Hanno Böck: Some tales from TLS posted April 2015
Hanno Böck, the guy who just found Heartbleed with a fuzzer also gave a really interesting talk at EasterHegg a few weeks ago:
comment on this storyHey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.
Quick access to articles on this page:
more on the next page...
Hanno Böck, the guy who just found Heartbleed with a fuzzer also gave a really interesting talk at EasterHegg a few weeks ago:
comment on this storyAn interesting question on security.stackexchange
If two wifi have the same name, and you know one is there for a man in the middle attack, then how can you guess which one it is?
There are a lot of interesting answers, like triangulating the signal to see which one is your modem, or checking the MAC address...
comment on this storySo there is this app that encrypts your data on your mobile, in case it ends up in the wrong hands. Sounds good. And then there is this guy who took a look at it and figured out the data was just XORed with a 128bit keys consisting of only 4s. If the data is longer than 128bits? Let's not encrypt it!
I don't know how legit it is, especially considering how easy it is to just write aes(something) but here you go
comment on this storyThe tee command allow you to write to a file and still display the result in output.
For exemple
ls
display the content of the current folder in stdout (the terminal)
ls > file.txt
saves that in a file file.txt
ls | tee file.txt
saves that in a file file.txt
and displays in stdout at the same time
Some news about the Truecrypt open audit: the report is out.
comment on this storyThe TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.
An update on an old post from 2007 entitled Enough With the Rainbow Tables: What You Need to Know About Secure Password Schemes from Thomas Ptacek. This time from Jeff Jarmoc: Enough With the Salts: Updates on Secure Password Schemes
comment on this storyApparently a beer was made with a cipher on it, and that is the story of one dude breaking it.
It reminds me a bit of the anssi logo challenge (in french).
Thx to my coworker Vitaly for the link!
2 commentsI haven't been posting for a while, and this is because I was busy looking for a place in Chicago. I finally found it! And I just accomplished my first day at Cryptography Services, or rather at Matasano since I'm in their office, or rather at NCC Group since everything must be complicated :D
I arrived and received a bag of swags along with a brand new macbook pro! That's awesome except for the fact that I spent way too much time trying to understand how to properly use it. A few things I've discovered:
pbcopy
and use pbpaste
to play with the clipboardopen .
in the console opens the current directory in Finder (on windows with cygwin I use explorer .
)alt
+b
, ctrl
+a
, etc...)I don't know what I'll be blogging about next, because I can't really disclose the work I'll be doing there. But so far the people have been really nice and welcoming, the projects seem to be amazingly interesting (and yeah, I will be working on OpenSSL!! (the audit is public so that I can say :D)). The city is also amazing and I've been really impressed by the food. Every place, every dish and every bite has been a delight :)
4 commentsMy book Real-World Cryptography is finished and shipping! You can purchase it here.
If you don't know where to start, you might want to check these popular articles:
Here are the latest links posted:
You can also suggest a link.