frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Concept Artists Say Generative AI References Only Make Their Jobs Harder

https://thisweekinvideogames.com/feature/concept-artists-in-games-say-generative-ai-references-on...
1•KittenInABox•1m ago•0 comments

Show HN: PaySentry – Open-source control plane for AI agent payments

https://github.com/mkmkkkkk/paysentry
1•mkyang•3m ago•0 comments

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

https://moli-green.is/
1•ShinyaKoyano•12m ago•0 comments

The Crumbling Workflow Moat: Aggregation Theory's Final Chapter

https://twitter.com/nicbstme/status/2019149771706102022
1•SubiculumCode•17m ago•0 comments

Pax Historia – User and AI powered gaming platform

https://www.ycombinator.com/launches/PMu-pax-historia-user-ai-powered-gaming-platform
2•Osiris30•18m ago•0 comments

Show HN: I built a RAG engine to search Singaporean laws

https://github.com/adityaprasad-sudo/Explore-Singapore
1•ambitious_potat•23m ago•0 comments

Scams, Fraud, and Fake Apps: How to Protect Your Money in a Mobile-First Economy

https://blog.afrowallet.co/en_GB/tiers-app/scams-fraud-and-fake-apps-in-africa
1•jonatask•24m ago•0 comments

Porting Doom to My WebAssembly VM

https://irreducible.io/blog/porting-doom-to-wasm/
1•irreducible•24m ago•0 comments

Cognitive Style and Visual Attention in Multimodal Museum Exhibitions

https://www.mdpi.com/2075-5309/15/16/2968
1•rbanffy•26m ago•0 comments

Full-Blown Cross-Assembler in a Bash Script

https://hackaday.com/2026/02/06/full-blown-cross-assembler-in-a-bash-script/
1•grajmanu•31m ago•0 comments

Logic Puzzles: Why the Liar Is the Helpful One

https://blog.szczepan.org/blog/knights-and-knaves/
1•wasabi991011•42m ago•0 comments

Optical Combs Help Radio Telescopes Work Together

https://hackaday.com/2026/02/03/optical-combs-help-radio-telescopes-work-together/
2•toomuchtodo•47m ago•1 comments

Show HN: Myanon – fast, deterministic MySQL dump anonymizer

https://github.com/ppomes/myanon
1•pierrepomes•53m ago•0 comments

The Tao of Programming

http://www.canonical.org/~kragen/tao-of-programming.html
1•alexjplant•54m ago•0 comments

Forcing Rust: How Big Tech Lobbied the Government into a Language Mandate

https://medium.com/@ognian.milanov/forcing-rust-how-big-tech-lobbied-the-government-into-a-langua...
3•akagusu•55m ago•0 comments

PanelBench: We evaluated Cursor's Visual Editor on 89 test cases. 43 fail

https://www.tryinspector.com/blog/code-first-design-tools
2•quentinrl•57m ago•2 comments

Can You Draw Every Flag in PowerPoint? (Part 2) [video]

https://www.youtube.com/watch?v=BztF7MODsKI
1•fgclue•1h ago•0 comments

Show HN: MCP-baepsae – MCP server for iOS Simulator automation

https://github.com/oozoofrog/mcp-baepsae
1•oozoofrog•1h ago•0 comments

Make Trust Irrelevant: A Gamer's Take on Agentic AI Safety

https://github.com/Deso-PK/make-trust-irrelevant
7•DesoPK•1h ago•3 comments

Show HN: Sem – Semantic diffs and patches for Git

https://ataraxy-labs.github.io/sem/
1•rs545837•1h ago•1 comments

Hello world does not compile

https://github.com/anthropics/claudes-c-compiler/issues/1
35•mfiguiere•1h ago•20 comments

Show HN: ZigZag – A Bubble Tea-Inspired TUI Framework for Zig

https://github.com/meszmate/zigzag
3•meszmate•1h ago•0 comments

Metaphor+Metonymy: "To love that well which thou must leave ere long"(Sonnet73)

https://www.huckgutman.com/blog-1/shakespeare-sonnet-73
1•gsf_emergency_6•1h ago•0 comments

Show HN: Django N+1 Queries Checker

https://github.com/richardhapb/django-check
1•richardhapb•1h ago•1 comments

Emacs-tramp-RPC: High-performance TRAMP back end using JSON-RPC instead of shell

https://github.com/ArthurHeymans/emacs-tramp-rpc
1•todsacerdoti•1h ago•0 comments

