Tony Arcieri

Hi there. These days I dabble in Rust and cryptography, but in the past made the Celluloid actor framework for Ruby and the Reia programming language

Read this first

Rust 2020: towards a 1.0 crate ecosystem


The Rust language itself went 1.0 in 2015. And yet, almost 5 years later, at least in my anecdotal assessment talking to and reading things written by current or potential users, there is still a sense that the language is still in some way unfinished and a bit rough around the edges.

I sympathize with these concerns.

There are various language-level issues which are partly to blame for this. The absence of a comprehensive story around asynchronous I/O and event-driven programs in general has been one of them, but that all changes… today… with the long awaited stabilization of async/await in the Rust 1.39 release along with the release of futures v0.3.0 earlier this week.

There are other core features which many desire. In my Rust in 2019 blog post I wrote about const generics as the 1 in my top 3, along with async/await and Pin, which both shipped this year.

Others long for even...

Continue reading →

Factual inaccuracies of “Facebook Libra is Architecturally Unsound”

A post by Stephen Diehl about Facebook Libra is making the rounds this morning. It makes a number of claims about flaws in the software. Many of these claims are factually inaccurate. I consider it to be a gish gallop that bombards you with a bunch of negative claims, many of which are false or at best, specious.

For context, I am a contributor to OpenLibra, a group independent of Facebook (or should I say “FACEBOOK”) who are experimenting with operating the Libra software. My company also operates other BFT-based cryptocurrencies, such as the Cosmos Network which is based on Tendermint BFT. Prior to that I worked extensively in credit card processing at companies like Square and LivingSocial, also doing card processing integrations at several companies before that.

This post, like the original, is intended to be purely technical, and if it were to talk about my opinions of a...

Continue reading →

Rust in 2019: Security, Maturity, Stability


I’ve been a day-to-day Rust user for nearly 5 years now. In that time I’ve perpetually felt like Rust is “the language that will be awesome tomorrow”. Rust has always felt like it had so much promise and potential, but if you actually sat down and tried to use it, the result was akin to trying to assemble a complex mechanism but you were always missing a few pieces.

I managed to suffer through it in the long long ago of 2014, and each year it’s gotten better, until in 2018 I could confidently say “Now’s a great time to start learning Rust”. But how about actually writing a real-world Rust application and deploying it to production?

2018 marked my second year as a full-time Rust developer, and I’m happy to say it’s the first year I shipped production Rust applications (not just one but three!), and added the startup I cofounded to the Friends of Rust (nee Production Users) page...

Continue reading →

The Tether Conundrum Part 2: The Plot Thickens

NOTE: For more background including a brief introduction to Tether itself, see part 1 of this series: The Tether Conundrum: A Quick Backstory. This post will largely assume you have read that first, or are at least familiar with the material it covers. Also thanks to Bitfinex'ed for surfacing much of the material covered in this post.


There have been plenty of developments surrounding Tether in the months since I wrote the first post in this series in January:

  • Tether’s previous “auditor” (who never completed an audit), Friedman LLP, removed all mentions of Tether from their web site. Shortly thereafter Tether would announce that they are dissolving their relationship with Friedman. Despite claims of “frequent professional audits” on their web site, to date Tether has never completed an audit.
  • The US Commodity Futures Trading Commission (CFTC) sent subpoenas to Bitfinex and Tether...

Continue reading →

The Tether Conundrum: A Quick Backstory

NOTE: This post is fourth in a series I’ve written about Bitcoin, including The Death of Bitcoin, On the dangers of a blockchain monoculture, and A tale of two cryptocurrencies: Ethereum and Bitcoin’s ongoing challenges. I am a former HODLer, present nocoiner, and perpetual Bitcoin bear, so take that for what you will. Well, the nocoiner part is a bit of a lie: I have a JPCoin.


Figure 1: If we correlate the declining murder rate with web browser usage, we can deduce that Internet Explorer was the major causal factor in homicide rates. Thank you Mozilla and Chrome Team, you are doing God’s work.

Bitcoin has certainly been on a roller coaster ride over the past several months, with several people questioning “Bitcoin? Is it good? Should I buy it? The price keeps going up like magic and never crashes, at least for long anyway. Buy the dip, and HODL!”. Where Bitcoin bulls say it’s on...

