"The actual attack I performed is literally a verbatim application of a classical paper published in 1997: A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup.The attack is as beautiful as simple. Here I will try to sketch it. For details please refer to the original paper."
"SLOTH is an acronym for the loss of security due to the use of obsolete and truncated hash constructions in mainstream Internet protocols. SLOTH is also a not-so-subtle reference to laziness in the protocol design community with regard to removing legacy cryptographic constructions."
"NTRU is a lattice-based public key cryptosystem from Security Innovation and the leading alternative to RSA and Elliptic Curve Cryptography (ECC) due to its higher performance and resistance to attacks from quantum computers."
"ProjectEuler for Crypto - Some problems related to computer security (specifically poorly implemented security). Do Them. You are free to use any language and environment you like to complete them. The problems require familiarity with programming, but not necessarily with applied cryptography or computer security in general."
"We go on to survey the RSA key sizes used in popular protocols, finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC, HTTPS, IMAP, POP3, SMTP, DKIM, SSH, and PGP"
"Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers."
"We recommend that SHA-1 based signatures should be marked as unsafe much sooner than prescribed by current international policy. Even though freestart collisions do not directly lead to actual collisions for SHA-1, in our case, the experimental data we obtained in the process enable significantly more accurate projections on the real-world cost of actual collisions for SHA-1, compared to previous projections. Concretely, we estimate the SHA-1 collision cost today (i.e., Fall 2015) between 75K$ and 120K$ renting Amazon EC2 cloud computing over a few months. By contrast, security expert Bruce Schneier previously projected the SHA-1 collision cost to be ~173K$ by 2018."
"The attacker interferes with the communication initialization of the TLS protocol between client and server, and forces the client to use insecure TLS handshake/authentication options together with a client certificate for which he is in possession of the private key."
"Next week at ESORICS, I am going to present our newest research paper on attacking elliptic curve implementations (it is a joint work with Tibor Jager and Jörg Schwenk). It might be of interest especially for people who like practical crypto attacks...or for anybody who hates Java, since the attacks were applicable to two out of eight analyzed libraries: Bouncy Castle and Java Crypto Extension (JCE). The result is quite interesting since the attacks allow an attacker to recover private EC keys from different applications, for example, TLS servers."
"Back in 1996, Arjen Lenstra described an attack against an optimization (called the Chinese Remainder Theorem optimization, or RSA-CRT for short). If a fault happened during the computation of a signature (using the RSA-CRT optimization), an attacker might be able to recover the private key from the signature (an “RSA-CRT key leak”)."
400 page course work updated Aug. 17, 2015.
Cryptol is a domain-specific language for specifying cryptographic algorithms. A Cryptol implementation of an algorithm resembles its mathematical specification more closely than an implementation in a general purpose language.
"The topology over which this broadcast is distributed affects which nodes have advantages and whether some attacks are feasible. As such, it is particularly important to understand not just which nodes participate in the Bitcoin network, but how they are connected.." Our network topology inference technique makes use of behavior specific to Bitcoin Core prior to version 0.10.1.
"Cryptographers have understood that block ciphers and hash functions are too low-level an abstraction and that the constructions themselves need to be studied and standardised. The result is called authenticated encryption (AE)." “This is called an nonce-misuse resistant AEAD and we're hitting the boundary of developed practice now.”
"tl;dr News about a broken 4096 bit RSA key are not true. It is just a faulty copy of a valid key."
"Those of you who know what public-key cryptography is may have already heard of ECC,ECDH or ECDSA. The first is an acronym for Elliptic Curve Cryptography, the others are names for algorithms based on it."
"In a sense, they’re minimal cryptosystems that can be glued together into more complex cryptosystems similar to the way that fundamental data structures can be glued together to give solutions to increasingly complicated problems."
"Encryption is not authentication" is common wisdom amongst cryptography experts, but it is only rarely whispered among developers whom aren't also cryptography experts. This is unfortunate; a lot of design mistakes could be avoided if this information were more widely known and deeply understood. /r/netsec
"Our work validates the truism that attacks only get better with time, and makes the continued use of RC4 in TLS increasingly indefensible."
Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems.
"Curated list of modern crypto protocols & primitives used in major libraries & apps" - @kennwhite
OneRNG generates random numbers that your system can use for cryptography - Open Hardware, Open Source, simple, secure and verifiable USB-connected source of entropy.
