Profile

Cover photo
Kyle Isom
2,321 followers|160,175 views
AboutPosts

Stream

Kyle Isom

Shared publicly  - 
 
How about a nice game of VPN Roulette?

https://srsly.de/  
3
Bryce Chidester's profile photo
 
Connection times-out.
Add a comment...

Kyle Isom

Shared publicly  - 
 
In a fit of insomnia, I started hacking on a #golang client for https://keybase.io/. Right now, it can be used to look up users on the site, download their public keys, upload an armoured OpenPGP key file (i.e. not from the keyring), and delete keys from the account. Tomorrow, I should be getting OpenPGP keyrings hooked in, which will allow me to add support for signing things. Then I have to bug the Keybase team to figure out how to use my client for verifying oneself on the site.
keybase.io command line client
4
Add a comment...

Kyle Isom

Shared publicly  - 
 
I wrote a package for generating and parsing basic certificate signature requests (CSR), such as done by the OpenSSL tools. The package supports both RSA and ECDSA keys.
csr - Certificate signature request encoding (and soon, decoding).
4
Add a comment...

Kyle Isom

Shared publicly  - 
 
I parted ways with Conformal today. I just wasn't the web dev they need. I wish them the best of luck in the future, and I'll remain a loyal customer.
10
Zachary Collier's profile photoShane Lofgren's profile photoDave Rose's profile photoElazar Leibovich's profile photo
7 comments
 
Good luck! Did you think of Canonical? They use Go for cool distributed things.
Add a comment...

Kyle Isom

Shared publicly  - 
 
I've updated my introduction to crypto with Python. It now features the PyElliptic library (written by +Yann Guibet) as the public key cryptographic package, and uses ECDSA / ECIES for PKC.

I do need to replace the CBC mode code with CTR mode, though not writing Python anymore means I need to find motivation to write more Python again.
2
1
Kyle Isom's profile photoYann Guibet (Yann2192)'s profile photo
6 comments
 
(80 bytes for 32-byte AES-256 + 48 bytes HMAC-SHA-384) The PDF mentions some curves, but I haven't seen code yet.
Add a comment...

Kyle Isom

Shared publicly  - 
 
The book draft is done -- I've just published the final chapter. Now, I have to get serious about proofreading it.
1
Add a comment...
In his circles
543 people
Have him in circles
2,321 people
Tammy Sagastume's profile photo
Gregg Caines's profile photo
Nathan Wong's profile photo
Ghais Issa's profile photo
Ian Kallen's profile photo
Sander Mak's profile photo
Bevan L's profile photo
Uli Oreggia's profile photo
Aaron Miller's profile photo

Kyle Isom

Shared publicly  - 
 
Spaced on the fact that I need to get plane tickets (and a hotel) for GopherCon. I was living in Denver when we started planning, but now that I'm in California, guess I should get on that. Not sure I'll make it out there what with my living situation now.
5
Kyle Isom's profile photoBryce Chidester's profile photoDave Rose's profile photo
4 comments
 
Hope you can make it. 
Add a comment...

Kyle Isom

Shared publicly  - 
 
This will be most effective if people actually call and email their congress people.
Reddit, Mozilla, Tumblr, Imgur, and over 6,000 other websites are protesting NSA surveillance. Join them.
3
Brandon Mercer's profile photo
 
Give the NSA a few positive phone calls to save today ;) 
Add a comment...

Kyle Isom

Shared publicly  - 
 
I wrote a simple, flexible, embedded cryptographic key storage system in #golang this weekend. It provides a way for programs to protect keys on disk and support authentication and revocations.
keyvault. A simple, flexible embeddable key storage system. Build Status · Godoc. keyvault is a simple, embedded, JSON-based cryptographic key storage system for Go programs. It provides mechanisms for access control and revocations, and provides a log for auditability.
4
Elazar Leibovich's profile photoKyle Isom's profile photo
2 comments
 
Since it's designed for a server that might be generating secrets, I wanted to reduce the strain on the entropy pool. The timestamp gives a suitable 128-bit nonce, while not draining the entropy pool.
Add a comment...

Kyle Isom

Shared publicly  - 
 
I tried out Firefox 26 on How's My SSL, and it did pretty poorly. Fortunately, that's fixable so you don't have to use another browser. Go to about:config, and search for "security.tls.version". Set the max version to 3, and the min version to 1. The next thing you should do is search for "des_ede"; it should bring up a host of security.ssl3 ciphers -- disable all of them.


Edit The version numbers need some explaining. TLS version 0 is SSLv3; TLS 1.0 is 1, 1.1 is 2, etc... The effect of changing the acceptable TLS version to the range [1, 3] is that it forces Firefox to use only TLS. While sites shouldn't still require SSLv3 (and if they do, you probably shouldn't be using them), you realistically want them to support TLS 1.2, which has some important security updates.
Ephemeral Key Support. Good Ephemeral keys are used in some the cipher suites your client supports. This means your client may be used to provide forward secrecy if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up ...
6
1
Kyle Isom's profile photoBrandon Mercer's profile photoElazar Leibovich's profile photoErik Musick's profile photo
8 comments
 
Chrome on Mac is probably good
Add a comment...

Kyle Isom

Shared publicly  - 
 
Hit a milestone on the book a few minutes ago: it's up to 100 readers (94 paying readers, 6 reviewers). It's crazy to me, especially as I go back through and edit it :D
4
Kyle Isom's profile photo
 
I neglected to say thank you to all the readers -- thank you, readers!
Add a comment...

Kyle Isom

Shared publicly  - 
 
The thought of handing off the book to a proof reader has me scouring chapters, from the beginning, and cleaning things up.
2
Elazar Leibovich's profile photoErik Musick's profile photoKyle Isom's profile photo
8 comments
 
+Elazar Leibovich re:no ECB, at the end I recommend AES-256, which is twice the block size and therefore I'd recommend a different mode.
Add a comment...
People
In his circles
543 people
Have him in circles
2,321 people
Tammy Sagastume's profile photo
Gregg Caines's profile photo
Nathan Wong's profile photo
Ghais Issa's profile photo
Ian Kallen's profile photo
Sander Mak's profile photo
Bevan L's profile photo
Uli Oreggia's profile photo
Aaron Miller's profile photo
Work
Skills
Security and cryptography engineering
Story
Tagline
It's a me - a Mario!
Introduction
I try to avoid Google Talk, but I have an XMPP account at [my first name] at [tyrfingr] [is] (also an email address). OTR encryption strongly preferred. On May 19th, this will require TLS for server-to-server connections, and I will switch over to OTR-required.

PGP key available from https://tyrfingr.is/
Basic Information
Gender
Male