7 hours ago

Great reading about SHA1 and its weaknesses
Credits Declain Thomas

#cryptography #sha1 #infosec #cybersecurity #learning

11 hours ago

.@timwattsmp interesting to find a pollie on here following #infosec and #privacy posters when you work for a government that’s (both Libs and Labor) hell bent on removing our rights to #cryptography and wants backdoor access to everything we (your employer, the voting public…) own digitally…..

cynicalsecurity :cm_2:
20 hours ago

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

¹ Software Bill Of Materials.

ednl 🇪🇺
1 day ago

My own #MD5 library in C. It's a little faster than openssl, probably because it's less general (but it still handles any string length). Mainly it was a good exercise to implement it.

#Clang #Cprogramming #cryptography (but don't rely on this! Md5 has been cracked)

1 day ago

#encryption #cryptography #psychedelics #LSD #psilocybin

`A new competition focused on 'Psychedelic Cryptography' has awarded cash prizes to artists who made videos encoded with hidden messages that can be most easily deciphered by a person who is tripping on psychedelic substances, such as LSD, ayahuasca, or psilocybin mushrooms.`

John Bokma
2 days ago

Hash Functions, Emacs in an IDE world, and Daily Rust: Iterators

#ComputerScience #cryptography #emacs #rust

👉 Please retweet if you ❤ Plurrrr. Thanks! 👍

Rasheed Ahmed
2 days ago

@skiff open sourced their cryptographic library "including useful functions for symmetric encryption, asymmetric encryption, hashing, and more. Contributions and suggestions are welcome!"

#OpenSource #foss #npm #nodejs #e2ee #encryption #cryptography #ellipticcurvecryptography #ecc #emailencryption

Skiff logo like a round yummy doughnut with logos of their apps: Mail which looks like an envelope, Pages which looks like a page being turned, Drive which looks like a filing cabinet I think, and Calendar which looks like a calendar showing April 1st date!

This post is mostly for beginners, but others may find it useful too.

So, i added timestamps to the unlock information for Portknocking.

Why you may ask?

The obvious answer is replay attacks. Normally you wouldn't have much of a problem with this, but if someone compromised a host that was once allowed to access the resources on the portknocked host as well as a signed unlock code, then that unlock information could be used to access it again by sending the same info again.

As the internet is spanning globally, there are two things that needs to be solved:

1. Latency, sending a packet can sometimes takes seconds, that is why you need a "grace period", like Date.Now.Addseconds(-5) to allow for timestamps to be valid for that many seconds.

2. Services may be spread out globally, so you would instead of Date.Now() use Date.UTCNow() to get the proper zulu timestamp (a.k.a Greenwich village time), using zulu time, it doesn't matter what timezone the server or client is in.

The attack vector of someone compromising the client and the private key is rather small, but the solution there is to encrypt the private key (not the public one) with a passphrase that is entered every time you need to sign an unlock message.

Assume that there is a keylogger installed on the host with the unlock client, the only mitigation then is (apart from cleaning the system) to generate a new keypair and distribute the new public key to the portknocking server.

#cryptography #digitalsignatures #replayattacks #utc #timezones #timestamps

Vincent DARON
2 days ago

Cryptography to the next level : You need to be high on LSD to see it. These stunts are performed by trained professionals. Don't try this at home. #cryptography

Bob the Traveler
2 days ago

U.S. Navy dive bombers sank the Japanese cruiser Mikuma and four Japanese aircraft carriers OTD in 1942 in the Battle of Midway; Allied victory was possible thanks to #cryptography #history

2 days ago

For any who are interested in tracking this, see this GitHub issue where several platforms are logged


I am surprised WebKit didn't include X25519.

A table showing which browsers and platforms have certain 25519 and family support
3 days ago

Safari 17 is coming with support for Ed25519! #cryptography

Bob the Traveler
3 days ago
Bob the Traveler
3 days ago

Today is Adi Shamir's birthday! Time to learn about #cryptography #cybersecurity

Fab :verifiedpurple:
4 days ago

It's really interesting, and shows just how little some people know about technology. What's worrying the most, those people are General Directorate for Internal Security and Investigating Judge.