"Dedicated team of consultants from iSEC Partners, Matasano, Intrepidus Group, and NCC Group focused on cryptographic security assessments, protocol and design reviews, and tracking impactful developments in the space of academia and industry."
Part 1: RSA signature forgery attack due to incorrect parsing of ASN.1 encoded DigestInfo in PKCS#1 v1.5.
Logo and branding is unknown. I'm aiming for SSLug.
"A lot of people have complained about OpenPGP for a number of valid cryptographical reasons. It doesn't change the fact that it is widely used, and wildly useful. It urgently needs to be replaced with something more sensible, but for now we're stuck with it."
Also see: 15 reasons not to start using PGP.
The signature scheme is designed to provide long-term security even against attackers equipped with quantum computers.
"Special note to law-enforcement agents: The word "state" is a technical term in cryptography. By saying "eliminate the state", We are not talking about eliminating other types of states. We love most states, especially yours! Also, "hash" is another technical term and has nothing to do with cannabis." - Daniel J. Bernstein
by Adam Langley (@agl__)
"The solution the computer world has relied on for many years is to introduce into the system trusted third parties (CAs) that vouch for the binding between the domain name and the private key. The problem is that we've managed to bless several hundred of these supposedly trusted parties, any of which can vouch for any domain name. Every now and then, one of them gets it wrong, sometimes spectacularly."
"Certificate Transparency is under active development at Google. We have two logs running in production, with a third planned by year's end. Others (for example, ISOC, Akamai, and various CAs) are also planning to run public logs. We have open-source implementations of all the key components. Chrome supports Certificate Transparency and will make it mandatory for EV (Extended Validation) certificates in January 2015."
"We are a service organization that works with users, software developers, user-experience experts, designers, and the community of people striving to make ubiquitous privacy and security a reality. We seek to understand existing challenges – while collaboratively developing resources and ideas that move us all toward our goal – and we’re hitting the ground running. " Joint project by Google, Dropbox and the Open Technology Fund.
Grants avaiable for developers of secure communication techology, designers of enhanced useability experiences or accademic research into offensive/defensive security. Also see: Security for the people - Google Open Source Blog
"It’s a pair of encryption devices you put in between your phone and headset. You can secure your phone line by simply pushing the JackPair button, and your voice will be encrypted. There’s no password to remember, no software to install, no service to subscribe to, and it works with any phone through a standard audio jack."
The use-case for this $89 per side piece of hardware is marketed at citizens, but the truth is, this fits into the enterprise/journalism space. People who are going to be interested in making secure calls on a consistant basis - Software crypto such as Redphone/Signal is far more suitable even for the paranoid.
"The crypto looks competent, and the design looks well-thought-out. I'd use it." - Bruce Schneier
"CAs is two-fold: Browsers and applications that enable the use of SSL digital certificates (such as Microsoft, Mozilla, Apple, Google, etc.) set the rules. In addition, the CAs and browsers jointly set additional rules through guidelines and requirements approved by the CA/Browser Forum, which effectively apply to all public CAs in the world."
"The 8th USENIX Workshop on Offensive Technologies (WOOT ’14) aims to bring together researchers and practitioners in systems security to present research advancing the understanding of attacks on operating systems, networks, and applications. Progress in the field of computer security is driven by a symbiotic relationship between our understandings of attack and of defense. "
"CipherShed is a program that can be used to create encrypted files or encrypt entire drives (including USB flash drives and external HDDs). There’s no complicated commands or knowledge required; a simple wizard guides you step-by-step through every process."
Their team is not directly involved with the ‘Open Crypto Audit Project‘ audit, but they’ll work to resolve any issues raised. As should be appended to all TrueCrypt news, warning: here be dragons.
“See which of the top 1000 Alexa sites have switched to SSL”
I’m surprised to see wikipedia, amazon, bing.com, instragram.com, msn.com, ask.com, microsoft.com, imdb.com, stackoverflow.com, apple.com, imgur.com and reddit.com are no shows… weird times
‘What’s the matter with PGP? for all the good PGP has done in the past, it’s a model of email encryption that’s fundamentally broken. It’s time for PGP to die’.
"None of the issues I note above are the biggest deal in the world. They're all subtle issues, which illustrates two things: first, that crypto is hard to get right. But also: that crypto rarely fails catastrophically. The exciting crypto bugs that cause you real pain are still few and far between."