Continue reading →

A short statement regarding Ashley Williams’ abusers

It seems there is some drama in the Rust community regarding Ashley Williams’ recent appointment to the Rust Community Team.

Did Ashley violate the Node.js Code of Conduct, and is there an active censorship effort underway by the Rust Core Team to silence any dissenting voices and appoint Ashley as evil demon goddess overlord for life? It’s a Rust Conspiracy! The accusers are applauding those who have a “skeptical” view about this situation: The sheeple are woke!.

I see things a bit differently. The people cheering on abusers and perpetuating a cycle of abuse.

“Maybe if we follow her around the Internet endlessly harassing her, it will prove our point how that one thing she tweeted one time could possibly be in violation of a Code of Conduct.” There’s a word for people like that: Gamergaters. In my book, following someone around the Internet engaging in a harassment campaign forfeits...

Continue reading →

Introducing Miscreant: a multi-language misuse resistant encryption library

For the past several months I have been hacking on not just one, but five encryption libraries in five different languages (Go, Python, Ruby, Rust, and TypeScript). Tall order, I know. And worse, these libraries implement what I believe is a novel cryptographic construction. Are you terrified yet? Yes, I’m implementing novel cryptography, in several languages at that, but I’d like to convince you it’s not as scary as it sounds.

Why? Because I’m implementing algorithms originally created by a cryptographer, Phil Rogaway, whose decades of work is just starting to receive the mainstream attention it deserves. These algorithms are extremely simple and designed to be easy-to-implement. Finally, they’re all built atop otherwise standard AES modes.

The library is Miscreant, and it’s available on GitHub in the form of a multi-language monorepo at:



Continue reading →

It’s time for a memory safety intervention


Memory safety won’t fix shell escaping bugs. Memory safety won’t fix logic bugs. Memory safety will not prevent an attacker who has obtained your HMAC key from forging a malicious credential that, when deserialized, can call arbitrary Ruby methods (yes, this was a real vulnerability in older versions of Rails). Memory safety will not prevent a federated identity system which uses XML-based credentials from accidentally running attacker controlled commands due to external entity processing (yes, this was a real vulnerability in certain implementations of SAML). A language which provides a memory safe model but binds to unsafe code is still vulnerable when calling into unsafe code.

Nobody disputes these things. Now that we have that out of the way…

Programming in C means you are using an unsafe memory model 100% of the time. It is the programming equivalent of trying to walk a...

Continue reading →

Key rotation, user experience, and crypto reporting

Screen Shot 2017-01-13 at 10.57.32 PM.png

WhatsApp was the subject of a recent Guardian article making claims of a “backdoor” stemming from a “bug” in the way WhatsApp handles key rotations for users. The problem? WhatsApp will automatically transmit messages after the recipient’s key has changed without first asking the sender to confirm the new key is genuine.

Far from being a “bug” or “backdoor” (a claim so wrong I am sure hoping the original author of the story Samuel Gibbs will issue a retraction), handling key rotation seamlessly is a difficult problem with a long-storied history, along with many attempts to surface such information to the user in order to ask them to make a security decision, such as in the SSH screenshot above.

Clearly an in-person exchange of key fingerprints is the most secure option for establishing a secure channel, but is inconvenient, often impractical, and doesn’t provide a good means for...

Continue reading →

4 fatal flaws in deterministic password managers

Wouldn’t it be nice if your password manager didn’t need a database? Instead of synchronizing a password vault between your devices, you could use the magic of cryptography to magically transform a master password into a unique password for each site.

There have been a numerous and ever growing implementations of this idea. Much of the marketing material for these tools talks about how using a deterministic scheme allows “sync-free” operation, is “more secure” than a password vault, and often that it’s a newer idea than encrypted password vaults.

In this post, I will argue that you can’t practically provide “sync-free” operation without making your password manager unusable, how using a deterministic scheme harms security, and how it’s actually an old idea which never caught on for good reasons.

Deterministic password derivation schemes date back to at least 2003: Stanford PwdHash and...

Continue reading →