Dan Draper

6.4K posts

Dan Draper banner
Dan Draper

Dan Draper

@danieldraper

CipherStash founder, cryptography nerd, Rust zealot.

Sydney and SF Katılım Mayıs 2008
4.8K Takip Edilen7.9K Takipçiler
Dan Draper retweetledi
CipherStash
CipherStash@cipherstash·
Today we're launching the CipherStash + Supabase integration. Developers can now build privacy-first PostgreSQL applications without giving up the features they expect. What you get: * Search encrypted data (equality, range, ordering & full-text) * Encrypt sensitive fields before they ever reach Postgres * Keep keys under your control with ZeroKMS * Add data-level access control tied to identity * Works natively with Supabase and TypeScript This is about making strong security the default—not something that slows developers down. Learn more: cipherstash.com/supabase Docs: cipherstash.com/docs/integrati… Thanks to the @supabase team for partnering with us. Looking forward to seeing what everyone builds next.
CipherStash tweet media
English
0
1
3
108
Dan Draper
Dan Draper@danieldraper·
This is the one I've been waiting to share. Searchable encryption on @supabase is live! Encrypt your columns and keep querying them. WHERE, LIKE, ORDER BY, JOIN, GROUP BY, even JSON. Basically, zero code change and < 10ms overhead for most queries.
Supabase@supabase

CipherStash brings searchable field-level encryption to Supabase. → Encrypt sensitive fields at the application layer, no schema changes → Search, sort, and join over encrypted data without decrypting it → Keys stay under your control with ZeroKMS One command to set up: `npx stash init --supabase` Learn more → supabase.com/blog/searchabl…

English
0
0
1
74
Dan Draper
Dan Draper@danieldraper·
I pointed Claude Fable at a major update of one of our crypto libs over night. It more than quadrupled encrypt performance and found an obscure encrypt-side timing security flaw that exists in our scheme as well as all of the current published ORE schemes in the literature. Mind blown. ...and now Fable has been disabled.
English
1
0
5
448
Dan Draper
Dan Draper@danieldraper·
Doors five and six: backups (a complete copy of your database with none of its access controls) and unapplied patches (a door you know is open, and so does everyone else). Work through the doors in order. The attacker will. Runnable commands for all six: dev.to/cipherstash/se…
English
0
0
0
23
Dan Draper
Dan Draper@danieldraper·
The fix: encrypt in the application, so Postgres never holds plaintext or key material. The catch was always search. WHERE email = ? dies on random ciphertext. Encrypted indexes solve it: the planner uses them like any other index. A pg_dump shows ciphertext. Nothing else.
English
1
0
2
38
Dan Draper
Dan Draper@danieldraper·
Most Postgres hardening guides are checklists in no particular order. Attackers don't probe in no particular order. Here's how to secure a Postgres database in the sequence an attacker would actually work through it 🧵
English
1
0
2
193
Dan Draper retweetledi
Low Level
Low Level@LowLevelTweets·
In the long run I think software gets more secure out of necessity, but the in between is a scary time period where everyone is just CONSTANTLY getting hacked
English
13
7
243
16.3K
Dan Draper retweetledi
Thomas Roccia 🤘
Thomas Roccia 🤘@fr0gger_·
I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. 😵‍💫 There's obviously more technical detail to uncover, but you'll get a general understanding of the complexity and the stealthy mechanisms used to remain undetected. 🧐 Thanks to @AndresFreundTec for his insight into this and a shoutout to these researchers if you want to learn more about the backdoor 🙏👇 - gist.github.com/smx-smx/a6112d… by SMX - bsky.app/profile/filipp… by @FiloSottile - github.com/amlweems/xzbot by @amlweems - github.com/karcherm/xz-ma… by Karchem - research.swtch.com/xz-script by Russ Cox - github.com/0xlane/xz-cve-… by 0xlane And of course, all the others previously mentioned and those who contributed to the analysis. #xz #infosec
Thomas Roccia 🤘 tweet media
English
8
63
209
11.5K
Dan Draper
Dan Draper@danieldraper·
@rayn_ong Patent if the strategy is to be acquired for a big sum. Plenty have done it but revenue preferred in almost all cases!
English
0
0
0
87
Rayn Ong
Rayn Ong@rayn_ong·
Founders, what would you choose? - Startup Events vs Customer Calls. - Patent vs Unstoppable Sales Motion. - Awards vs Revenue. - NDA vs Trust Rayn because he’s good 😜.
English
15
1
19
3.3K
Dan Draper retweetledi
Airtree
Airtree@airtreevc·
In the wake of FTX, SVB, Medibank and Optus data hacks, how do we move forward? Join @RaajRayat (Investment Manager, AirTree) as he discusses best practice for treasury management and cyber security with a panel of experts from the AirTree family 🌳 🎟️: intersektfestival.com/registration/
Airtree tweet media
English
0
1
6
1K
Dan Draper
Dan Draper@danieldraper·
@phoozle If I was Microsoft I’d have just made a special edition of Postgres with hooks into AD. Still could have charged a bunch for support and add ons. 🤷
English
0
0
1
23
Dan Draper
Dan Draper@danieldraper·
Trying to do some tricky stuff in SQL server so I asked ChatGPT. It recommended that I use PostgreSQL. Can't say I disagree!
English
1
0
3
361