NSA and IETF: Can an attacker purchase standardization of weakened cryptography?
blog.cr.yp.tocr.yp.to:
2025.10.04: NSA and IETF
#standardization
1 post1 participant0 posts today
You know I'm down with that #RISCV movement - to free the #firmware and free the #hardware. It is mui importante.
But fragmentation in the #computer world, (particularly in #opensource #desktop and #consumer standards) has the effect of making things worse.
#Standardization is key, in both #software - and #hardware.
Also, what the heck is bit switching?
From Linus Torvalds <>
Date Tue, 30 Sep 2025 16:53:24 -0700
Subject Re: [GIT PULL] RISC-V updates for v6.18-rc1
https://lkml.org/lkml/2025/9/30/1304
lkml.orgLKML: Linus Torvalds: Re: [GIT PULL] RISC-V updates for v6.18-rc1
Replied in thread
@r @fluffykittycat @flower Obviously people have used the #RP2040 for many projects and given it's ease of programming, low price, excellent documentation and easy availability it's no wounder it does put pressue on #ATmega / #ATtiny, #Arduino, #Teensy, etc.
- At least for low volume productions and prototypes as proof of concept.
#RaspberryPi shure are more and more targeting #embedded & #industrial clients given they do in fact disrupt the market as one can get proper #documentation and #tools without paying $$$$ upfront (AND sign NDAs) just to be able to boot #Linux on it.
- And competitors fail at understanding that this makes #Broadcom look good and is their entry-way into acquiring new clients. Because selling hardware purely off specs may work in #amd64 land where shit's legacy and the way things work is so entrenched that basic stuff just works as in booting. #ARM and even #ARM64 fail at having that level of #standardization.
OFC the #Pi0 / #Pi0W / #Pi0W2 doesn't need to innovate since every competitor isn't even trying to compete but merely farting out boards with 0 documentation and some halfassed boot images and no post-sales support so they keep dominating by virtue of being the only ones that just work...
Continued thread
Followed by 18:00 UTC (19:00 UK) - Reinaldo Ferraz - Advancing Web Accessibility: Standardization and Localization in Brazil https://www.youtube.com/watch?v=CTC1zK-B14M&list=PLn7dsvRdQEfFTeoA8kZcsASPbYi2rf4C0&index=21 #id24 #accessibility #a11y #standardization #localization #Brazil
The journey to standardized metric threads began in the 19th century with Professor Marc Thury’s Thury thread, designed for Swiss watchmaking. By 1947, post-war collaboration led to the ISO metric thread standard, harmonizing global engineering practices. Today, metric threads power industries worldwide, from automotive to aerospace. Pioneers like Thury and the ISO standard show how innovation and collaboration create lasting solutions. #MetricThreads #Engineering #Standardization
Việt Nam chuẩn bị ban hành hệ thống tiêu chuẩn quốc gia cho đô thị thông minh, giúp các nền tảng khác nhau có thể giao tiếp và phối hợp hiệu quả hơn.
#smartcity #dothithongminh #tieuchuanhoa #standardization #vietnam
Vietnamnet.vn · Tiêu chuẩn hóa để các nền tảng đô thị thông minh “nói chuyện” được với nhauBộ KH&CN sẽ khẩn trương phối hợp với các bộ, ngành liên quan để sớm hoàn thiện và công bố hệ thống tiêu chuẩn, quy chuẩn kỹ thuật quốc gia về đô thị thông minh.
𝐁𝐈𝐒 𝐍𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐒𝐞𝐜. 𝐂𝐨𝐦𝐦𝐢𝐭𝐭𝐞𝐞 𝐌𝐞𝐦𝐛𝐞𝐫,
𝐁𝐈𝐒 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐞 𝐂𝐨𝐧𝐬𝐮𝐥𝐭𝐚𝐧𝐭 𝐢𝐧 𝐍𝐚𝐬𝐡𝐢𝐤: 𝐒𝐡𝐫𝐞𝐞𝐤𝐚𝐧𝐭 𝐏𝐚𝐭𝐢𝐥
MRC opens public comment for out-of-home audience measurement standards phase 2 https://ppc.land/mrc-opens-public-comment-for-out-of-home-audience-measurement-standards-phase-2/ #OutOfHomeAdvertising #AudienceMeasurement #MediaRatingCouncil #Standardization #Marketing
MRC opens public comment for out-of-home audience measurement standards phase 2: Media Rating Council releases draft requirements for out-of-home advertising audience measurement standardization. https://ppc.land/mrc-opens-public-comment-for-out-of-home-audience-measurement-standards-phase-2/ #OutOfHomeAdvertising #AudienceMeasurement #MediaRatingCouncil #Standardization #Marketing
PPC Land · MRC opens public comment for out-of-home audience measurement standards phase 2Media Rating Council releases draft requirements for out-of-home advertising audience measurement standardization.
Tomorrow 17 July at 4pm CET! Register to the @w3c @wot online meetup "An #OpenSource software stack for #IoT virtualization and convergence with #EdgeComputing technologies"
https://www.w3.org/events/meetings/d5ca8089-230f-4126-9e95-5b7446784a6d/
The implementation of VOStack is aligned with the Web of Things specifications and is implemented in the framework of the NEPHELE Horizon EU project. #standardization
Slides: https://nephele-project.eu/sites/nephele/files/public/content-files/2025/vo-wot.pdf
È online il mio podcast con @iusondemand su "Caffè 2.0"!
