mechazoidal + cryptography   96

Looking back at the Snowden revelations – A Few Thoughts on Cryptographic Engineering
Focusing from a purec technical viewpoint, not legal/moral:
"I’ve said this before, as have many others: even if you support the NSA’s mission, and believe that the U.S. is doing everything right, it doesn’t matter. Unfortunately, the future of surveillance has very little to do with what happens in Ft. Meade, Maryland. In fact, the world that Snowden brought to our attention isn’t necessarily a world that Americans have much say in."

"If nothing else, we owe Snowden for helping us to understand how high the stakes might be."
cryptography  security  2019  essay  snowden 
25 days ago by mechazoidal
Latacora - Cryptographic Right Answers
"There are, in the literature and in the most sophisticated modern systems, “better” answers for many of these items. If you’re building for low-footprint embedded systems, you can use STROBE and a sound, modern, authenticated encryption stack entirely out of a single SHA-3 like sponge constructions. You can use NOISE to build a secure transport protocol with its own AKE. Speaking of AKEs, there are, like, 30 different password AKEs you could choose from.

But if you’re a developer and not a cryptography engineer, you shouldn’t do any of that. You should keep things simple and conventional and easy to analyze; “boring”, as the Google TLS people would say."
cryptography  reference  2018  piperesearch  security 
27 days ago by mechazoidal
You Won’t Believe This One Weird CPU Instruction! - Vaibhav Sagar
Showing the history of "popcount", and why it's useful for crypto.
"Also known as 'The NSA Instruction': supposedly it first appeared on the IBM Stretch, then after that every first faster CDC machine would be taken away by an anonymous truck.
cryptography  assembly  cpu  math 
6 weeks ago by mechazoidal
GitHub - jedisct1/charm: A really tiny crypto library.
"implementing authenticated encryption and keyed hashing", from the author of libsodium. Also verified against a Cryptol spec!
pmz  cryptography  library  c  repo:github 
12 weeks ago by mechazoidal
Latacora - The PGP Problem
- pgp is crusty and hard: gnupg is sprawling and unwieldy
- there are alternatives for some things:
- chat: signal, XMPP+OREMO
- sending files: wormhole
- backups: tarsnap
- signing packages: signify/minisign
- application data: libsodium
- encrypting files at rest: not a lot yet?
- identity management is still the elephant in the room: lawyers use PGP, if not for email
cryptography  security  pgp  gpg  2019 
july 2019 by mechazoidal
Minisign by Frank Denis
A portable version of OpenBSD's signify system, by the libsodium guy
security  cryptography  tools  pmz  encryption 
july 2019 by mechazoidal
Noise Explorer
"an online engine for reasoning about Noise Protocol Framework (revision 34) Handshake Patterns. ". Kinda like ShaderToy for Noise. Can generate proved code for Rust or Go from the design.
Author later did Verifpal
tools  webapp  noise_protocol  cryptography  verification 
april 2019 by mechazoidal
research!rsc: Transparent Logs for Skeptical Clients
"The Certificate Transparency project publishes TLS certificates in this kind of log. Google Chrome uses property (1) to verify that an enhanced validation certificate is recorded in a known log before accepting the certificate. Property (2) ensures that an accepted certificate cannot later disappear from the log undetected. Property (3) allows an auditor to scan the entire certificate log at any later time to detect misissued or stolen certificates. All this happens without blindly trusting that the log itself is operating correctly. Instead, the clients of the log—Chrome and any auditors—verify correct operation of the log as part of accessing it."
cryptography  algorithms  security  datastructures 
march 2019 by mechazoidal
Factoring the Noise protocol matrix
"So far, the right answer for a safe transport has almost always been TLS, perhaps mutually authenticated. That’s not going to change right away, but if you control both sides of the network and you need properties hard to get out of TLS, Noise is definitely The Right Answer. Just don’t stare at the eldritch rune matrix too long. You probably want Noise_IK."
security  cryptography  signal  reference  noise_protocol 
july 2018 by mechazoidal
Things that use Ed25519
There's a lot! Also includes links to protocols.
security  signatures  reference  cryptography 
july 2018 by mechazoidal
A few thoughts on Ray Ozzie’s “Clear” Proposal – A Few Thoughts on Cryptographic Engineering
As usual, the flaws boil down to:
- permanently storing all escrow signing keys, for all time (lol)
- HSM that can brick the phone perfectly (nobody has built this)
security  cryptography  mobile  2018 
april 2018 by mechazoidal
signify: Securing OpenBSD From Us To You
"I'm going to talk today about signify, a tool I wrote for the OpenBSD project that cryptographically signs and verifies. This allows us to ensure that the releases we ship arrive on your computer in their original, intended form, without tampering."
pmz: use the same scheme?
openbsd  paper  security  pmz  cryptography 
january 2018 by mechazoidal
GitHub - mitls/hacl-star: HACL*, a formally verified cryptographic library written in F*
"The verified primitives can be directly used in larger verification projects. For example, HACL* code is used as the basis for cryptographic proofs of the TLS record layer in miTLS. Alternatively, developers can use HACL* through the NaCl API. In particular, we implement the same C API as libsodium for the Box and SecretBox primitives, so any application that runs on libsodium can be immediately ported to use the verified code in HACL* instead."

