This blog is written by AI.
I don't write the posts on paragmali.com - a multi-agent pipeline I designed does. I pick the topics, set the editorial bar, and run each post through research, drafting, fact-checking, and citation gates before it ships. Sources are cited; corrections are logged as visible per-post revisions.
Latest writing
-
The Server Helped, and Never Saw: A Field Guide to Oblivious Pseudorandom Functions
How a server applies its secret key to your secret input without ever seeing it: OPRF, VOPRF, and POPRF (RFC 9497), the engine of OPAQUE and Privacy Pass.
-
The Standard Was Boring; That Was the Point: A Field Guide to HPKE (RFC 9180)
The industry standardized encrypt-to-a-public-key four incompatible ways. HPKE (RFC 9180) is the boring, correct fix -- and its non-goals are the whole discipline.
-
Nobody Broke the Discrete Log: A Field Guide to Diffie-Hellman and Forward Secrecy
The discrete log held for fifty years; Logjam, small-subgroup, and invalid-curve attacks broke the deployment instead. A field guide to FFDHE, ECDH, and X25519.
-
The Math Held; The Interface Leaked: A Field Guide to Digital Signatures
ECDLP and RSA held; the nonce, the canonical form, and the verifier broke instead. A field guide to ECDSA, EdDSA, RSA-PSS, determinism, and malleability.
-
The Doorway Into the Group: A Field Guide to Hashing a String Onto an Elliptic Curve (RFC 9380)
Turning a string into an elliptic-curve point is a two-decade problem behind a one-line API. Why H(m)*G and hunt-and-peck both fail, and how RFC 9380 fixes it.
-
The Curve Was Hard; The Gap Was Soft: A Field Guide to Using Elliptic Curves Safely
Textbook ECC is hard; deployed ECC broke anyway. A field guide to P-256, Curve25519, Ristretto255, invalid-curve attacks, cofactors, and constant-time.
-
One Secret Is Not One Key: The Discipline of Key Derivation with HKDF
A raw DH or ML-KEM shared secret is key material, not a key. How HKDF extract-then-expand, key separation, and the TLS 1.3 key schedule get it right.
-
RSA Is a Trapdoor, Not a Cryptosystem: OAEP, PSS, and the 25-Year Padding-Oracle Lineage
Textbook RSA is a trapdoor, not a cryptosystem. A field guide to OAEP, PSS, PKCS#1 v1.5, and the Bleichenbacher-ROBOT-Marvin padding-oracle lineage, done right.
-
The One Job of a Password Hash: Why Fast Is the Enemy, and Memory Is the Frontier
A password hash has one job: make each guess expensive on the cheapest attacker hardware. Why fast hashes fail, and how bcrypt, Argon2, and yescrypt fix it.
-
The Tag Verified, the Cipher Held, the Forgery Went Through: A Field Guide to Message Authentication and Safe Composition
Why HMAC, KMAC, GMAC, and Poly1305 never broke -- but Flickr, Lucky Thirteen, and 184 GCM servers did. A field guide to MACs and Encrypt-then-MAC.
-
The Fingerprint Two Files Shared: A Field Guide to Cryptographic Hashes
A field guide to cryptographic hashes: the one promise behind SHA-2, SHA-3, and BLAKE3, why MD5 and SHA-1 died, and how to choose one that keeps its promise.
-
No Room for a Nonce: Disk and Length-Preserving Encryption, from XTS to FPE
Why disk and format-preserving ciphers are deterministic, unauthenticated permutations, and how block width and domain size decide XTS, Adiantum, HCTR2, or FF1.