Abbiamo parlato del mio nuovo libro "Intelligenza Artificiale, Privacy e Reti Neurali" - un'ora di conversazione su come l'#AI cambierà (non distruggerà) le professioni.
La mia convinzione: l'AI creerà nuove opportunità per chi sviluppa competenze ibride tra diritto e tecnologia.
Podcast: caffe20.it
Approfondimento: https://www.nicfab.eu/it/posts/caffe2.0/
NicFab Blog · Caffè 2.0 con Valentino Spataro: Una conversazione sull'Intelligenza Artificiale e sul futuroÈ online su caffe20.it il podcast della mia intervista con Valentino Spataro nel programma “Caffè 2.0, Tecnologia e Legal”. Una conversazione di oltre un’ora dedicata al mio nuovo libro “Intelligenza Artificiale, Privacy e Reti Neurali: L’equilibrio tra innovazione, conoscenza ed etica nell’era digitale”, pubblicato in italiano (3 giugno) e inglese (11 giugno 2025).
Un libro nato dalla pratica Durante l’intervista ho avuto modo di spiegare come questo volume nasca dalla mia esperienza sul campo: dal ruolo di Garante della Privacy della Repubblica di San Marino alla partecipazione ad alcuni gruppi di lavoro del CEN/CENELEC JTC21 per la standardizzazione e IEEE, fino alla importante membership nell’International Neural Network Society (INNS).
It's a wonderful morning here in #Milano - and we're starting day 2 of the #THEuMa Jean Monnet #Conference "Towards a #History of European Markets: #Institutionalization, #Standardization and Legal #Harmonization"!
The #THEuMa Jean Monnet #Conference "Towards a #History of European Markets: #Institutionalization, #Standardization and Legal #Harmonization" has taken off... 50+ people in the hall, 120+ online!
The #THEuMa Jean Monnet #Conference "Towards a #History of European Markets: #Institutionalization, #Standardization and Legal #Harmonization" featuring over 45 speakers from all around the world is starting today, 14:00h at the University of #Milano #Bicocca!
#THEuMaConference #THEuMa2025 #JeanMonnet #Erasmus #Law #Economics #Science #EU #EuropeanUnion #Europa
Excited to announce that our paper with TU Wien on the first plaintext recovery attack against XCB-AES (IEEE 1619.2) has been accepted at #CRYPTO2025! 
https://ia.cr/2024/1554
#IEEE #Standardization #XCB #XCB_AES #cosic #kuleuven
IACR Cryptology ePrint Archive · Breaking the IEEE Encryption Standard – XCB-AES in Two QueriesTweakable enciphering modes (TEMs) provide security in various storage and space-critical applications, including disk and file-based encryption and packet-based communication protocols. XCB-AES (originally introduced as XCBv2) is specified in the IEEE 1619.2 standard for encryption of sector-oriented storage media and comes with a formal security proof for block-aligned messages.
In this work, we present the first plaintext recovery attack on XCB-AES $-$ the shared difference attack, demonstrating that the security of XCB-AES is fundamentally flawed. Our plaintext recovery attack is highly efficient and requires only two queries (one enciphering and one deciphering), breaking the claimed $\mathsf{vil\text{-}stprp}$, $\mathsf{stprp}$ as well as the basic $\mathsf{sprp}$ security. Our shared difference attack exploits an inherent property of polynomial hash functions called separability.
We pinpoint the exact flaw in the security proof of XCB-AES, which arises from the separability of polynomial hash functions. We show that this vulnerability in the XCB design strategy has gone unnoticed for over 20 years and has been inadvertently replicated in many XCB-style TEM designs, including the IEEE 1619.2 standard XCB-AES. We also apply the shared difference attack to other TEMs based on XCB $-$ XCBv1, HCI, and MXCB, invalidating all of their security claims, and discuss some immediate countermeasures.
Our findings are the first to highlight the need to reassess the present IEEE 1619.2 standard as well as the security and potential deployments of XCB-style TEMs.
Brussels tries (again) to build its elusive single market https://www.politico.eu/article/brussels-belgium-europe-single-market-china-european-union-regulations/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication #CompetitionandIndustrialPolicy #Capitalmarketsunion #FinancialServices #FinancialServices #Standardization #Sustainability #Bankingunion #SingleMarket #Competition #e-commerce #Investment #Regulation #Technology #Exclusive #Packaging #Transport #Economics #Services #Growth
POLITICO · Brussels tries (again) to build its elusive single market
Continued thread
Abrasive Working Practices:
‘IETF working groups are characterized by frank exchanges and robust conversations. […] #Confrontation is a test, a way to guarantee high-quality contributions.’
Dr. Corinne Cath @C__CS https://criticalinfralab.net/wp-content/uploads/2023/06/LoudMen-CorinneCath-CriticalInfraLab.pdf
New open-access paper!
We present a standardized methodology to evaluate counter-drone (C-UAS) systems—validated through real-world trials in the EU #COURAGEOUS project.
Read it here: https://www.mdpi.com/2504-446X/9/5/354
Hey babe, wake up, there's a project to standardize #fediverse links!
fedilinks.orgFedi Links