So, if you are, among other things :
- Using Signal or any application encrypting communication,
- Using ProtonMail or equivalent,
- Using VPN,
- Using LineageOS or /e/OS,
- possessing simple technical documentation,
- ...

You may have a terrorist behavior.

#infosec #encryption #cryptography

John Bokma
4 days ago

systemd by example, Testing Private Methods, and Ed25519 Signatures

#systemd #SoftwareDevelopment #cryptography

👉 Please retweet if you ❤ Plurrrr. Thanks! 👍

Jeff Martin
4 days ago

Any #Rust #Cryptography people out there? :blobcatwave:

I've been using the Rust OpenSSL bindings for a while now, and they're fine. They're fine.

But the lib seems to be missing any bindings for EVP_PKEY_pairwise_check() and I'd really like to use it. Support for OpenSSL v3.x apis seems to be generally lacking.

Although, I've heard OpenSSL isn't a great library in general and maybe I should try to use something else. So maybe this is a good opportunity to migrate to a better lib?

What are the good crypto libraries out there for Rust? I'm looking for implementations of basic stuff like RSA, HMAC, AES, etc. Bonus points if the implementation is actually in a memory-safe language (like Rust!).

Ring looks nice maybe? I suppose there are probably bindings for libsodium somewhere. What are people using these days?

Bob the Traveler
4 days ago
Bob the Traveler
4 days ago

Today is Whitfield Diffie's birthday! Time to learn about #cryptography #cybersecurity

Bob the Traveler
5 days ago

The Battle of Midway began OTD in 1942; US victory was based on cryptanalysis #travel #history #cryptography

Sven Slootweg
6 days ago

#Cryptography question: I'm building a project that deduplicates stored data chunks. Chunks are encrypted using their own hash as the key. For this to not break deduplication, I think the IV needs to be deterministic?

What security properties am I losing by doing this, and is there a better way (that does not involve "just use ZFS" or similar)?

Konstantin :C_H:
6 days ago

If you're reading this, your last Diffie-Hellman-Merkle key exchange probably happened just seconds ago.

Have you ever wondered under what circumstances it is secure?

Me too, so let's take a look ⤵️

#Infosec #CyberSecurity #BugBounty #Pentesting #Cryptography

6 days ago

"In a suburban Brisbane garage, young women decoded radio transmissions that changed the course of World War II. For the first time, their top-secret work on a panicked Japanese cable about a new type of weapon can be revealed." #WWII #WW2 #cryptography #encryption #decryption #CodeBreaking #Australia #history #ModernHistory #TypeX #military #signals

The Garage Girls and the secret war machine which uncovered Japanese secrets - ABC News

Picture of the intercepted message reporting the atomic bombing of Hiroshima to Japanese high command. The translated Hiroshima cable was declassified for the ABC document arty Breaking the Code: Cyber Secrets Revealed. (Supplied: Australian Signals Directorate)

Heute ging es an der TH Köln um das chinesische Spionage- und Cyberrecht - bei vollem Haus mit 170 angemeldeten Teilnehmer:innen! Wer nicht dabei sein konnte: Der Vortrag wurde aufgezeichnet, in Kürze gibt es hier den Link. #china #cyberlaw #cybersecurity #cryptography

Darth Vader
1 week ago

.... .- ...- . / .- / --. .-. . .- - / .-- . . -.- . -. -.. -.-.--

Unir n terng jrrxraq!




Jamie Clark
1 week ago

OASIS Open is a cosponsor of this year's International Cryptographic Module Conference (#ICMC23) in Ottawa this September; two of our technical committees, #KMIP and #PKCS11, are on the agenda.
More details:
#cryptography #security #standards

RT Agenda Announced! The Industry Reconvenes this Fall in Ottawa to Review Changing Global Standards ... in commercial cryptography.

The Mathematics of Secrets
1 week ago

Graph theory is one of those areas of mathematics that I never expected to use in #cryptography, but it keeps coming up! For example, the most serious attack on AES mentioned in Section 4.5 uses graph theory. So does the post-quantum technique known as Supersingular Isogeny Graph Cryptography --- something I hope to get to in the second edition!

