salade_verte's comments

salade_verte · on Oct 20, 2023

Hello,

Let me introduce Bazaar.co, a social bookmarking platform I never had the courage to official launch, it's been almost 10 years...

/o\

caviv · on Oct 20, 2023

I have made https://yabs.io (like good old del.icio.us)

salade_verte · on April 15, 2022

Hello :) I'd like to extract a similar date module to use it on a different camera. Do you think it would be possible to make it print date past 2019 ?

Thanks

salade_verte · on Sept 3, 2015

Hi there, I'm the author of the plugin, if you have any question/suggestion please do :)

Nicolas

salade_verte · on June 10, 2013

Thanks, can you suggest me a better AES implementation ?

mcpherrinm · on June 10, 2013

If you're asking that question, and really aim to write crypto safe from the NSA, then I think you have a lot more learning to do. Just naming off a different mode isn't going to cut it.

The Matasano crypto challenges seem to be popular lately. That would be a decent place to start.

salade_verte · on June 10, 2013

I'm happy with AES and I don't want to write my own crypto.

I was asking for a better AES javascript library, because I found a couple of different js AES libraries, but, as you said, I don't know anything about cryptography, and I wanted to know if some are better than others.

thanks

tlrobinson · on June 11, 2013

You don't need a better AES implementation (well, you probably do, but that's just the start). You need higher level primitives. There a thousand ways to use AES, and most of them are insecure, including your implementation.

bdamm · on June 10, 2013

Your implementation is vulnerable to MITM attacks. That will be the case no matter which AES mode you choose.

You are on the tip of the greatest problem with modern cryptography, which is that there is no real way for widespread confidentiality to be created without trusting a third party such as a CA. But once you trust a CA, then you become vulnerable to the backdoors available through the CA community (not just one CA.)

Personally, I'm hoping for a bitcoin-like protocol (such as namecoin) to create a peer-to-peer trust network for distributing public keys.

PKI is only useful when the root are truly trusted and tightly controlled (or even supervised with highly transparent audit programs). The current generation of Internet CAs don't even come close - they are not trusted by anyone except themselves, and they sure are willing to take your money if it'll make you feel better!

jafaku · on June 10, 2013

Does bitmessage have anything to do with this?

salade_verte · on June 11, 2013

Thanks, where will the man in the middle be ?

mpyne · on June 10, 2013

Wait, you're trying to beat NSA by writing your own crypto? This is worse than useless :), all you'll do is flag that communication for further research (which the NSA will then break within a couple of hours if need be), at least with plain text you'll stay in the noise of the masses.

salade_verte · on June 10, 2013

I don't want to beat the NSA, I was just asking for a better javascript AES script. I have nothing to hide, that's why I would be very happy to get out of the noise of the masses and make the NSA waste a couple of hours :)

mpyne · on June 10, 2013

Don't get me wrong; I use crypto too (GPG), but NSA is not the ones I'm worried about. ;)

salade_verte · on May 23, 2013

I've just made a new version for google hangouts. hangoutAES.user.js : https://github.com/nicolas-t/gAES

salade_verte · on May 18, 2013

It works with chat as they are now on gmail, I'll update the script when they will update the chat.