Protocol Validation with Affine MPST in Rust

https://hibanaworks.dev
1•o8vm•1h ago•1 comments

Female Asian Elephant Calf Born at the Smithsonian National Zoo

https://www.si.edu/newsdesk/releases/female-asian-elephant-calf-born-smithsonians-national-zoo-an...
5•gmays•1h ago•0 comments

Show HN: Zest – A hands-on simulator for Staff+ system design scenarios

https://staff-engineering-simulator-880284904082.us-west1.run.app/
1•chanip0114•1h ago•1 comments

Show HN: DeSync – Decentralized Economic Realm with Blockchain-Based Governance

https://github.com/MelzLabs/DeSync
1•0xUnavailable•1h ago•0 comments

Automatic Programming Returns

https://cyber-omelette.com/posts/the-abstraction-rises.html
1•benrules2•1h ago•1 comments
Open in hackernews

A quiet change to RSA

https://www.johndcook.com/blog/2025/10/06/a-quiet-change-to-rsa/
144•ibobev•4mo ago

Comments

commandersaki•4mo ago
Hm, never encountered the Carmichael function before, but I have had a cursory understanding of Carmichael number.

Given a standard 2048-bit RSA modulus, the totient is still ~2048 bits. I'm not sure and haven't done or seen analysis given the reduction in size (and search space) when replaced with a Carmichael function.

I know, I'll attempt to summon cperciva.

cperciva•4mo ago
This isn't used in practice because if you care about efficiency you're not calculating M^d mod N; instead you compute exponents mod p and mod q and use the CRT to combine (as mentioned in the author's link to "Garner's algorithm").

BTW the Carmichael function and Carmichael numbers have little in common aside from their author and the fact they concern whether x^b = 1 mod N for x relatively prime to N.

commandersaki•4mo ago
Thanks, I thought about this a bit more. Would the security argument for using the Carmichael function essentially be the same as RSA with totient function, as the adversary can always find d that satisfies either function (Carmichael or Euler totient) regardless of which function is used?
cperciva•4mo ago
Correct. You could construct a weird scenario with a buggy side channel attack where using a different value for d would matter, but generally speaking the attacker doesn't know and doesn't care what value (out of the infinitely large number of options!) you're using.
chc4•3mo ago
The summoning worked!
DougMerritt•3mo ago
And it's not even a full moon.
cperciva•3mo ago
It worked 4 days ago, no less!

(I search on a ~daily basis for mentions of "cperciva", "Tarsnap", and "daemonology.net" to see where I and/or my work are mentioned.)

less_less•3mo ago
Annoyingly, while that d = e^-1 usually isn't used in practice (except in cases where you care about side-channel / fault resistance more than the 4x speedup), the Carmichael totient itself still is used in practice. At least if you want to conform to FIPS 186-5 / SP800-56B, which says that the private key includes d = e^-1 mod the Carmichael totient LCM(p-1,q-1), even if you're going to use the CRT. And that means you have to compute LCM(p-1,q-1), which also has side-channel considerations.
jasperry•3mo ago
There are a lot of people who learn and teach the RSA algorithm superficially without a sufficient grasp of the number theory to really understand what is going on. I know because I've been one of them (on both sides). The Carmichael vs. Euler totient issue confused me for a long time.

Needless to say, those people should not be implementing RSA for a system that needs actual security. I'm looking for a better way to teach "real" RSA without needing the students to be math majors or to spend a whole semester on it. Does anybody have any suggestions?

goalieca•3mo ago
Given how much more favored ECDSA and ECDH is these days, i recommend teaching elliptic curves. They're actually quite simple to understand mathematically if you want a shallow comprehension.
supernetworks_•3mo ago
The task for teaching is much harder now as these need to be combined into hybrid PQC protocols
Krutonium•3mo ago
Sure, but teaching the original as a fundamental building block would still be just that.
csmantle•3mo ago
The undergrad lectures I took placed almost equal emphasis on crypto over Zp and crypto over EC. For most students without deep abstract algebra backgrounds, introduction to operations and principles are more friendly and tractable over Zp.
burnt-resistor•3mo ago
Anyone with an undergraduate CS background should be able to handle Dan Boneh's course:

https://www.coursera.org/learn/crypto

Although there are continuums of teaching delivery from muddled to clear explanations of concepts, there are no student shortcuts to escape the irreducible mental exertion to acquire familiarity towards mastery. Uncurious people shouldn't be in the field (no pun intended).

AnotherGoodName•3mo ago
I wrote an article trying to give a simple overview for teaching. https://rubberduckmaths.com/eulers_theorem

I also added plenty of inline python code blocks students can change and run on the fly.

