FIDO2, IPv6, Tor, Post Quantum, WiFi, Dead Drops

1. It seems that ed25519-sk or ecdsa-sk SSH keys won't work with Windows at least straight out of the box.

2. OVH IPv6 routing / peering extremely bad in Singapore. As example loading just the top document curl -6 "https://www.google.com" from their data center can easily take over an minute. Also TTL jitters from 52 to 105 and packet loss can be quite high. Let's see if they manage to fix it. I believe that's also why mesh networking is reporting such low bandwidth for the server, even if there's nothing wrong with the server's bandwidth, it's just rest of the network over IPv6 which pretty much completely fails to specific destinations.

3. Helped a friend to configure Tor nodes not by limiting bandwidth, but limiting MaxAdvertisedBandwidth so there are no technical limits, but the network just connects less clients to the servers to limit the impact on system resources. Also this allows as example, if manually configured, the peers to get full performance, even if it's much higher than publicly told. Good for guards, rendezvous nodes etc.

4. First Four Quantum-Resistant Cryptographics Algormithms (@ nist.gov) - Quantum computers keep evolving and there has to be new ways to secure data. Kyber is used for encryption Other three are signature algorithms. kw: CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, SPHINCS+

5. Store-now, decrypt later (SNDL) concept, is a key factor pushing post quantum public key algorithms and solutions forward. Currently there's a real risk that important data encrypted with current public key solutions could be in future decrypted using quantum computers. A great related article about quantum attacks (@ research.kudelskisecurity.com) -, including estimation charts. And NTRU (@ Wikipedia) and SSH post-quantum key exchange (@ nakedsecurity.sophos.com).

6. So classic, friends family's boy bought new WiFi box. Then mom got problems accessing internet. Well of course, the WiFi box was configured to use on 6E channel, using 160 MHz (only) bandwidth, WPA3, and 11ax QAM-1024 modulation. I enabled the good old 2.4 GHz network with 11g for the old device with WPA2 for the old device and everything miraculously (heh) started to work again. So classic. It happens quite often that people break configuration and then try to complain about something not working, even if they caused the issues by them selves. Basically all the latest options with no backward compatibility were enabled. Try to guess how this works with 7+ years old cheap laptop?

7. Long discussion about public USB dead drops in one forum, but oh noes! - I personally prefer WiFi or Bluetooth ones. Located in public places (without cameras) where you can access it while waiting or passing by. So it's not obvious who's accessing it. Auto sync is quick task even in traffic lights. - I wouldn't connect any device to unknown USB device anyway. - Depending what hardware / storage / location / battery you're using, it can be as small as coin, and last an year with internal battery. Or with larger fist sized lithium battery you can power up more powerful Bluetooth system for 10 years, even in outdoor conditions. Using such solution allows sealing device permanently, because further physical access isn't required. Which allows the device to be lowered, sealed or positioned into very hard to access places. Good for locations where accessing the device could draw attention / raise questions. Yet with right gear and preplanned operation, it's likely that nobody's going to ask anything, if you come with high-visibility vest and ladder and then just open some panel, put stuff in look around, make a call (check that everything is ok) and then leave. It's highly likely that nobody's going to remove the device later. Anyway, that's usually longer than preferred, regularly relocating the drops is a good idea as well. Drawback with wireless dead drops of course is that it's easier to remotely and passively monitor those, by installing listening hardware with in range.

2023-09-03