En Febrero de 2017 se reportó la vulnerabilidad conocida como Return of Coppersmith’s Attack (ROCA) con CVE-2017-15361 y que afectó entre otros dispositivos a una gran cantidad de DNIs electrónicos con chip gemalto. La solución aplicada en el caso de los DNIs fue revocar (impedir uso futuro) las claves afectadas y expedir nuevas claves de […]
Continue readingTag: cryptography
Some notes on cipher choices and TLS1.3
After some discussion about TLS1.3 and ciphers with a few colleagues, I have decided to write a short summary of “the basics” you need to know as a developer. Here I will also explain shortly a bit which niche each of the 5 ciphers aims for and what the hash function they contain is actually […]
Continue readingWeaponizing squirrels (or why I can’t recommend SQRL)
After seeing Steve Gibson’s talk about SQRL today it just occured to me how easy it would be to weaponize SQRL to effectively attain permanency on systems. Below I’ll present a few attack scenarios that can give an idea of some of the vulnerabilities of the system that make me uncomfortable.
Continue readingUsing secure pseudonymous identifiers to protect identification numbers
By now you probably have read of the Equifax data leakage. This reminded me of the idea of secure pseudonymous identifiers I had been thinking on for some time. Secure pseudonymous identifiers make use of cryptography to make it hard or impossible to recover the original identifiers representing a specific person. To be sincere, I […]
Continue readingSHA-1 is publicly collided, now what?
Unless you have been under a rock you should have heard about the first public sha-1 collisions. If not, go to the page describing the collision and enjoy. In this blogpost I’ll try to explain what this actually entails for most practical purposes.
Continue readingCryptanalyzing Petya
A few days ago, leo-stone reverse-engineered the Petya ransomware and found that it was possible to use genetic algorithms to find out the key. He even published a nice decrypting tool in go. I took his globe and decided to prove why this is mostly a specific issue of how Petya reduced Salsa-20 to use […]
Continue reading