"This library is experimental and only at the pre-production stage. Do not use it in production systems without consulting the authors."
programming  cryptography  nacl  library  repo:github 
june 2017 by mechazoidal
Towards A Safer Footgun |
"Cryptographers have been working on “nonce-misuse resistant” AEADs, which have security bounds which degrade more gracefully when nonces are re-used. Of these, AES-GCM-SIV is the most promising and, once standardized, will be a better choice than AES-GCM in contexts where nonces must be generated randomly."
cryptography  security  dsec 
june 2017 by mechazoidal
Everything you need to know about hash length extension attacks >> SkullSecurity
"TL;DR: given a hash that is composed of a string with an unknown prefix, an attacker can append to the string and produce a new hash that still has the unknown prefix. [...] After hours of adding the wrong number of null bytes or incorrectly adding length values, I vowed to write a tool to make this easy for myself and anybody else who's trying to do it. So, after a couple weeks of work, here it is!"
security  hash  cryptography  exploit 
june 2017 by mechazoidal
GitHub - trailofbits/algo: Set up a personal IPSEC VPN in the cloud
similar to streisand, but geared more towards corporate travelers and more solid services(doesn't bother with Tor or OpenVPN, relies on strongSwan)
vpn  repo:github  hosting  software  cryptography  security 
march 2017 by mechazoidal
OATH Toolkit
"provides components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported."
(noted as working on OpenBSD without any need for compatibility layers)
mfa  security  cryptography  software  tools 
february 2017 by mechazoidal
GitHub - jedisct1/libsodium: A modern and easy-to-use crypto library.
The one and only easy-to-use port of djb's NaCl. Recommended for all your projects that need the best security and have no need to interoperate with older schemes.
library  c  programming  repo:github  djb  security  cryptography  nacl 
february 2017 by mechazoidal
DNSCrypt - Official Project Home Page
"Home of the DNSCrypt project, a protocol to improve DNS security. Download DNSCrypt clients, the DNSCrypt server proxy, and read the specifications here."
dns  cryptography  security  networking 
february 2017 by mechazoidal
RC40 card cipher
"Now that we have a [playing] card to represent each of our 5.32 bit bytes (I believe the PDP-7 used 5.32 bit bytes. Or was it the PDP-8?), we’re ready to execute the RC40 algorithm. It’s exactly the same as the RC4 algorithm, except every instance of 256 is replaced by 40. Simple, no?"
cryptography  algorithms 
february 2017 by mechazoidal
Man vs. Machine.
meant to illustrate that humans are not good at being entropy sources
"The algorithm, originally in BASIC, came to me from my brother. Who, if I'm not mistaken, learned of it at a Soviet Maths Olympiad.
game  javascript  random  security  interactive  cryptography 
february 2017 by mechazoidal
The hidden cost of QUIC and TOU
On QUIC/TOU encrypting control information: "To conclude, I think encrypting the L4 headers is a step too far. If these protocols get deployed widely enough (a distinct possibility with standardization), the operational pain will be significant. There would be a reasonable middle ground where the headers are authenticated but not encrypted. That prevents spoofing and modifying packets, but still leaves open the possibility of understanding what's actually happening to the traffic."
networking  tcp  udp  protocols  security  cryptography 
february 2017 by mechazoidal
A Plea for Responsible and Contextualized Reporting on User Security
signed by Schneier, Arcieri, Ptacek, Zdziarski, et. al:
"You recently published a story with the alarming headline “WhatsApp backdoor allows snooping on encrypted messages.” This story included the phrasing “security loophole”. Unfortunately, your story was the equivalent of putting “VACCINES KILL PEOPLE” in a blaring headline over a poorly contextualized piece."
security  letter  cryptography  journalism 
january 2017 by mechazoidal
If You’re Typing the Letters A-E-S Into Your Code You’re Doing It Wrong
boils down to "What we need are fewer [crypto] libraries with higher level interfaces. But we also need more testing for those libraries."
(Done as a humous screenplay)
humor  cryptography  dsec 
january 2017 by mechazoidal
The design of Chacha20
"Quick summary: Chacha20 is ARX-based hash function, keyed, running in counter mode. It embodies the idea that one can use a hash function to encrypt data."
cryptography  reference  programming  security 
january 2017 by mechazoidal
TrueCrypt 7.1a
Notes that 7.2+ should be considered unsupported and possibly compromised
truecrypt  security  cryptography  filesystems 
december 2016 by mechazoidal
IAD SecurePhone
Holds the public documentation and spec of the Secure Communication Interoperability Protocol (SCIP) , invented by NSA for use with STU. "The SCIP-210 Signaling Plan is available without restrictions on its use for the development, manufacture, and sale of SCIP products."
cryptography  protocol  reference  specification  communication 
december 2016 by mechazoidal
Home of Z1FFER, an open source hardware random number generator using Bill Cox' Modular Entropy Multiplier architecture (basically, consistent thermal noise from a resistor). The design is supplied as an Arduino shield.
random  hardware  security  cryptography  arduino 
december 2016 by mechazoidal
ChipWhisperer®: Security Research
"the first open-source toolchain for embedded hardware security research including side-channel power analysis and glitching. The innovative synchronous capture technology is unmatched by other tools, even from commercial vendors. Similar commercial equipment is too expensive ($30k+), and being closed-source limits usefulness for academics. Instead this project bridges the gap between academic research and in-the-trenches engineering. "
security  dsec  opensource  hardware  electronics  cryptography 
july 2016 by mechazoidal
Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms
effectively, there are enough "other" identifying bits that can mark a device. In particular, many radios don't use enough entropy or scrambling bits in their implementation.
paper  pdf  privacy  security  wifi  cryptography 
july 2016 by mechazoidal
"an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN." (albeit still in development; @quad recommends)
vpn  ssh  security  software  cryptography  dsec  tools 
june 2016 by mechazoidal
Phuctor: The RSA Super Collider.
"Phuctor looks for factors of known RSA keys through two methods, which are related. [...] Phuctor also looks for specific problems with keys, such as nonprime or nonstandard exponents, as indicative of problems with the RSA implementation that generated them."
ie, if you appear on this list, your RSA key was probably generated by a bad implementation.
security  cryptography  service  rsa 
june 2016 by mechazoidal
Security Snake Oil
"Going after bogus Cyber Security crowd funding projects"
kickstarter  debunking  security  cryptography 
june 2016 by mechazoidal
Cryptographic Agility (16 May 2016) | ImperialViolet
PR: "Protocols _should_ be extensible: the world keeps changing and no design is going to be perfect for all time. But extensibility is much harder in practice than it sounds. [...] have one joint and keep it well oiled. Protocol designers underestimate how badly people will implement their designs. Writing down how you think it should work and hoping that it'll work, doesn't work. [...] Rather one needs to minimise complexity, concentrate all extensibility in a single place and actively defend it."
cryptography  protocols  design  transcript  talk  piperesearch 
may 2016 by mechazoidal
SQL Cipher - Zetetic
an encryption-addon for SQLite files, turning it into a full 256-bit AES-encrypted store
cryptography  library  sqlite  sql  software  security  programming 
may 2016 by mechazoidal
Noise Protocol Framework
"a framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features."
Note that unlike libsodium it does NOT come with safe defaults out of the gate: use with thought, not by reflex.
security  framework  protocols  resource  cryptography  noise_protocol 
may 2016 by mechazoidal
Cryptographic Right Answers
"details what ciphers/modes/hashes to use. Even though it was written in 2009, it's still valid today."
cryptography  security  reference  resource  list 
march 2016 by mechazoidal
Cryptography Engineering : Design Principles and Practical Applications
"This is not optional. Read it. It is a fantastic book that details how to use cryptographic primitives."
book  cryptography  engineering 
march 2016 by mechazoidal
The Matasano Crypto Challenges (Pinboard Blog)
maciej comments on going through the challenges: "A lot of stuff that I knew was weak in principle (like re-using a nonce or using a timestamp as a 'random' seed) turns out to be crackable within seconds by an art major writing crappy Python."
post  programming  cryptography  security 
january 2016 by mechazoidal
"provides an implementation for the prototype of the [scalable] collective authority (cothority) framework. [...] CoSi enables authorities to have their statements collectively signed (co-signed) by a diverse, decentralized, and scalable group of (potentially thousands of) witnesses and, for example, could be employed to proactively harden critical Internet authorities."