1 week ago

Finished @pluralistic 's Red Team Blues over the weekend and loved it. Can't stop recommending it #cryptography #RedTeamBlues #InfoSec #ScienceFiction Here's a cryptographer's review -

Bob the Traveler
1 week ago

While still in his teens, Évariste Galois laid the foundations for Galois theory and group theory, used in #cryptography; he died OTD in 1832 at age 20 from wounds suffered in a duel #cybersecurity #history

Konstantin :C_H:
1 week ago

Want to know how these beautiful geometric figures are related to the Diffie-Hellman-Merkle key exchange?

Then look forward to the thread this Saturday!

#Infosec #CyberSecurity #BugBounty #Pentesting #Cryptography

A geometrical figure consisting only of black straight lines, which are arranged in a way that their outline yields a circle. The background is white. Within the circle, various shapes emerge through the density of the lines. Some look like hearts, others like blossoms or spheres.
A geometrical figure consisting only of black straight lines, which are arranged in a way that their outline yields a circle. The background is white. Within the circle, various shapes emerge through the density of the lines. Some look like hearts, others like blossoms or spheres.
A geometrical figure consisting only of black straight lines, which are arranged in a way that their outline yields a circle. The background is white. Within the circle, various shapes emerge through the density of the lines. Some look like hearts, others like blossoms or spheres.
A geometrical figure consisting only of black straight lines, which are arranged in a way that their outline yields a circle. The background is white. Within the circle, various shapes emerge through the density of the lines. Some look like hearts, others like blossoms or spheres.
Mark Gardner ‍:sdf:
1 week ago

@Perl Good news, the #Perl module IO::Socket::SSL now defaults to using the #TLS cryptographic protocol version 1.2 or greater. (Earlier versions have been widely deprecated for a couple of years due to weaknesses found in the #MD5 and #SHA1 hashing functions.)

Note that if you’ve updated #OpenSSL recently you may also have to rebuild and reinstall Net::SSLeay from #CPAN.

#infosec #security #cryptography #SSL

Compsci Weekly
1 week ago

KryptEY: Android keyboard for E2EE communication through the signal protocol in any messenger


#compsci #cryptography #programming #security

2 weeks ago

The draft for Ristretto255 and Decaf448 in the IRTF stream has closed. There are two yes's and five no objections. "The poll is concluded with enough positions to progress"

Will we see an RFC soon? #cryptography

Preston Maness ☭
2 weeks ago

@kkarhan @me @mozilla @torproject

#Thunderbird is actually working on making #e2ee more seamless for email.

They aren't at the opportunistic encryption point yet though. And I suspect, thanks to the federated nature of email, that they're never going to be comfortable with a "just trust us bro" approach to accepting any old keypair that has a given email address from any old keyserver.

The closest we can get to that presently is #WKD, and, spoiler alert: *none* of the major email providers have *any* interest at all in supporting it. And, alas, pretty much everyone uses those major email providers for their email (gmail, hotmail, outlook/MSFT, yahoo, etc). The major providers don't want to support WKD because (1) it'll make handling spam much more difficult:

and (2) it'll also cut off a powerful revenue stream for them. For most folks, nothing is more intimate than their inbox. It's an advertiser's dream.


I've often wondered if it would be possible for a type of opt-in WKD system for users on those major email providers. E.g., a MUA like Thunderbird offers users the option of checking an alternate domain for WKD details (or hell, even gives them the option of setting up a key within the MUA and then automatically sending it to that alternate domain). I.e., chooses to provide his public key to, and does not accept the key until the user verifies ownership of the email (like how ownership is typically done with online accounts; "click the link we sent you" or some such). Then, the MUA can query that alternate domain for users from gmail, or yahoo, or wherever. This would require a slight adjustment to the WKD scheme, but is something I think might be doable.


C & C++ Weekly
2 weeks ago

*long exhale in frustration* #Cryptography

Rewriting my network code and adding #ECDH turns out to be a job that requires attention to detail, so i added a switch to select what key exchange algorithm to use instead of just ripping out all #RSA code and risk having non functioning code.

