Cryptography

  • 0

Blog: OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)  intothesymmetry.blogspot.com.au

"The actual attack I performed is literally a verbatim application of a classical paper published in 1997: A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup.The attack is as beautiful as simple. Here I will try to sketch it. For details please refer to the original paper."

  • 0

SLOTH: Security Losses from Obsolete and Truncated Transcript Hashes (CVE-2015-7575)

"SLOTH is an acronym for the loss of security due to the use of obsolete and truncated hash constructions in mainstream Internet protocols. SLOTH is also a not-so-subtle reference to laziness in the protocol design community with regard to removing legacy cryptographic constructions."

  • 0

Ntru-crypto: Open Source NTRU Public Key Cryptography and Reference Code  github.com

"NTRU is a lattice-based public key cryptosystem from Security Innovation and the leading alternative to RSA and Elliptic Curve Cryptography (ECC) due to its higher performance and resistance to attacks from quantum computers."

  • 0

Id0-rsa.pub: Crypto Coding Challenges - Similar to Matasano CryptoPals  id0-rsa.pub

"ProjectEuler for Crypto - Some problems related to computer security (specifically poorly implemented security). Do Them. You are free to use any language and environment you like to complete them. The problems require familiarity with programming, but not necessarily with applied cryptography or computer security in general."

  • 0
  • 0

Factoring as a Service - "512-bit integers on Amazon EC2 for less than $100"  seclab.upenn.edu

"We go on to survey the RSA key sizes used in popular protocols, finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC, HTTPS, IMAP, POP3, SMTP, DKIM, SSH, and PGP"

  • 0

How is NSA breaking so much crypto? "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice"  freedom-to-tinker.com

"Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers."

  • 0

The SHAppening: freestart collisions for SHA-1  sites.google.com

"We recommend that SHA-1 based signatures should be marked as unsafe much sooner than prescribed by current international policy. Even though freestart collisions do not directly lead to actual collisions for SHA-1, in our case, the experimental data we obtained in the process enable significantly more accurate projections on the real-world cost of actual collisions for SHA-1, compared to previous projections. Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months. By contrast, security expert Bruce Schneier previously projected the SHA-1 collision cost to be ~173K$ by 2018."

  • 0

KCI: "Key Compromise Impersonation" MitM Attacks against TLS  kcitls.org

"The attacker interferes with the communication initialization of the TLS protocol between client and server, and forces the client to use insecure TLS handshake/authentication options together with a client certificate for which he is in possession of the private key."

  • 0

Preview: Practical Invalid Curve Attacks - EC flaws, allowing recovery of TLS server private key  web-in-security.blogspot.de

"Next week at ESORICS, I am going to present our newest research paper on attacking elliptic curve implementations (it is a joint work with Tibor Jager and Jörg Schwenk). It might be of interest especially for people who like practical crypto attacks...or for anybody who hates Java, since the attacks were applicable to two out of eight analyzed libraries: Bouncy Castle and Java Crypto Extension (JCE). The result is quite interesting since the attacks allow an attacker to recover private EC keys from different applications, for example, TLS servers."

  • 0

Redhat Security: Factoring RSA Keys With TLS Perfect Forward Secrecy  securityblog.redhat.com

"Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization), an attacker might be able to recover the private key from the signature (an “RSA-CRT key leak”)."

  • 0

A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup (Version 0.2)  crypto.stanford.edu

400 page course work updated Aug. 17, 2015.

  • 0
  • 0

Cryptol - The Language of Cryptography  cryptol.net

Cryptol is a domain-specific language for specifying cryptographic algorithms. A Cryptol implementation of an algorithm resembles its mathematical specification more closely than an implementation in a general purpose language.

  • 0

Coinscope: Discovering Bitcoin's Network Topology and Influential Nodes  cs.umd.edu

"The topology over which this broadcast is distributed affects which nodes have advantages and whether some attacks are feasible. As such, it is particularly important to understand not just which nodes participate in the Bitcoin network, but how they are connected.." Our network topology inference technique makes use of behavior specific to Bitcoin Core prior to version 0.10.1.

  • 0

Imperialviolet: AEADs: getting better at symmetric cryptography  imperialviolet.org

"Cryptographers have understood that block ciphers and hash functions are too low-level an abstraction and that the constructions themselves need to be studied and standardised. The result is called authenticated encryption (AE)." “This is called an nonce-misuse resistant AEAD and we're hitting the boundary of developed practice now.”

