Truncated HMAC Security and Performance Trade-offs
RFC 2104 says you need at least 80 bits, but NIST's new SP 800-224 dropped the floor to 32 bits with a risk analysis requirement that nobody wants to explain.
Read more
Dread Pays $1,000 XMR for Good Writing
Dread is running a writing contest with $1,750 in Monero prizes and one very specific ban: AI-generated content.
Apple's Mandatory ID... GrapheneOS is the Exit
Apple rolled identity verification into iOS 26.4 for UK users under the Online Safety Act, requiring credit card scans or government photo ID to confirm users are over 18. If you decline, app downloads and in-app purchases get restricted on a phone you already own. The system is expanding
Tails 7.5 Ships New Tor Circuit Encryption
Tails 7.5 upgrades to Tor 0.4.9.5 with Counter Galois Onion encryption and patches over 30 high-severity Firefox vulnerabilities through Tor Browser 15.0.7.
A Botnet Accidentally Destroyed I2P (The Full Story)
On February 3, 2026, the I2P anonymity network was flooded with 700,000 hostile nodes in what became one of the most devastating Sybil attacks an anonymity network has ever experienced. The network normally operates with 15,000 to 20,000 active devices. The attackers overwhelmed it by a factor