Wish that I've had access to ECDH from the start instead of implementing RSA key exchange.

It's not just pasting a few statements over the other, the network protocol has to be changed as well, like using RSA you can just send the public key to the client and the client can create a session key and send that to the server (as a minimum.

ECDH on the other hand is two way and both the client and the server have to exchange public keys then calculate the shared secret. It may not sound like a big job, I've been there myself in the thought process - but it really is.

2 weeks ago

Break-out session for today:

- #OpenPGP v4->v6 Transition / #GnuPG Interoperability
- Signature Failures and how to deal with them
- Post Quantum #Cryptography (#pqc)
- Shared Library API
- OpenPGP-CA

But first lunch! 🌮

Meghana :bongoCat:
2 weeks ago

Just a girl teaching her cat cryptography because I now can’t understand it at all. I’m pretty sure he preferred the good old times of me reading fiction to him.

#cryptography #cats #catsofmastodon

Pascal the orange cat being forced to watch my laptop where I am trying to explain to him the paper that I am reading.
Compsci Weekly
3 weeks ago

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security


#compsci #cryptography #technology

3 weeks ago

#Development #Demos
TLS byte by byte · Watch a web page performing a live, annotated https request for itself

#Security #Cryptography #Protocol #WebDevelopment #WebDev #HTTPS #SSL #TLS

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #19/2023 is out! It includes, but not only:

‣ New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing #Phishing Pages
#Netgear Routers' Flaws Expose Users to #Malware, Remote Attacks, and Surveillance
‣ 🇮🇹 🏎️ #WordPress Plugin Vulnerability Exposed #Ferrari Website to Hackers
‣ 🇯🇵 🚗 #Toyota Japan exposed data on millions of vehicles for a decade
‣ 📨 #Microsoft patches bypass for recently fixed Outlook zero-click bug
‣ 🇺🇸 🇺🇦 IRS gives #Ukraine tools to expose Russian oligarchs hiding riches in #crypto exchanges
‣ 🇨🇭 Multinational tech firm #ABB hit by Black Basta #ransomware attack
‣ 🐥 #Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
‣ 🇺🇸 Cybersecurity firm #Dragos discloses cybersecurity incident, extortion attempt
‣ 🇰🇵 North Korean hackers breached major hospital in Seoul to steal data
‣ 🇺🇸 #Google Now Lets US Users Search #DarkWeb for Their Gmail ID
‣ 🇺🇸 #IBM Delivers Roadmap for Transition to Quantum-safe #Cryptography
‣ 🇪🇸 Spanish police dismantle phishing operation linked to crime ring
‣ 🇺🇸 Microsoft #PatchTuesday: 40 Vulnerabilities, 2 Zero-Days
‣ 🇺🇸 🇷🇺 Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by #Russia's Federal Security Service
‣ 🇺🇸 Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
#MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
‣ 🇮🇷 Microsoft: Iranian hacking groups join #Papercut attack spree

📚 This week's recommended reading is: "The Pentester BluePrint: Starting a Career as an Ethical Hacker" by @phillipwylie and @crowgirl

#security #data #databreach #surveillance #hospital

Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️

The #LastPass password generator uses a userspace #RC4 generator.

Here's their #JavaScript:

dogenerate() -> lpCreatePass() -> get_random() -> rng_get_bytes() -> rng_get_byte() -> prng_newstate() -> ARC4init(); ARC4next()

As RC4 is insecure, you would be wise not to use their web-based password generator.

Further, it seems likely they're using the same code in their password manager. You would be wise not to use it there also.

#cryptography #passwords

Screenshot of LastPass JavaScript source code highlighting the "dogenerate" function.
Screenshot of LastPass JavaScript source code highlighting the "lpCreatePass" function.
Screenshot of LastPass JavaScript source code highlighting the "rng_seed_int", "rng_seed_time", "rng_get_byte", "rng_get_bytes", and "get_random" functions.
Screenshot of LastPass JavaScript source code highlighting the "prng_newstate", "ARC4init", and "ARC4next" functions.
1 month ago
1 month ago

just went down a deep rabbit hole of how to serialize #json in a canonical way, for use with #p2p #cryptography like a future #ssb 🐇 🕳️

i present:

@couts @agreenberg well, #WhatsApp and #Signal are too #Singlevendor / #SingleProvider "solutions" with no transparent #cryptography or even #SelfHosting capabilities.