  • 0

Hanno Böck: About the supposed factoring of a 4096 bit RSA key  blog.hboeck.de

"tl;dr News about a broken 4096 bit RSA key are not true. It is just a faulty copy of a valid key."

  • 0

Andrea Corbellini: Elliptic Curve Cryptography: a gentle introduction  andrea.corbellini.name

"Those of you who know what public-key cryptography is may have already heard of ECC,ECDH or ECDSA. The first is an acronym for Elliptic Curve Cryptography, the others are names for algorithms based on it."

  • 0

Bren2010 Blog: Cryptographic Data Structures  blog.bren2010.io

"In a sense, they’re minimal cryptosystems that can be glued together into more complex cryptosystems similar to the way that fundamental data structures can be glued together to give solutions to increasingly complicated problems."

  • 0

Blog: Using Encryption and Authentication Correctly  paragonie.com

"Encryption is not authentication" is common wisdom amongst cryptography experts, but it is only rarely whispered among developers whom aren't also cryptography experts. This is unfortunate; a lot of design mistakes could be avoided if this information were more widely known and deeply understood.  /r/netsec

  • 0

Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS  isg.rhul.ac.uk

"Our work validates the truism that attacks only get better with time, and makes the continued use of RC4 in TLS increasingly indefensible."

  • 0

Whitepaper: Surreptitiously Weakening Cryptographic Systems   scribd.com

Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems.

  • 0

Ianix - List of implementations of crypto protocols and software.  ianix.com

"Curated list of modern crypto protocols & primitives used in major libraries & apps" - @kennwhite

  • 0
  • 0

OneRNG: Open Hardware Random Number Generator

OneRNG generates random numbers that your system can use for cryptography - Open Hardware, Open Source, simple, secure and verifiable USB-connected source of entropy.

  • 0

Cryptography Services: Cryptographic Security Assessments  cryptoservices.github.io

"Dedicated team of consultants from iSEC Partners, Matasano, Intrepidus Group, and NCC Group focused on cryptographic security assessments, protocol and design reviews, and tracking impactful developments in the space of academia and industry."

  • 0
  • 0
  • 0
  • 0

Whitepaper: Intel Security "BERserk Vulnerability" (Sept 2014)  intelsecurity.com

Part 1: RSA signature forgery attack due to incorrect parsing of ASN.1 encoded DigestInfo in PKCS#1 v1.5.

  • 0
  • 0
  • 0
  • 0
  • 0
  • 0

Days without an SSL exploit.com  dayswithoutansslexploit.com

  • 0

Major 'SSLv3' vulnerability imminent - Pending Responsible disclosure

  • "I've polled everyone I know" about the alleged SSL bug. Either it doesn't exist or it's really nasty, cause nobody is talking." - @matthew_d_green
  • "Keep hearing whispers that we're going to hear about a flaw in SSLv3, from MS and possibly others. MS isn't talking for now." - @briankrebs

Logo and branding is unknown. I'm aiming for SSLug.

  • 0

Mailpile : Some thoughts on working with GnuPG.  mailpile.is

"A lot of people have complained about OpenPGP for a number of valid cryptographical reasons. It doesn't change the fact that it is widely used, and wildly useful. It urgently needs to be replaced with something more sensible, but for now we're stuck with it."

Also see: 15 reasons not to start using PGP.

  • 0

SPHINCS: practical high-security post-quantum stateless hash-based signature scheme  sphincs.cr.yp.to

The signature scheme is designed to provide long-term security even against attackers equipped with quantum computers.

"Special note to law-enforcement agents: The word "state" is a technical term in cryptography. By saying "eliminate the state", We are not talking about eliminating other types of states. We love most states, especially yours! Also, "hash" is another technical term and has nothing to do with cannabis." - Daniel J. Bernstein

  • 0
  • 0
  • 0

Certificate Transparency and alternatives to the CA - 'Public, verifiable, append-only logs'  queue.acm.org

"The solution the computer world has relied on for many years is to introduce into the system trusted third parties (CAs) that vouch for the binding between the domain name and the private key. The problem is that we've managed to bless several hundred of these supposedly trusted parties, any of which can vouch for any domain name. Every now and then, one of them gets it wrong, sometimes spectacularly."

