome-keyring, kwallet's crypto is sketchy as best

0
Ttaggart-tech.com

While trying to properly document Meta's use of public content for LLM training, I discovered they have a new "Privacy Center" that is _not_ plaintext by any means. Direct link: privacycenter.instag...

Popup on Meta's privacy center regarding generative AI training. We offer generative AI features that you can use to do things like get responses to questions and create images. We use public posts and comments on Facebook and Instagram to train generative AI models for these features and for the open source community. We don’t use posts or comments with an audience other than Public for these purposes.
1
d-toybox.bsky.social

Intent to prototype: contenteditable=plaintext-only groups.google.com/a/mozilla.or...

1
DFjoshuafoust.com

Why, yes I will respond to a random number from Kansas City using perfect English grammar to offer getting me started in the Goldman Sachs AI Profit Plan. This is obviously credible and I will give them my social security number in plaintext.

A text from +1 (816) 815-3283 “Become a part of the Goldman Sachs Market Analysis Club and unlock the AI Profit Plan at no cost. Text “Yes” to get started you’ll be rewarded with a reward. Much appreciated. - pCoQEVg”
1
VCthetimeweleft.blrgms.com

por que os ANIMAIS do congresso brasileiro de neurologia gravaram minha senha como plaintext e me mandaram SEM EU PEDIR em um e-mail?

0
Cpotato.software

Meta fined $101 million for storing hundreds of millions of passwords in plaintext #potatosecurity#infosec#privacy#news therecord.media/meta...

0
EUeprint.bsky.social

Breaking, Repairing and Enhancing XCBv2 into the Tweakable Enciphering Mode GEM (Amit Singh Bhati, Michiel Verbauwhede, Elena Andreeva) ia.cr/2024/1554

Abstract. Tweakable enciphering modes (TEMs) provide security in a variety of storage and space-critical applications like disk and file-based encryption, and packet-based communication protocols, among others. XCB-AES (known as XCBv2) is specified in the IEEE 1619.2 standard for encryption of sector-oriented storage media and it comes with a proof of security for block-aligned input messages. In this work, we demonstrate an attack on XCBv2. We show that XCBv2 is insecure also for full block messages by presenting a plaintext recovery attack using only two queries. We demonstrate that our attack further applies to the HCI and MXCB TEMs, which follow a similar design approach to XCBv2. We then propose a simple, “quick” fix that is not vulnerable to our attack and provably restore the security for XCBv2. Following the responsible disclosure process, we communicated the attack details to IEEE and the authors of XCB-AES. The authors have confirmed the validity of our attack on 02/09/2024. Our next contribution is to strengthen the provable security of XCBv2 (currently n/3 bits). We propose a new modular TEM called GEM which can be seen as a generalization of the Hash-CTR-Hash approach as used in XCB-style and HCTR-style TEMs. We are able to prove that GEM achieves full n-bit security using only n-bit PRP/PRF. We also give two concrete GEM instantiations: KohiNoor and DaryaiNoor, both of which are based on AES-128 and GHASH-256, and internally use variants of the CTR-based weak pseudorandom functions GCTR-3 and SoCTR, respectively. SoCTR uses AES-128 and GCTR-3 is based on ButterKnife-256. Our security proofs show that both KohiNoor and DaryaiNoor provide full n-bit security. From applications perspective, DaryaiNoor addresses the need for reusing classical components, while KohiNoor enhances performance by leveraging a more modern primitive based on the AES/Deoxys round function. Our implementation demonstrates competitive performance: For typical 4KiB sector size, KohiNoor’s performance is on par with AES₆-CTET+, yet achieving higher standard security guarantees. DaryaiNoor is on par with AES-CTET+ performance-wise while also maintaining higher security with standard components. Our GEM instances triple the security margin of XCBv2 and double that of HCTR2 at the cost of performance loss of only 12% (KohiNoor) and 68% (DaryaiNoor) for 4KiB messages.
Image showing part 2 of abstract.
Image showing part 3 of abstract.
0
EUeprint.bsky.social

More Efficient Lattice-based OLE from Circuit-private Linear HE with Polynomial Overhead (Leo de Castro, Duhyeong Kim, Miran Kim, Keewoo Lee, Seonhong Min, Yongsoo Song) ia.cr/2024/1534

Abstract. We present a new and efficient method to obtain circuit privacy for lattice-based linearly homomorphic encryptions (LHE). In particular, our method does not involve noise-flooding with exponetially large errors or iterative bootstrapping. As a direct result, we obtain a semi-honest oblivious linear evaluation (OLE) protocol with the same efficiency, reducing the communication cost of the prior state of the art by 50%. Consequently, the amortized time of our protocol improves the prior work by 33% under 100Mbps network setting. Our semi-honest OLE is the first to achieve both concrete efficiency and asymptotic quasi-optimality. Together with an extension of the recent zero-knowledge proof of plaintext knowledge, our LHE yields actively-secure OLE with 2.7x reduced communication from the prior work. When applied to Overdrive (Eurocrypt ’18), an MPC preprocessing protocol, our method provides 1.4x improvement in communication over the state of the art.
0
HomePopularExplore