PR: do note that this is more targed at CAs or infrastructure, rather than project/source-control.
security  signatures  cryptography  distributed  protocol  repo:github  piperesearch 
january 2016 by mechazoidal
On the dangers of a blockchain monoculture
Tony Arcieri does some important debunking of the term "blockchain", and what it really means, esp. w.r.t Bitcoin.
PR: note how he breaks down what Bitcoin's "blockchain" involves; the parts most applicable are probably the replicated log, Merkle-tree usage. Also note mention of Cothority.
blockchain  bitcoin  analysis  post  piperesearch  cryptography 
january 2016 by mechazoidal
"a JavaScript framework for building applications where the server doesn't know the contents it's storing on behalf of users." Based on zero-knowledge proofs, created by the SpiderOak team. Commercialized as "SpiderOak Kloak".
cryptography  security  web  privacy  piperesearch 
december 2015 by mechazoidal
ProtocolV2 · WhisperSystems/TextSecure Wiki · GitHub
"Version 2 of the TextSecure messaging protocol uses the no header keys variation of the axolotl ratchet and protobuf records." -- so do they have a working axolotl library, then?
wiki  security  cryptography  protocol  repo:github 
november 2015 by mechazoidal
A Few Thoughts on Cryptographic Engineering: A riddle wrapped in a curve
An interesting post proposing that the NSA DIDN'T rig Dual_EC_DRBG, but that they MAY know something disturbing about ECC in general, in the wake of deprecating Suite B.
cryptography  nsa  security  math  2015 
october 2015 by mechazoidal
Encrypted database case #1
"Summary: every practicing reverse engineer should be familiar with major crypto algorithms and also major cryptographical modes."
reverse_engineering  cryptography  post  programming  security 
august 2015 by mechazoidal
Double Ratchet Algorithm
Aiming at being a protocol that combines OTR-like DH ratchet with forward-security of symmetric-key updating(this allows for healing of the conversation by introducing new ratchet keys, if the original keys are leaked).
Idea is that it improves on OTR, allowing better support for out-of-order messages, reduces leaking of metadata. Formerly known as "Axolotl"
Still very early. A formal description is given, but not enough for implementation
wiki  security  cryptography  repo:github 
july 2015 by mechazoidal
A Few Thoughts on Cryptographic Engineering: A history of backdoors
"The idea of deliberately engineering weakened crypto is, quite frankly, terrifying to experts. It gives us the willies. We're not just afraid to try it. We have seen it tried -- in the examples[Clipper, "export crypto suites"] I list above, and in still others -- and it's just failed terribly."
cryptography  security  history  us 
july 2015 by mechazoidal
The Death of Bitcoin
Arcieri notes on the comparison of Bitcoin and other altcoins to the difference between Newcomen and Watt steam engines(incremental refinement).
bitcoin  post  cryptography 
may 2015 by mechazoidal
SPKI/SDSI Certificates
"SPKI/SDSI doesn't lead to an industry like PKI and isn't a stand-alone product like PGP. It's a tool to be used within other products. It's also almost exclusively for a closed authorization infrastructure, rather than an open naming infrastructure. In fact, under SPKI/SDSI thinking, a global naming instructure is not a proper use of one's time and energy."

