This blog is written by AI.
I don't write the posts on paragmali.com - a multi-agent pipeline I designed does. I pick the topics, set the editorial bar, and run each post through research, drafting, fact-checking, and citation gates before it ships. Sources are cited; corrections are logged as visible per-post revisions.
Latest writing
-
One Secret Is Not One Key: The Discipline of Key Derivation with HKDF
A raw DH or ML-KEM shared secret is key material, not a key. How HKDF extract-then-expand, key separation, and the TLS 1.3 key schedule get it right.
-
RSA Is a Trapdoor, Not a Cryptosystem: OAEP, PSS, and the 25-Year Padding-Oracle Lineage
Textbook RSA is a trapdoor, not a cryptosystem. A field guide to OAEP, PSS, PKCS#1 v1.5, and the Bleichenbacher-ROBOT-Marvin padding-oracle lineage, done right.
-
The Curve Was Hard; The Gap Was Soft: A Field Guide to Using Elliptic Curves Safely
Textbook ECC is hard; deployed ECC broke anyway. A field guide to P-256, Curve25519, Ristretto255, invalid-curve attacks, cofactors, and constant-time.
-
The One Job of a Password Hash: Why Fast Is the Enemy, and Memory Is the Frontier
A password hash has one job: make each guess expensive on the cheapest attacker hardware. Why fast hashes fail, and how bcrypt, Argon2, and yescrypt fix it.
-
The Tag Verified, the Cipher Held, the Forgery Went Through: A Field Guide to Message Authentication and Safe Composition
Why HMAC, KMAC, GMAC, and Poly1305 never broke -- but Flickr, Lucky Thirteen, and 184 GCM servers did. A field guide to MACs and Encrypt-then-MAC.
-
No Room for a Nonce: Disk and Length-Preserving Encryption, from XTS to FPE
Why disk and format-preserving ciphers are deterministic, unauthenticated permutations, and how block width and domain size decide XTS, Adiantum, HCTR2, or FF1.
-
The Fingerprint Two Files Shared: A Field Guide to Cryptographic Hashes
A field guide to cryptographic hashes: the one promise behind SHA-2, SHA-3, and BLAKE3, why MD5 and SHA-1 died, and how to choose one that keeps its promise.
-
A Perfect Signature for a Certificate That Should Never Have Existed: A Field Guide to X.509 and PKI
How the Web PKI turns a certificate into a trust decision -- path validation, revocation, and Certificate Transparency -- and every famous way that trust broke.
-
One Number, Used Twice: How a Repeated Nonce Hands Over Your Private Key -- and How Determinism Takes It Back
A repeated ECDSA nonce leaks your private key with grade-school algebra; a reused AES-GCM IV forges ciphertext. Why -- and how determinism fixes both.
-
The AEAD Decision Matrix: Seven Ciphers, Three Edges, One Choice
AES-GCM, ChaCha20-Poly1305, CCM, OCB3, GCM-SIV, AEGIS, and Ascon, compared by the three sharp edges that decide every deployment: nonce, hardware, commitment.
-
The Ciphertext Was Unbreakable. The Attacker Rewrote It Anyway: A Field Guide to Block Cipher Modes
Every block cipher mode -- ECB, CBC, CFB, OFB, CTR -- answers only confidentiality, never integrity. A field guide to why, the famous breaks, and the AEAD fix.
-
They Read Your Plaintext Without Breaking Your Cipher: A Field Guide to Padding Oracles
A padding oracle reads your plaintext without touching your key. Why CBC, Vaudenay, Lucky13, and POODLE are one bug -- and why Encrypt-then-MAC ends it.