Hydra Logo


Shorts posts for your enjoyment.

  • Open sourcing d1-batch

    Open source Cloudflare d1

    The combination of Cloudflare’s developer platform, which includes R2, D1, Workers, Queues, and Workers Analytics Engine results in a very compelling platform for young companies. You can build and launch software products with very low operational expenditure.

  • A Few Thoughts on Cryptographic Engineering (blog)


    A Few Thoughts on Cryptographic Engineering is Matthew Green’s blog with a post appearing every month or so. Highly recommended reading! Topics covered include cryptography, security engineering, latest infosec news, etc. Did I already say highly recommended reading?

  • Encrypted & authenticated data diode communications

    Network security Cryptography

    Data diodes provide physically guaranteed one-way communications in computer networks. Data diodes can be built using commercial off the shelf components, such as by disconnecting the receive end of a fiber transceiver. Several dedicated appliances are also available. Traditionally, data diodes have been used in high security settings, such as military or industrial control systems. Data diodes might also have a place in other industries, such as health care or finance, especially to transmit logs, analytics, usage, or billing information.

  • Passkeys

    Web security

    I noticed my various infosec-related channels have been talking a lot about Passkeys lately. Are they going to replace passwords? Is it a loss of user control? These are very good and excelllent questions. Adam Langley wrote an excellent blog post. If you also have Passkeys on your mind, start by reading Adam’s post.

  • Two cryptographers playing cards


    I tooted the following puzzle:

    Do you teach cryptography? If yes, ask your students to design a protocol for two people to play a cards game over the internet (eg Uno, Gin Rummy, Go fish or whatever). The protocol should be trustless so the players don’t have to rely on a centralized server to deal cards and players shouldn’t be able to peek at the deck unless the game rule allows it.

    Give extra points to students who come up with simpler protocols, formal proofs, or an actual implementation.

  • tl;dr sec


    tl;dr sec is a weekly newsletter by Clint Gibler. The newsletter summarizes what’s going on the infosec world. The content covers a wide range of topics. I found out about it because Clint Gibler heads Security Research at semgrep and a very good friend of mine happens to work there.

  • Cryptopals

    Cryptography Challenges

    9+ years later, Cryptopals remains a tremendously valuable tool for learning about cryptography by working on practical pieces of code. Cryptopals is a collection of 8 sets of challenges, starting very gently and ending with some non-trivial problems. By working through these challenges you will implement various cryptosystems and well known attacks.