Skip to content

Instantly share code, notes, and snippets.


Not many papers share a critical view of the cryptography field, and when such papers are published they tend to be dismissed as "extreme opinions". But not talking about potential deficiencies is harmful for everyone on the long run, even if many actors' self-interest is the status quo (example: USSR). So here's a list of crypto papers and essays not purely technical, sometimes called "controverial", in arbitrary order (please send suggestions of missing entries):

Rogaway - The moral character of cryptographic work -

Bernstein - Non-uniform cracks in the concrete: the power of free precomputation -

kennwhite /
Last active May 24, 2021
FIPS Modules In Process (as of Apr 9, 2021)

From: Snapshot as of Apr 9, 2021

Module Name Vendor Name Standard Status
Thunder Series TH-3040S, TH-5440S, TH-5840S and TH-7440S-11 A10 Networks, Inc. FIPS 140-2 In Review
ADVA 10TCE-PCN-16GU+AES100G-F encryption module ADVA Optical Networking SE FIPS 140-2 Review Pending
ADVA 9TCE-PCN-10GU+AES10G-F encryption module ADVA Optical Networking SE FIPS 140-2 Review Pending
WCC-PCN-AES100GB-F Encryption Module ADVA Optical Networking SE FIPS 140-2 Coordination
kennwhite / general_tso`
Last active Mar 28, 2021
General Tso's Chicken
View general_tso`

Joshua Weissman's General Tso's Chicken


  • 1.5 lbs (700g) boneless skinless chicken thighs cut into pieces
  • 1 TB (14g) shaoxing wine
  • 1 TB (14g) soy sauce
  • pinch of salt
  • 2 cloves garlic mined
  • 1 inch knob ginger minced
  • 1/2 cup (75g) all purpose flour
kennwhite / lxc_v4_notes_feb-2021.txt
Last active Aug 19, 2021
LXC v4 notes (2/2021) for Ubuntu
View lxc_v4_notes_feb-2021.txt
# Good tips here:
# List all running services
systemctl list-units --all --type=service --no-pager | grep running
# Clean install of lxc (on host) - first lxd system, then lxc command line tools
sudo apt-get update
sudo apt-get upgrade
sudo apt install lxd
sudo adduser YOURUSERID lxd # (probably already there)
kennwhite / hello_world_shell_local_per_user.js
Last active Feb 15, 2021
Basic FLE hello world with shell, demonstrating per-user keys (json pointers)
View hello_world_shell_local_per_user.js
Simple demonstration using MongoDB Client-Side Field Level Encryption (local key version)
using json pointer for per-user/per-document dynamic key selection
This pattern might be useful for Right to Be Forgotten GDPR use case.
Note: FLE schemas with json pointer dynamic key IDs require randomized mode and automatic encryption
Decryption -- whether randomized or deterministic -- is always automatic, assuming the data key is available/cached.
If deterministic (searchable) mode is required, consider dynamic user key selection
at the app level via explicit encryption methods (versus automatic), e.g.:
kennwhite / Gatekeeper Exception command
Last active Dec 23, 2020
Bypass MacOS Gatekeeper for specific apps & executables on command line
View Gatekeeper Exception command

To override Big Sur's Gatekeeper restriction: "cannot be opened because the developer cannot be verified" from the command line

Example with MongoDB (can be run against a folder e.g., JavaSDK or individual executables):

xattr -d /Users/me/Downloads/mongodb-macos-x86_64-enterprise-4.4.2/bin/*

This appears to be sticky for all identical versions of that executable, i.e., if you have two copies of the identical binary in unrelated directories, removing quarantine for one seems to enter a file signature hash into the allowed list globally.

kennwhite /
Last active Apr 27, 2021
Ubuntu 20 Nvidia Zoom Fix

More Nvidia/Ubuntu bleeding edge funness

Problem: Failed to initialize NVML: Driver/library version mismatch

dmesg | grep -i nvrm

NVRM: API mismatch: the client has the version

# Example FHIR Connector Demo
# Default settings are for local mongodb on 27017. If using Atlas, modify src/config.js or
# set an environment variable: export MONGO_HOSTNAME='mongodb+srv://'
# If using other mongodb, from shell: export MONGO_HOSTNAME='mongodb://'
git clone
cd node-fhir-server-mongo/
kennwhite /
Last active Aug 24, 2020
Bootstrap mongodb binary (mongod) properly from command line with encrypted storage engine enabled (full database encryption)
# See:
# As non-root user, possibly in a startup script:
/usr/bin/mongod \
--fork \
--logpath=/tmp/mdb.log \
--dbpath=/data/db \
--enableEncryption \

Basic quick yellow Dahl

  • 1 c red (masur) or yellow (moong) lentils, well rinsed
  • 4 c water
  • 1.5 c chopped plum or San Marzano tomatoes, (drained if using canned)
  • 1 tsp tumeric

Boil for 20 minutes, set aside