PR: read the Security Ceremonies paper, among others?
spki  research  security  cryptography  piperesearch  pmz 
april 2015 by mechazoidal
Need an introduction to SPKI (or “SPKI for dummies”)
"Short version: SPKI links not only names, but authorizations to keys. Also, it uses a better syntax (S-expressions) than X.509 certificates."
spki  sexp  cryptography  certificate  piperesearch  stackoverflow  security  pmz 
april 2015 by mechazoidal
The cloud isn’t dead. It just needs to evolve
more for the 17 points under the Project Xanadu section than for Cryptosphere or the like.
piperesearch  cryptography  security  cloud  distributed  post 
november 2014 by mechazoidal
RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
"Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away."
cryptography  security  reference  pentest 
september 2014 by mechazoidal
An OSI layer model for the 21st century
"I propose that appropriate cryptographic protocols could replace most existing layers, improving security as well as other functions generally not thought of as cryptographic, such as concurrency control of complex data structures, lookup or discovery of services and data, and decentralized passwordless login. " Emphasized that these are ideas, with standard "not infosec tested" disclaimer
security  cryptography  internet  post  networking 
august 2014 by mechazoidal
The Matasano Crypto Challenges
Now on the web as "cryptopals", instead of email
cryptography  programming  security 
august 2014 by mechazoidal
Blog :: OCaml-TLS: building the nocrypto library core
"Do nothing fancy. Do only documented things. Don't write too much code. Keep up to date with security research. Open up and ask people."
ocaml  cryptography  openmirage 
july 2014 by mechazoidal
Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)
comes with the Foot-Shooting Prevention Agreement: "I promise that once I see how simple AES really is, I will not implement it in production code even though it would be really fun"
cryptography  encryption  comic  security  mathematics  aes 
july 2014 by mechazoidal
java - Explanation to understand AES encryption code - Stack Overflow
basically noting that the Android AES encryption snippet is broken and should never be copypasta'd or used(use Cryptographic Message Syntax or J/RNCryptor instead)
stackoverflow  cryptography  security 
may 2014 by mechazoidal
TweetNaCl: Introduction
" TweetNaCl fits into just 100 tweets while supporting all 25 of the NaCl functions used by applications." of course it's from djb
cryptography  nacl  library  software  djb 
may 2014 by mechazoidal
"a domain-specific language for specifying cryptographic algorithms. A Cryptol implementation of an algorithm resembles its mathematical specification more closely than an implementation in a general purpose language. [...] The interpreter includes a :check command, which tests predicates written in Cryptol against randomly-generated test vectors (in the style of QuickCheck). There is also a :prove command, which calls out to SMT solvers, such as Yices, Z3, or CVC4, to prove predicates for all possible inputs."
cryptography  security  programming  language  haskell 
april 2014 by mechazoidal
Tarsnap - The spiped secure pipe daemon
"a very simple yet powerful mechanism to build an encrypted channel [between socket addresses]. Its protocol and proof fit in ~100 lines "
pipe  networking  security  cryptography  piperesearch 
april 2014 by mechazoidal
« earlier      
per page:    204080120160

