4 comments

  • Cider99860 minutes ago
    This was a fun read.<p>My introduction to threat modeling was from this post: <a href="https:&#x2F;&#x2F;www.privacyguides.org&#x2F;en&#x2F;basics&#x2F;threat-modeling&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.privacyguides.org&#x2F;en&#x2F;basics&#x2F;threat-modeling&#x2F;</a><p>It&#x27;s a bit shorter and focused for people interested in privacy.
  • mapontosevenths3 hours ago
    This is the best gay furry blog post about threat modeling I&#x27;ve seen all day!
  • teravor39 minutes ago
    <p><pre><code> &gt; Hybrid PQ+ECDH is a hedged bet against an algorithm break before Q-Day, but is utterly fucking useless over Pure PQ once Q-Day occurs. </code></pre> there is also the likelihood that Q-Day never arrives, either because something we don&#x27;t know prevents the construction of sufficiently large quantum computers (eg. quantum gravity) or because the entire field was a scam. in that scenario abandoning ECC would have been pretty stupid.
    • some_furry25 minutes ago
      Hi, I&#x27;m the author of this blog post!<p>&gt; there is also the likelihood that Q-Day never arrives, either because something we don&#x27;t know prevents the construction of sufficiently large quantum computers (eg. quantum gravity)<p>That is possible, but given the recent 2029 timelines from large Internet providers, I think it&#x27;s prudent to prepare for Q-Day even if it never arrives.<p>&gt; or because the entire field was a scam.<p>The field is like... a magnet for scams, sure. But it, itself, isn&#x27;t one.<p>And, like, the Quantum Village at DEFCON has <i>really</i> failed to establish credibility in my eyes.<p><a href="https:&#x2F;&#x2F;soatok.blog&#x2F;2022&#x2F;08&#x2F;18&#x2F;burning-trust-at-the-quantum-village-at-defcon-30&#x2F;" rel="nofollow">https:&#x2F;&#x2F;soatok.blog&#x2F;2022&#x2F;08&#x2F;18&#x2F;burning-trust-at-the-quantum-...</a><p><a href="https:&#x2F;&#x2F;soatok.blog&#x2F;2023&#x2F;08&#x2F;20&#x2F;defcon-quantum-village-2-electric-boogaloo&#x2F;" rel="nofollow">https:&#x2F;&#x2F;soatok.blog&#x2F;2023&#x2F;08&#x2F;20&#x2F;defcon-quantum-village-2-elec...</a><p>&gt; in that scenario abandoning ECC would have been pretty stupid.<p>Not really, no. See <a href="https:&#x2F;&#x2F;blog.trailofbits.com&#x2F;2024&#x2F;07&#x2F;01&#x2F;quantum-is-unimportant-to-post-quantum&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.trailofbits.com&#x2F;2024&#x2F;07&#x2F;01&#x2F;quantum-is-unimporta...</a> for a counter-point.
  • evanprodromou3 hours ago
    Wow, excellent guide! And I love the E2EE example.