There is no need to update symmetric key sizes as part of the post-quantum transition, due to the details of how Grover's algorithm scales. Most authorities agree.
Filippo Valsorda
https://blog.filippo.io/ · 10 posts · history since 2025 · active
20 Apr
6 Apr
The risk that cryptographically-relevant quantum computers materialize within the next few years is now high enough to be dispositive, unfortunately.
20 Feb
I recommend turning Dependabot off and replacing it with a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.
12 Feb
Code hosts like GitHub don't necessarily show the correct source of Go modules. pkg.geomys.dev is a new convenient viewer for module source.
5 Jan
In Go, go.mod acts as both manifest and lockfile. There is never a reason to look at go.sum.
19 Dec 2025
We apply a transparency log to a centralized keyserver step-by-step, in less than 500 lines, with privacy protections, anti-poisoning, and witness cosigning.
20 Nov 2025
I delivered my traditional Go Cryptography State of the Union talk at GopherCon US 2025 in New York. It goes into everything that happened at the intersection of Go and cryptography over the last year.
1 Nov 2025
Surprisingly (to me) Claude Code debugged my new ML-DSA implementation faster than I would have, finding the non-obvious low-level issue that was making Verify fail.
23 Oct 2025
Introducing the set of standards that Geomys maintainers strive to uphold in our professional activity as open source maintainers.
10 Oct 2025
Project compromises have common root causes we can mitigate: phishing, control handoff, and unsafe GitHub Actions triggers.