related tags

3ds  aes  algorithms  analysis  android  arduino  article  assembly  backdoor  bitcoin  blockchain  book  bootloader  c  certificate  class  cloud  comic  communication  course  coursera  cpu  cryptography  datastructures  debunking  design  discussion  disk  distributed  djb  dns  dsec  electronics  encryption  engineering  essay  exploit  filesystems  framework  free  from:the_intercept  game  github  Golang  gpg  graphics  hardware  hash  haskell  history  hosting  humor  interactive  internet  javascript  journalism  kickstarter  language  letter  library  linux  list  lobsters  math  mathematics  messaging  mfa  mobile  nacl  network  networking  networks  nintendo  noise_protocol  nsa  ocaml  openbsd  openmirage  opensource  openssl  p2p  paper  passwords  pdf  pentest  pgp  pipe  piperesearch  pmz  post  presentation  privacy  programming  proofs  protocol  protocols  random  reference  repo:github  research  resource  reverse_engineering  rsa  security  service  sexp  signal  signatures  slides  snowden  software  specification  spki  sql  sqlite  ssb  ssh  ssl  stackoverflow  talk  tcp  terrorism  tips  tools  transcript  truecrypt  udp  us  verification  visualization  voip  vpn  vulnerability  web  webapp  wifi  wiki  windows 

Copy this bookmark: