david wong

Hey! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Encryption is less secure than we thought

posted August 2013

A group of researchers at MIT just http://www.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html" target="_blank">released a paper reconsidering a common mathematical assumption in Cryptography. This means, as the title implies, than most encryption systems are less secure than we thought, but not to worry, nowhere is it written the word "insecure" and it might really be negligible.

The problem here seems to be the definition of Entropy used.

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. The Famous Wikipedia
In information theory, entropy is a measure of the uncertainty in a random variable.[1] In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message.[2] Entropy is typically measured in bits, nats, or bans.[3] Shannon entropy is the average unpredictability in a random variable, which is equivalent to its information content. Shannon entropy provides an absolute limit on the best possible lossless encoding or compression of any communication, assuming that[4] the communication may be represented as a sequence of independent and identically distributed random variables. The Famous Wikipedia
comment on this story

Here we go

posted August 2013

Hey guys, I'm David Wong, a 24 years old french dude who's going to start a Master of Cryptology in the university of Bordeaux 1. Cryptology (or as Americans like to call it: Cryptography, because we all know they don't care about etymology) is the study of the techniques for secure communications (thanks Wikipedia!), from withdrawing money with a fake credit card to establishing a safe phone conversation between two government officials, it can mean a lot of things... I still have no clue what my future job will be, that's why I had the idea of making this small blog where I could post about my ventures into this new world and, hopefully, being able to take a step back and see what I did, what I liked, what happened in two years of Master (and maybe more). I've already took Cryptography I given by Dan Boneh from Stanford and I must say I really enjoyed going through his course. Might be one of the most interesting and eloquent teacher I had in my life, and I have never met him. Had a few back and forth mail exchanges with him but sadly, there was no collaboration between our universities. California I'll see you later in life I guess. I'll also post some thoughts about the new city I'll be moving to : Bordeaux. This is for at least 2 years, or less if I change my mind. Anyway, this is going to be exciting! 6 comments