"Certificate Transparency is under active development at Google. We have two logs running in production, with a third planned by year's end. Others (for example, ISOC, Akamai, and various CAs) are also planning to run public logs. We have open-source implementations of all the key components. Chrome supports Certificate Transparency and will make it mandatory for EV (Extended Validation) certificates in January 2015."

  • 0

Simply Secure - Security’s got to be easy and intuitive, or it won’t work.  simplysecure.org

"We are a service organization that works with users, software developers, user-experience experts, designers, and the community of people striving to make ubiquitous privacy and security a reality. We seek to understand existing challenges – while collaboratively developing resources and ideas that move us all toward our goal – and we’re hitting the ground running. " Joint project by Google, Dropbox and the Open Technology Fund.

Grants avaiable for developers of secure communication techology, designers of enhanced useability experiences or accademic research into offensive/defensive security. Also see: Security for the people - Google Open Source Blog

  • 0

JackPair: Secure your voice phone calls (Preorder)  shopstarter.com

"It’s a pair of encryption devices you put in between your phone and headset. You can secure your phone line by simply pushing the JackPair button, and your voice will be encrypted. There’s no password to remember, no software to install, no service to subscribe to, and it works with any phone through a standard audio jack."

The use-case for this $89 per side piece of hardware is marketed at citizens, but the truth is, this fits into the enterprise/journalism space. People who are going to be interested in making secure calls on a consistant basis - Software crypto such as Redphone/Signal is far more suitable even for the paranoid.

"The crypto looks competent, and the design looks well-thought-out. I'd use it." - Bruce Schneier

  • 0

Who Sets the Rules Governing Certification Authorities?  casecurity.org

"CAs is two-fold: Browsers and applications that enable the use of SSL digital certificates (such as Microsoft, Mozilla, Apple, Google, etc.) set the rules. In addition, the CAs and browsers jointly set additional rules through guidelines and requirements approved by the CA/Browser Forum, which effectively apply to all public CAs in the world."

  • 0

USENIX Workshop On Offensive Technologies (Woot) 2014 Videos  usenix.org

"The 8th USENIX Workshop on Offensive Technologies (WOOT ’14) aims to bring together researchers and practitioners in systems security to present research advancing the understanding of attacks on operating systems, networks, and applications. Progress in the field of computer security is driven by a symbiotic relationship between our understandings of attack and of defense. "

  • 0

CipherShed is another fork of the now-discontinued TrueCrypt Project  ciphershed.org

"CipherShed is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). There’s no complicated commands or knowledge required; a simple wizard guides you step-by-step through every process."

Their team is not directly involved with the ‘Open Crypto Audit Project‘ audit, but they’ll work to resolve any issues raised. As should be appended to all TrueCrypt news, warning: here be dragons.

  • 0

SSLSwitch - Top 1000 Alexa sites have switched to SSL   sslswitch.com

“See which of the top 1000 Alexa sites have switched to SSL”

I’m surprised to see wikipedia, amazon, bing.com, instragram.com, msn.com, ask.com, microsoft.com, imdb.com, stackoverflow.com, apple.com, imgur.com and reddit.com are no shows… weird times

  • 0

Cryptographer Matthew Green on GPG – What’s the matter with PGP?  blog.cryptographyengineering.com

‘What’s the matter with PGP? for all the good PGP has done in the past, it’s a model of email encryption that’s fundamentally broken. It’s time for PGP to die’.

  • Link Follow up by @bcrypt "Certificate transparency for PGP?" - “The best solution minimizes the extent to which the authenticity of a conversation depends on user actions. Key management should be invisible to the average user, but it should still be auditable.”
  • Link Follow up by @tedunangst "don't encrypt all the things" - Making things easy means making them transparent. It means pushing the crypto away from the user. (but) Maybe some things should be hard, to remind us that they are important.
  • Link Slightly on-topic: @xor praises the ubiquitous email signature as an easy way to encourage encryption use with “I prefer to use encrypted email — Learn how to encrypt your email with the Email Self Defense guide.”

  • 0

Cryptographer @matthew_d_green Noodling about IM protocols.  blog.cryptographyengineering.com

"None of the issues I note above are the biggest deal in the world. They're all subtle issues, which illustrates two things: first, that crypto is hard to get right. But also: that crypto rarely fails catastrophically. The exciting crypto bugs that cause you real pain are still few and far between."