Tony Arcieri

Hi there. These days I dabble in cryptography, but in the past made the Celluloid actor framework for Ruby and the Reia programming language

Read this first

Rust in 2019: Security, Maturity, Stability


NOTE: This is a work-in-progress I have put online a bit early. Check back later for the complete version

I’ve been a day-to-day Rust user for nearly 5 years now. In that time I’ve perpetually felt like Rust is “the language that will be awesome tomorrow”. Rust has always felt like it had so much promise and potential, but if you actually sat down and tried to use it, the result was akin to trying to assemble a complex mechanism but you were always missing a few pieces.

I managed to suffer through it in the long long ago of 2014, and each year it’s gotten better, until in 2018 I could confidently say “Now’s a great time to start learning Rust”. But how about actually writing a real-world Rust application and deploying it to production?

2018 marked my second year as a full-time Rust developer, and I’m happy to say it’s the first year I shipped production Rust applications (not just...

Continue reading →

The Tether Conundrum Part 2: The Plot Thickens

NOTE: For more background including a brief introduction to Tether itself, see part 1 of this series: The Tether Conundrum: A Quick Backstory. This post will largely assume you have read that first, or are at least familiar with the material it covers. Also thanks to Bitfinex'ed for surfacing much of the material covered in this post.


There have been plenty of developments surrounding Tether in the months since I wrote the first post in this series in January:

  • Tether’s previous “auditor” (who never completed an audit), Friedman LLP, removed all mentions of Tether from their web site. Shortly thereafter Tether would announce that they are dissolving their relationship with Friedman. Despite claims of “frequent professional audits” on their web site, to date Tether has never completed an audit.
  • The US Commodity Futures Trading Commission (CFTC) sent subpoenas to Bitfinex and Tether...

Continue reading →

The Tether Conundrum: A Quick Backstory

NOTE: This post is fourth in a series I’ve written about Bitcoin, including The Death of Bitcoin, On the dangers of a blockchain monoculture, and A tale of two cryptocurrencies: Ethereum and Bitcoin’s ongoing challenges. I am a former HODLer, present nocoiner, and perpetual Bitcoin bear, so take that for what you will. Well, the nocoiner part is a bit of a lie: I have a JPCoin.


Figure 1: If we correlate the declining murder rate with web browser usage, we can deduce that Internet Explorer was the major causal factor in homicide rates. Thank you Mozilla and Chrome Team, you are doing God’s work.

Bitcoin has certainly been on a roller coaster ride over the past several months, with several people questioning “Bitcoin? Is it good? Should I buy it? The price keeps going up like magic and never crashes, at least for long anyway. Buy the dip, and HODL!”. Where Bitcoin bulls say it’s on...

Continue reading →

A short statement regarding Ashley Williams’ abusers

It seems there is some drama in the Rust community regarding Ashley Williams’ recent appointment to the Rust Community Team.

Did Ashley violate the Node.js Code of Conduct, and is there an active censorship effort underway by the Rust Core Team to silence any dissenting voices and appoint Ashley as evil demon goddess overlord for life? It’s a Rust Conspiracy! The accusers are applauding those who have a “skeptical” view about this situation: The sheeple are woke!.

I see things a bit differently. The people cheering on abusers and perpetuating a cycle of abuse.

“Maybe if we follow her around the Internet endlessly harassing her, it will prove our point how that one thing she tweeted one time could possibly be in violation of a Code of Conduct.” There’s a word for people like that: Gamergaters. In my book, following someone around the Internet engaging in a harassment campaign forfeits...

Continue reading →

Introducing Miscreant: a multi-language misuse resistant encryption library

For the past several months I have been hacking on not just one, but five encryption libraries in five different languages (Go, Python, Ruby, Rust, and TypeScript). Tall order, I know. And worse, these libraries implement what I believe is a novel cryptographic construction. Are you terrified yet? Yes, I’m implementing novel cryptography, in several languages at that, but I’d like to convince you it’s not as scary as it sounds.

Why? Because I’m implementing algorithms originally created by a cryptographer, Phil Rogaway, whose decades of work is just starting to receive the mainstream attention it deserves. These algorithms are extremely simple and designed to be easy-to-implement. Finally, they’re all built atop otherwise standard AES modes.