Also #Facebook snitches it's users as do all #GAFAM|s & #PRISM members...

Kevin McCurley
1 month ago

A quote that I always liked:
"If the theory of numbers could be employed for any practical and obviously honourable purpose, if it could be turned directly to the furtherance of human happiness or the relief of human suffering, as physiology or even chemistry can, then surely neither Gauss nor any other mathematician would have been so foolish as to decry or regret such applications. But science works for evil as well as for good (and particularly, of course, in time of war); and both Gauss and lesser mathematicians may be justified in rejoicing that there is one science at any rate, and that their own, whose very remoteness from ordinary human activities should keep it gentle and clean."

G.H. Hardy, A mathematician's apology, page 120.

Clearly Hardy did not anticipate the application of number theory to cryptography. He went on to cite quantum mechanics as "almost as 'useless' as the theory of numbers". He did however say that "Time may change all of this". He got that part right. #cryptography #mathematics

Chris Ely
1 month ago

Are you confused by what end-to-end encryption means?

I've found a few videos that explain this topic in plain language.

Great work, @kelseyahe!


Today On Screen
1 month ago

#OnThisDay, May 9, in 1941, the Royal Navy captured German U-boat U-110, recovering an Enigma machine, its cipher keys, and code books (depicted in U-571, 2000)

#Movies #Film #Cinemastodon #Enigma #U571 #Cipher #Cryptography #Histodons @histodons

A young man in a leather jacket stands inside an old submarine, looking around
A small boat watches as a submarine slips below the ocean waves as it sinks
A close up of the space between two men sitting in a small, open boat. One is holding tightly onto a square package wrapped in brown paper and tied with a string
Reality 2.0 Podcast
1 month ago

Tune in to our new episode! @katherined and @dsearls talk to @kyle about a proposal for authenticating content with cryptographic signing, and saving the internet.
Visit the following link for full episode -

#authenticity #security #ai #cryptography #Technology #Privacy #Podcast #newEpisode

I just learned that #Wireguard will automatically and correctly clamp any private 32-byte key.

For example:

$ openssl rand -base64 32

Even though the first and last bytes are not properly clamped above, when generating the public key, the wg(8) tool will clamp it. Further, when bringing up the interface, Wireguard will also clamp it.

See and (search for "curve25519_clamp_secret")


Emelia 👸🏻
1 month ago

Just saw someone implementing user authentication for an #E2EE application by taking the users password, running it through libsodium's crypto_pwhash with a fixed salt derived from the user's email address, before sending the (email, hash) pair to the remote server.. and I'm just like "is this secure?"

I'd always thought you'd want a construct like SRP6a for conducting the authentication between client & server (without the server learning the user's password)... #security #cryptography

1 month ago

The #IEFT were warning of this in the 90s:

"Export controls and usage controls [on cryptographic software] are slowing the deployment of security at the same time as the Internet is exponentially increasing in size and attackers are increasing in sophistication. This puts users in a dangerous position as they are forced to rely on insecure electronic communication."

#HatTip to @onepict for pushing us to read this.

#cryptography #security #privacy

1 month ago

Never got around to doing the Twitter thing, but figured I’d give Mastodon a whirl. So, hey.

I’ve been in #InfoSec for a good while now, from handling all manner of different things to varying degrees at a smaller company launching a dedicated security department, to focusing on #AppSec and #ProductSecurity at larger entities more recently. Dealt with #PaymentsCompliance A Lot over the years, including the #cryptography related standards.

David Bureš
2 months ago

I have a little challenge for all you cryptography enjoyers out there.

I am presenting you with this text:

First one to DM me a decoded result, along with the process they used for decoding the text, will advance to the next round...

