Modern cryptography

Hashing: BLAKE3, Keccak-based functions (SHA-3, SHAKE256) or BLAKE2b.

Encryption: XChaCha20-Poly1305, ChaCah20-BLAKE3, or, I would like to see keccak-based AEAD constructions.

Key Exchange: X25519, X448

Digital Signatures: Ed25519, Ed448

Password Hashing / Key Derivation: Argon2id

About the new Anki algorithm to schedule flashcard reviews. I didn't read it yet, but it can become handy.

Instead of hash functions to store password, use Password-Based Key Derivation Functions (PBKDF) such as Argon2id.

bcrypt should be avoided due to its huge footgun: it truncates inputs longer than 72 characters. Okta AD/LDAP was vulnerable because of it.

Checksum functions such as CRC32 and xxh3 are optimized for pure speed and don't provide any security guarantees about their output, and it's easy to find collisions for a given checksum.

In 2024 based on I/O speed, a hash function with a throughput of 1 GB / s / core is considered fast enough for most use cases.

I skip the speed part because it is not relevant for me: 100MB/s or 1GB/s does not make much difference.

SHA3 and the BLAKE family which produced secures hash functions that are also misuse resistant.

A strength >= 128 bits is considered secure. The security agencies recommendation are a bit different. Hash length ranges from 256 (NIST) to 512 (ECRYPT-CSA).

SHA3 has many functions, SHA2 is vulnerable to length extension attacks (secret || message) but BLAKE3 has none of these issues.

Post-Quantum security from Grover's algorithm divides by 2 the preimage and 2nd-preimage resistance. The BHT algorithm predicts however that a quantum computer can find a collision in $2^{\mathrm{<mfrac><mtext>n</mtext><mtext>3</mtext></mfrac>}}$ operations instead of 2^n/2

So SHA2 for convenience or BLAKE for the rest. There is only C and Rust that have official support for BLAKE though.

Adding a proof-of-work algorithm can work with this experience.

I guess that the main lesson was that these particular spammers, are really low-effort creatures. You raise the bar a little, and they stop being effective.

Hashsets < Dynamic Array < Statis Array < Bit Mask

There is also a dedicated section for JS https://shaarli.lyokolux.space/shaare/DhH-Zw

Outline:

Using a BKTree data structure to identify and correct typos
Writing the Business Logic to Perform Typo Corrections
Pulling from Redis and caching it with lazy_static!
Identifying english words (among others, BKTree Search for Non-Dictionary Words)

Also called german strings. This is a great data structure that explains how handling strings can be diverse.

an arena is a way to store your data somewhere without directly going through the system allocator. If you have a lot of small objects which you don’t mind to deallocate together instead of individually, this can be a lot faster. You could use a Vec for this. However, if you store data in a vec its address might change all the time.

A great thing would be an implementation in #rust as a small #project #idea

See the page 38-45 computer science PDF of Andy Pavlo: https://15721.courses.cs.cmu.edu/spring2024/slides/05-execution2.pdf

About ULIDs, UUIDv4 & UUIDv7. The dynamic examples are great!

How to remove XML comments in Javascript?

How regex can solve the issue but why they can be slow. There is a category for this weakness: CWE-1333 "Inefficient Regular Expression Complexity".

Other workarounds are also proposed, such as using efficient engines with backtracking.

A fast hashmap algorithm if the one of the standard library is not enough.

IDK if the collision rate is higher than the std library though. Hashbrown uses AHash as algorithm for hashing. --> it does not provide cryptographic secure hashes though.

Another use case is when std is not available (because the randomness is not available in the environment / OS).

Non empty data structures :D

There is no clear resources on how to read from SSDs. As long as the read access amount can be reduced, then it is all good.

How to ramp up quickly?

The first step is to find someone on the team and ask for 30 minutes with them. In that meeting you have a simple agenda:

• For the first 25 minutes: ask them to tell you everything they think you should know. Take copious notes. Only stop them to ask about things you don’t understand. Always stop them to ask about things you don’t understand.
• For the next 3 minutes: ask about the biggest challenges the team has right now.
• In the final 2 minutes: ask who else you should talk to. Write down every name they give you.

Repeat the above process for every name you're given. Don’t stop until there are no new names.