The library is Miscreant, and it’s available on GitHub in the form of a multi-language monorepo at:



Continue reading →

It’s time for a memory safety intervention


Memory safety won’t fix shell escaping bugs. Memory safety won’t fix logic bugs. Memory safety will not prevent an attacker who has obtained your HMAC key from forging a malicious credential that, when deserialized, can call arbitrary Ruby methods (yes, this was a real vulnerability in older versions of Rails). Memory safety will not prevent a federated identity system which uses XML-based credentials from accidentally running attacker controlled commands due to external entity processing (yes, this was a real vulnerability in certain implementations of SAML). A language which provides a memory safe model but binds to unsafe code is still vulnerable when calling into unsafe code.

Nobody disputes these things. Now that we have that out of the way…

Programming in C means you are using an unsafe memory model 100% of the time. It is the programming equivalent of trying to walk a...

Continue reading →

Key rotation, user experience, and crypto reporting

Screen Shot 2017-01-13 at 10.57.32 PM.png

WhatsApp was the subject of a recent Guardian article making claims of a “backdoor” stemming from a “bug” in the way WhatsApp handles key rotations for users. The problem? WhatsApp will automatically transmit messages after the recipient’s key has changed without first asking the sender to confirm the new key is genuine.

Far from being a “bug” or “backdoor” (a claim so wrong I am sure hoping the original author of the story Samuel Gibbs will issue a retraction), handling key rotation seamlessly is a difficult problem with a long-storied history, along with many attempts to surface such information to the user in order to ask them to make a security decision, such as in the SSH screenshot above.

Clearly an in-person exchange of key fingerprints is the most secure option for establishing a secure channel, but is inconvenient, often impractical, and doesn’t provide a good means for...

Continue reading →

4 fatal flaws in deterministic password managers

Wouldn’t it be nice if your password manager didn’t need a database? Instead of synchronizing a password vault between your devices, you could use the magic of cryptography to magically transform a master password into a unique password for each site.

There have been a numerous and ever growing implementations of this idea. Much of the marketing material for these tools talks about how using a deterministic scheme allows “sync-free” operation, is “more secure” than a password vault, and often that it’s a newer idea than encrypted password vaults.

In this post, I will argue that you can’t practically provide “sync-free” operation without making your password manager unusable, how using a deterministic scheme harms security, and how it’s actually an old idea which never caught on for good reasons.

Deterministic password derivation schemes date back to at least 2003: Stanford PwdHash and...

Continue reading →

A quick tour of Rust’s Type System Part 1: Sum Types (a.k.a. Tagged Unions)

Rust is one of those hip new programming languages you might get tired of hearing about on the Hacker News, but talking with people who have heard of Rust but haven’t actually looked into it in depth, I feel like what Rust actually offers you as a programmer is often poorly communicated. The more I use Rust, the more I’ve come to discover that the single most important thing it offers, the part of the language that almost all of its other benefits fall out of, is its type system.

I’m embarking on a short series of blog posts which will explore Rust’s type system, and hopefully describe things in a beginner-friendly way such that you don’t need to know a whole lot about advanced type systems to understand what I’m talking about.

Before I go any further talking about type systems, let me make one thing clear: this is not a post for type system experts. If you’re a functional programmer...

Continue reading →

Introducing TJSON, a stricter, typed form of JSON

TJSON logo

NOTE: TJSON syntax has been revised since this post was originally published. Please visit for the latest syntax.

I’d like to announce a project I’ve been working on with Ben Laurie called TJSON (Tagged JSON).

TJSON is syntax-compatible with JSON, but adds mandatory type annotations. Its primary intended use is in cryptographic authentication contexts, particularly ones where JSON is used as a human-friendly alternative representation of data in a system which otherwise works natively in a binary format.

Before I go further describing TJSON, I’d like to give some background.


JSON is a bit of a mess. You may have seen Parsing JSON is a Minefield recently, which did a fantastic job of illustrating that while JSON’s “simplicity is a virtue” approach lead to widespread adoption, underspecification has lead to a proliferation of interoperability...

Continue reading →