By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I wouldn’t be surprised if somebody else came with this idea first and named it something else since it’s quite simple. Sadly, I really haven’t had the time to check that out.
In this article I will introduce the concept of identifiers then pseudonymous identifiers and finally secure pseudonymous identifiers. I will also explain why they are a very useful technique to deter the risk of leakage on data whose only purpose is identifying an individual like U.S.A.’s SSN numbers or Spanish ID card numbers among others.
Sigue leyendo Using secure pseudonymous identifiers to protect identification numbers
Unless you have been under a rock you should have heard about the first public sha-1 collisions. If not, go to the page describing the collision and enjoy.
In this blogpost I’ll try to explain what this actually entails for most practical purposes. Sigue leyendo SHA-1 is publicly collided, now what?
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use only 16 bit words.
In this blogpost I’ll do a cryptanalysis of the Petya encryption algorithm (as published by leo-stone) and reduce the key entropy so that a single known plaintext is enough to break the algorithm. I’ll also explain how to use these results to make a faster and more efficient decrypting tool. And finally I’ll explain why genetic algorithms as used by leo-stone worked.
Sigue leyendo Cryptanalyzing Petya