#cryptography #Programming #challenge #Recruiting #jobs #Job

2 months ago

Which challenge should I start after the Easter holidays to learn more about save programming or / and security? :BoostOK:

#hack #rust #100daysofcode #rustlang #hackthebox #hacking #cryptohack #dev #security #code #cryptography #crypto #infosec #challenge

Adrian Offerman
2 months ago

now also available in English:
NIST fully retires the SHA-1 hash function -- Check whether your signed domains need switching to a modern DNSSEC algorithm

"NIST retired SHA-1 from use in digital signatures ten years ago. Now the hash has also been retired from all other uses, including HMAC (authentication of messages on the basis of a shared key), random number generation and password hashing."

#DNSSEC #cryptography #infosec

PKI Consortium
2 months ago

Are you an expert in Post-Quantum Cryptography and would you like to speak at our next conference?

We are now accepting proposals for presentations at the next Post-Quantum Cryptography Conference of the PKI Consortium, taking place in Europe after the summer of 2023.

#pqc #cryptography #conference #europe

Golang Weekly
2 months ago

Coze: A cryptographic JSON messaging specification designed for human readability


#compsci #cryptography #golang #programming #release #webdev

@hallam wants talk about "The Mathematical Mesh - A Fediverse PKI. User autonomy. End to end security, including direct messaging and E2E encrypted forums" at #FediForum next week.

If you are interested in serious #cryptography applied to the #Fediverse, this session is probably for you.

Tutanota ✅
3 months ago

In an era of quantum computing "arms race", it is time to transition to quantum-safe systems.

Tutanota is well ahead of the race: We already have a working prototype with post-quantum secure encryption. Stay tuned for future updates! 🤓💪

#postquantumcryptography #encryption #cryptography

The #internet is broken. #cryptography is dead. We are all doomed. #Privacy is part of the past. Governments will know everything. Attackers will steal your #bitcoin. Quantumcomputer will kill privacy. All hyped b*llshit.

If you want to get a realistic view without all the hype and in a language normal guys understand, watch this video.

You won't be able to program a #quantumcomputer afterwards, but at least you will understand algorithms described by Peter Shor.

Jan Wildeboer 😷:krulorange:
3 months ago

Behold, young followers. Let me give thou a fairest of warnings. I come from ancient times (10 years ago) where #crypto meant #cryptography and #ML meant Markup Language. Where HTML was seen by the elders as a simplified SGML that had no future. Where we hoped for bidirectional links a la Project Xanadu. If I may sound dismissive at times, it is because I come from those yonder times, where we hoped to build the Internet of People. We still hope. And build.

An "srandom" Linux kernel module source code project based on the xorshift PRNG that has been in development for 8+ years had made incorrect claims on security, inaccurate descriptions of the kernel CSPRNG, and offered some bad security advice.

#cryptography #security #linux

Aral Balkan
3 months ago

For a bit of fun, I made a version of the end-to-end encrypted Kitten chat example that animates part of the ciphertext descrambling into the plaintext. Because why not have a little fun along the way?


Source code:

#Kitten #SmallWeb #encryption #e2ee #cryptography #animation #web #dev

Adrian Offerman
3 months ago

NIST faseert de 'SHA-1'-hash-functie volledig uit -- Controleer of je je ondertekende domeinen nog moet overzetten naar een modern DNSSEC-algoritme

"Tien jaar geleden deed NIST SHA-1 al in de ban voor de toepassing in digitale handtekeningen. Nu dus ook voor alle andere toepassingen, waaronder HMAC (authenticatie van berichten op basis van een gedeelde sleutel), het genereren van random getallen en het hashen van paswoorden."

#DNSSEC #cryptography #infosec

Introducing Polynonce, a novel attack against ECDSA.

New paper released, which tells the story of how researchers ran it against datasets like Bitcoin, and code so you can run the attack yourself and verify your systems aren’t vulnerable.


Terence Eden
3 months ago

🆕 blog! “Offline Digital Currency Transactions”

Wouldn't it be good if digital currencies worked offline? I'm going to talk through a proposed user experience, and then discuss how it would work in practice. Let us imagine a future digital currency ₢. It might be fiat, it might be crypto, doesn't really matter. Alice loads up a smartcard with ₢100 and locks […]

👀 Read more:

#blockchain #crypto #cryptography

A tiny lego Storm Trooper eats a chocolate coin.