Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

more on the next page...

Diffie-Hellman, ElGamal and RSA posted April 2014

I'm in holidays for a week, easter I think, anyway, I didn't know what to do so I coded the Diffie-Hellman handshake, the ElGamal cryptosystem and the RSA cryptosystem in python.

You can check the code on github here: github.com/mimoo/crypto_studies

Check the tests.py file to see how the classes are used. Here's an extract:

"""Testing Diffie Hellman
"""
# 1. BOB
bob = DiffieHellman()
# G and g are generated automatically
print("G is a group mod %i and of order %i, and the generator g is %i" % (bob.G[0], bob.G[1], bob.g))
# We generate a secret and a public key
bob.generate_secret()
bob.generate_public()

# 2. ALICE
# We already know G and g
alice = DiffieHellman(bob.G, bob.g)
# We generate the secret key and the public key
alice.generate_secret()
alice.generate_public()

# 3. WE CREATE THE SHARED KEY
bob.generate_sharedkey(alice.publickey)
alice.generate_sharedkey(bob.publickey)
# Bob and Alice now have the same _sharedkey and the same public (G, g)

As the README says, it might be oversimplified and not totally correct. I mostly did that to do something in Python and also try to memorize how those systems work.

I've also done a lot of Unity this week-end. And also a bit of WxPython but I don't really like it. I think I should focus on QT and C++.

comment on this story

Whitebox Cryptography posted April 2014

Those past few months I've been working on a C implementation of a whitebox using Chow et al's paper and the DES algorithm.

It's not done yet but the code is available on github. I also did a C implementation of DES just to get a grip on it, it's available on github as well.

I just did a presentation of the research my team and I did, I think it went pretty well. The slides are here

comment on this story

How hard is it to find an internship? posted April 2014

I've been looking for a summer internship and I haven't really found anything sor far. Although I've had some interviews with some start ups from the Silicon Valley (including TrueVault that really seemed like a good fit for a cryptographer in progress like me :D). But I've been unlucky so far since they're pretty busy, it's demo day-time for those applying to ycombinator there.

Anyway I still have 4 months of holidays this summer and I'm wondering what I'll do if I can't find anything in Mountain View (n_n I really want to go there).

If you know someone, or are interested in a passionate coder and eager learner, you can take a look at my resume here and rush to contact me before someone else does :)

Otherwise I'll spend more time coding personal projects and writing this summer (by the way, Korben, a famous influential blogger in France has written about me and my application 3pages.fr in a blog post. Huge amount of traffic in a few hours, 600 people signing up in a day. I envy his traffic.)

comment on this story

NAT with iptables : super fast tutorial posted April 2014

So I know how to use iptables, I know what a NAT is, but I don't want to learn how to exactly do it. Misery... I have to learn how to do it because I have an exam that will probably ask me how to do it in a few days. So I've been looking for a super simple tutorial, a 1 minute tutorial, on how to setup a NAT configuration with iptables in 1 minute. Couldn't really find it so here it is, if this is somewhat useful for someone, you're welcome.

First Step

For NAT to work, you have to allow forwarding on your server. Easy peasy:

$echo 1 > /proc/sys/net/ipv4/ip_forward  Also, before adding new iptables rules, be sure to check what rules you already have $ iptables -L

you should allow some forwarding for it to work (if the policy is default to DROP). But this not a tutorial about iptables.

Static

I have a server with:

• eth0 connected to the network

• eth1 connected to internet

Let's modify the PREROUTING part. Traffic coming from internet on our public address (@pub) and trying to reach our machine:

$iptables -t nat -A PREROUTING -d @pub -i eth0 -j DNAT --to-destination @priv Let's modify the table nat, append a rule to the pretrouting section : something is trying to reach @pub ? Let's put it in our input interface eth0, jump to the Destination Nat protocol, which tells us to send the packet to @priv. Now Let's modify the POSTROUTING part. Traffic coming from inside our network and trying to reach something, somewhere on internet: $ iptables -t nat -A POSTROUTING -s @priv -o eth1 -j SNAT --to-source @pub

If the packet is coming from @priv, let's put it on our output interface eth1 and jump to the Source Nat Protocol that will modify the packet so it has the public address (@pub) as source.

Here! You did it. One private IP address mapped to one public IP address.

Dynamic

Same kind of configuration but now we have several private addresses and only one public address.

$iptables -t nat -A POSTROUTING -s @priv/mask -j MASQUERADE We can modify every packets coming from the subnetwork @priv to get masqueraded. $ iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Or we can just tell all the network to get masqueraded.

And this is it. No PREROUTING Needed.

Again, you're welcome ;)

Exams posted April 2014

We've been a group of 4-5 students spending each nights at the Crémi these few last days, this building of three floors where each floor has around 10 rooms full of computers.

We work, we eat, we play, and we crash each other computers.

There are a bunch of games installed on every computers but we mostly play SauerBraten, a quake-like.

My 15-year-old self would have spent most of his days here playing, if only he knew that his future campus would have such a sacred place :)

How do we crash each other computer? We just ssh into their machine and launch a fork bomb:

 :(){ :|:& };:

It operates by defining a function called ':', which calls itself twice, once in the foreground and once in the background.

comment on this story

Fast Fourier Transform posted April 2014

So, I've learned about Fourier every year in my bachelor of Mathematics and I'm learning about the efficient algorithm dealing with the Fourier Transform in my class of Algebra right now.

I found a really nice video explaining really quick what it is, concretely.

Here's wikipedia way of showing that made by LucasVB, this crazy guy doing all those math gifs you've probably seen before :) more here

There's also a visualization in d3.js here: http://bl.ocks.org/jinroh/7524988

comment on this story