At Zxs, we have been involved in several AWS Nitro Enclave-related projects. We have noticed a few areas where the AWS documentation doesn’t clearly mention some cryptographic considerations. We have discussed these issues with the security team at AWS and we understand that their hands are tied: they can’t easily change their existing design/APIs and they don’t want to risk confusing their developers by appending their documentation.
Blog
Short (usually) posts for your enjoyment.
-
Thoughts on AWS Nitro Enclave ⇔ AWS KMS interactions
Cryptography Aws nitro enclave December 15, 2024
-
Confidential Computing at 1Password: audit report
Cryptography Aws nitro enclave November 29, 2024
Zxs conducted an external security assessment of 1Password’s Confidential Computing system. 1Password leverages AWS Nitro Enclaves to provide server-side features while preserving a security and privacy profile equivalent to their current end-to-end setup.
-
Programming Zero Knowledge Proofs
Cryptography Blogs October 07, 2024
Programming ZKPs: From Zero to Hero is a great tutorial about zero knowledge proofs following their initial post, A Friendly Introduction to Zero Knowledge. Save this link for your next rainy day.
-
Cryptographic Right Answers
Cryptography Blogs August 15, 2024
In 2018, Latacora published Cryptographic Right Answers which is a very well written post summarizing which cryptographic algorithms to pick for a given task.
-
Open sourcing d1-batch
Open source Cloudflare d1 June 05, 2024
The combination of Cloudflare’s developer platform, which includes R2, D1, Workers, Queues, and Workers Analytics Engine results in a very compelling platform for young companies. You can build and launch software products with very low operational expenditure.
-
A Few Thoughts on Cryptographic Engineering (blog)
Blogs April 16, 2024
A Few Thoughts on Cryptographic Engineering is Matthew Green’s blog with a post appearing every month or so. Highly recommended reading! Topics covered include cryptography, security engineering, latest infosec news, etc. Did I already say highly recommended reading?
-
Encrypted & authenticated data diode communications
Network security Cryptography November 14, 2023
Data diodes provide physically guaranteed one-way communications in computer networks. Data diodes can be built using commercial off the shelf components, such as by disconnecting the receive end of a fiber transceiver. Several dedicated appliances are also available. Traditionally, data diodes have been used in high security settings, such as military or industrial control systems. Data diodes might also have a place in other industries, such as health care or finance, especially to transmit logs, analytics, usage, or billing information.
-
Passkeys
Web security October 13, 2023
I noticed my various infosec-related channels have been talking a lot about Passkeys lately. Are they going to replace passwords? Is it a loss of user control? These are very good and excelllent questions. Adam Langley wrote an excellent blog post. If you also have Passkeys on your mind, start by reading Adam’s post.
-
Two cryptographers playing cards
Cryptography October 02, 2023
I tooted the following puzzle:
Do you teach cryptography? If yes, ask your students to design a protocol for two people to play a cards game over the internet (eg Uno, Gin Rummy, Go fish or whatever). The protocol should be trustless so the players don’t have to rely on a centralized server to deal cards and players shouldn’t be able to peek at the deck unless the game rule allows it.
Give extra points to students who come up with simpler protocols, formal proofs, or an actual implementation.
-
tl;dr sec
Newsletter August 20, 2023
tl;dr sec is a weekly newsletter by Clint Gibler. The newsletter summarizes what’s going on the infosec world. The content covers a wide range of topics. I found out about it because Clint Gibler heads Security Research at semgrep and a very good friend of mine happens to work there.