I am a computer security researcher and software engineer living in Cambridge, UK. My academic interests revolve around anonymity, usable security, and mobile privacy. At the moment, I am doing a PhD at the University of Cambridge. My recent industrial work focussed on image processing and formats. I am an author of the Spectrum open-source library.

Android Support for Elliptic Curves (EC) in KeyPairGenerator

This article discusses the support for elliptic curves on Android. Its primary audience are engineers implementing or maintaining cryptographic protocols on Android. It hopefully also shows up as a helpful result when searching for error messages. During a recent cryptography project on Android, I found that only few Elliptic Curves are supported by the built-in key pair generator. The typical error messages I got were along the line of java.security.InvalidAlgorithmParameterException: unknown curve name....

2021-07-10 · 6 min · Daniel

Password Hashing on Android

This article explains why password hashing is important and how to do it properly on Android. The primary audience are software engineers working with passwords. Password hashing or password-based key derivation takes a password from the user as input and generates key material as output. This is a helpful thing because many people struggle to memorize 256-bit encryption keys. The standard procedure is to pass the user password through the password hashing function, and then use the derived key for cryptographic operations....

2021-06-14 · 5 min · Daniel

Roll-Out Phantoms - When Results Look Worse Than They Are

This article explains an often-overlooked effect that can distort metrics during feature roll-out. The primary audience are software engineers and managers working on infrastructure and libraries. I want to motivate this problem with a fictive scenario: Alex wrote a replacement for an old and inefficient component in their app. It took the team a few weeks to implement and they carefully measured on test devices that it improves all core metrics....

2021-01-12 · 4 min · Daniel

Advanced A/B Test Concepts

This article explains advanced A/B test concepts. The primary audience are engineers encountering such A/B tests for the first time. A/B tests allow engineers to validate fixes, test for regressions, and measure improvements. In most situations the standard approach is to create a control and a test group of equal size (e.g. both 5%). Users within the test population (e.g. 10%) are then randomly assigned to one of these. However, sometimes more intricate methods can improve the user experience and make deployment safer and more effective....

2021-01-11 · 6 min · Daniel

Software Survivability: Maintainable Code is not Enough

This article discusses how long-term survival rate of internal software projects can be improved. The primary audience are senior software engineers and engineering managers working in medium to large organizations. When searching for “maintainable software”, many articles ([1], [2], [3]) focus on good coding practices. And certainly, good naming conventions, readable code, continuous integration, unit testing, … are all very important. However, I feel that many discussions implicitly assume a caring person who is motivated and capable to take care of the required maintenance indefinitely....

2020-11-24 · 6 min · Daniel

Experiences with Drawing in Python

This article shares experiences with Python drawing libraries that I was missing when I started. The primary audience are software engineers who are looking for the tool for simple graphics. In 2020 the pandemic disrupted life. This included the cancellation of the traditional May Bumps rowing race that happens in Cambridge every year. Therefore, a group of rowing enthusiasts got together and organised a decentralized running event called Virtual May Bumps....

2020-08-23 · 5 min · Daniel