The reason i wrote this is the hand waving around group theory i saw in other explanations. Namely you shouldn't just say x^y always = x mod m for certain values of y (eg. x^13=x mod 35, even for factors of 35). You should give a detailed, intuitive understanding of why this occurs.

jcalvinowens•3mo ago
I use this as a teaching aid: https://github.com/jcalvinowens/toy-rsa

It's an ugly naive implementation, but it's much simpler and more accessible than any real one I've ever seen, and depends on nothing but libc.

f_devd•3mo ago
Depending on what you're trying to teach, I would think something like these would be nicer to read (but with minimal dependencies): https://github.com/jackkolb/TinyRSA or https://github.com/i404788/tiny-rsa
jcalvinowens•3mo ago
The point for me is a naive BIGNUM library that somebody who has only had high school level math can easily understand.
almostgotcaught•3mo ago
> I'm looking for a better way to teach "real" RSA without needing the students to be math majors or to spend a whole semester on it.

RSA is math so it seems like you're trying to shove a square peg into a round hole here.

LelouBil•3mo ago
Yeah, learning maths for 1-2 months and then applying it to RSA in python at the very end was how I learned it and I think it was a great way. Even though it was a CS diploma we learned it with the maths teacher and spent the right amount of time on it.
LelouBil•3mo ago
During my 2-year CS degree (in France ) we learned the whole modular algebra with groups, and stuff (don't know the terminology in English sorry) and finally, we learned about RSA using all of this stuff and it really was a wow moment for the whole class!

I don't know how it's taught elsewhere but I feel like I both have "a sufficient grasp of the number theory to really understand what is going on" but also I "should not be implementing RSA for a system that needs actual security" !

im3w1l•3mo ago
> I'm looking for a better way to teach "real" RSA without needing the students to be math majors or to spend a whole semester on it. Does anybody have any suggestions?

Start and end with a reminder to use padding.

Actually if you want to make it not-so-mathy, talking about about how to be compatible with other programs could be nice. How do you import/export public key in pem or der? How do you (de)serialize ciphertext?

AnotherGoodName•3mo ago
Another similar one is that we don't care for strong primes anymore and even though the standards for RSA specifically require it, it's not actually helpful at all, see https://eprint.iacr.org/2001/007

Strong primes are ones where the totient (both carmichael and euler totients) have large primes in them. This happens naturally for 2048 bit and above RSA keys in any-case, they'll statistically absolutely have primes that are larger than the bits needed to factor using elliptic curve methods (>256 bits). In general it's just not that helpful, similar to trying to require carmichael rather than Euler totient. Ok you've made the 2048 bit key 3 bits stronger, great, but let's not bother right?

less_less•3mo ago
Do the standards require strong primes for RSA? I think FIPS doesn't ... it gives you that option, either for the legacy reasons or to get a proof with Pocklington's theorem that (p,q) really are prime, but just choosing a random (p,q) and running enough rounds of Miller-Rabin on them is considered acceptable IIRC.
AnotherGoodName•3mo ago
Yeah see https://en.wikipedia.org/wiki/Strong_prime#Factoring-based_c...

There is probably a newer standard superseeding that but it is there in the ansi standards

mmastrac•3mo ago
"The efficiency gained from using Carmichael’s totient is minimal. More efficiency can be gained by using Garner’s algorithm."

The proof of which is left to the reader?

username223•3mo ago
stares at the board for ten minutes

disappears into the back room for fifteen minutes

"Yes, it's trivial."

jongjong•3mo ago
The notation used in Euler’s totient function reminds me why I chose to study software engineering instead of maths. The same notation can be used to mean 3 different things. Illogical. It baffles me why mathematicians made the language of maths, which is supposed to be the language of logic, so ambiguous. So sloppy to reuse the mod symbol to mean different things and sloppily using an equal sign instead of congruence symbol.

I will henceforth refer to software development as 'software engineering' to convey its equivalence, or perhaps superioriority over other 'engineering' disciplines which are based on ambiguous mathematical language, as opposed to rigorous, machine-verifiable, unambiguous languages.

atemerev•3mo ago
Software engineering? The same thing that gave us Javascript operators?
jongjong•3mo ago
Well even those are perfectly consistent and deterministic. The casting rules are contrived and inelegant, but they're consistent.
piskov•3mo ago
I expected to see CIA somewhere in the article :-)
Mo3•3mo ago
That was literally my first thought reading the title too.
atemerev•3mo ago
CIA is not doing it this way; that would be the NSA.