Aaron Toponce ⚛️:debian:

In May of 2018, ISC replaced using system RNG with xoroshiro** for all random functions in Bind9, claiming the system calls were too slow.

GitHub

Change isc_random() to be just PRNG, and add isc_nonce_buf() that use… · isc-projects/bind9@99ba29b

…s CSPRNG This commit reverts the previous change to use system provided entropy, as (SYS_)getrandom is very slow on Linux because it is a sysca...

Fast forward 7 years, and we have a cache poisoning attack due to weak PRNG with a CVE score of 8.6. Reminder: all code is security related. https://www.cve.org/CVERecord?id=CVE-2025-40780 #crypto #cryptogarphy

It's been a long time since I've played with any of my HWRNG devices. Dug those back out and getting them working again. I used to have a Raspberry Pi providing "Entropy As A Service" from my home years and years ago. I should do that again. #crypto #cryptography

This is a "paceometer". On the inner dial, you see the standard speedometer in "miles per hour", but on the outer dial, you see the units in "minutes per 10 miles". Notice that when you're driving very slowly, increasing your speed by 10 miles per hour make a big difference on your ETA. But if you're already going quite fast, say 70 mph, increasing your speed barely makes a difference on your duration. While also increasing risk of accidents, braking distance, energy consumption, etc.

Private Reddit profiles aren't actually private. With the profile pulled up, search for " " (space) and all their posts and comments will be visible.

Signal and WhatsApp side channel attack. Using basically just a silent ping, this proof of concept can extract behavioral information about how you use WhatsApp and Signal. The adversary can flood the target with RTT requests every 50 ms without them ever getting any hype of UI alert, while also simultaneously draining the battery and consuming bandwidth. The target phone responds differently if unlocked vs locked, and WiFi vs carrier.

GitHub

GitHub - gommzystudio/device-activity-tracker: A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp / Signal)

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing le...

Random observation, but it is fascinating to me that Japan doesn't "text message". It's never really taken off. Instead, their phones have been designed around email. Each phone has its own unique email assigned by the carrier. SMS is basically extinct. Contrast that to the US where SMS/MMS is prevalent and Google is trying to force RCS. Interoperability between Android and iOS is still obnoxious. Meanwhile, everyone in Europe is on WhatsApp.

A play in two acts.

Remember the AWS outage from just a couple weeks ago and how much of the Internet it took with it. Cloudflare's turn. The original decentralized Internet is looking awfully good right now.

The Independent

Cloudflare down latest: ‘Fix’ update issued after X, ChatGPT and more go down

Outage comes around a month after Amazon Web Services outage also took much of the internet offline