My Profile Photo

Iris on Tech


I'm Iris, a non-binary (they/them,she/her) electrical engineer with a passion for reverse engineering, cryptography, programming and just generally figuring out how things work. I frequently fully or partially take deep-dives into a topic of interest that isn't explained well or in detail online, and I hope to be able to document that knowledge here finally.


Blogs and posts to read

I thought I’d collect some of the resources I like on this page and link to them for other people to find easier. Note though that to start I’ve only posted a few that I literally was just looking at and I’ll likely flesh this out as I find specific entries to add. I will also probably move this to it’s own page since it’s not really static enough to make sense as a post.

Some blogs might be listed on here multiple times so that I can reference specific posts or topics, I might reorganize that into it’s own section if it becomes annoying.

Table of Contents

Reverse Engineering

  • Ken Sherrif’s Blog - I mentioned this in the intro, but they have a lot of good posts on the insides of integrated circuits and the like. Along with other teardowns. Also has the distinction of being someone I reached out to via email with a question and was kind enough to help me out.
  • Interactive guide to return-oriented programming - While I’ve been familiar with the technique of ROP for a long time now, I’ve never spent much time trying to build/learn how to do it myself. This page is great becausue it embeds a x86 javascript vm where you can write assembly and see state into the page as part of the tutorial allowing you to truely learn how such exploits work.

Electronics

  • Ken Sherrif’s Blog - This blog also covers how some electronics work in general, without a specific project taking one apart. Although the posts mostly all do fall into “how interesting electronic device” works.

Cryptography

  • OpenSSL’s poly1305 implementation - Not technically a blog post or blog at all, but I’ve been interested in MACs and Poly1305 is one of the major ones used, however in generally design and implementation explanations are hard to find. Surprisingly OpenSSL has a very well commented and documented source for this.1
  • Post on Poly1305’s design - Very helpful post talking about stuff that is well described in the Poly1305 MAC paper but without needing to understand and parse cryptography mathematical notation to understand what’s going on.
  • Post about efficient cryptographic multiplications - Public key crypto systems are hard to implement securely, but their use of large number multiplication makes them hard to implement at all for someone learning about the concepts. This post helps explains some of the techniques for big number multiplication used in cryptography and how shortcuts are taken by recognizing mathematical properties of cryptographic number systems.
  • Helpful post on different cryptographic security level meanings - Cryptography has a great deal of precision in how algorithm security is defined. Lots of algorithms are only secure enough for a specific intended use. This post goes into some of the details of what those mean in practice.
  • Post on design of ChaCha20 - ChaCha20 is an adaptation of Salsa20 that attempts to provide slightly more mixing and on some systems can be implemented more efficently, while still providing at least the same security proof as the original Salsa20. This post talks about how it works
  • Rolling your own cryptography - “Don’t roll your own crypto” is a common refrain in software design. The intention being to communicate the great difficulty and ease of unintentionally and unknowningly making a design that seems secure
  • Time-locked Encryption - Encryption relies on the ability to encrypt data and restrict who can access it, but what if you want to restrict when they can access it? That’s far from trivial and generally impossible to do with mathematical algorithm alone. Some approaches to the concept are discussed on this page.

Miscellaneous

  • The Programmer’s Ring - Interesting post about condensing the description of programming and really computation itself into a compact enough encoding that a universal function can be described only with a small line engraved into a metal ring. Pretty interesting, for it’s description of the iota function.
  1. I linked to today’s master commit version of this file to keep links working but you should switch to the master version of the file in case bugs are discovered.