#cryptography
Great reading about SHA1 and its weaknesses
Credits Declain Thomas
.@timwattsmp interesting to find a pollie on here following #infosec and #privacy posters when you work for a government that’s (both Libs and Labor) hell bent on removing our rights to #cryptography and wants backdoor access to everything we (your employer, the voting public…) own digitally…..
Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.
* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"
#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks
__
¹ Software Bill Of Materials.
Hi this might interest you These '#Psychedelic #Cryptography' #Videos Have Hidden #Messages Designed to Be Seen While #Tripping
https://www.vice.com/en/article/3akkd9/psychedelic-cryptography-videos-have-hidden-messages-designed-to-be-seen-while-tripping @cosmiclibrarian
Question about what "big Galois group" means in NTRU Prime
https://ntruprime.cr.yp.to/latticerisks-20211031.pdf
Discussions: https://discu.eu/q/https://ntruprime.cr.yp.to/latticerisks-20211031.pdf
My own #MD5 library in C. It's a little faster than openssl, probably because it's less general (but it still handles any string length). Mainly it was a good exercise to implement it. https://github.com/ednl/c/blob/master/mymd5.c
#Clang #Cprogramming #cryptography (but don't rely on this! Md5 has been cracked)
#encryption #cryptography #psychedelics #LSD #psilocybin
`A new competition focused on 'Psychedelic Cryptography' has awarded cash prizes to artists who made videos encoded with hidden messages that can be most easily deciphered by a person who is tripping on psychedelic substances, such as LSD, ayahuasca, or psilocybin mushrooms.`
Hash Functions, Emacs in an IDE world, and Daily Rust: Iterators
#ComputerScience #cryptography #emacs #rust
👉 Please retweet if you ❤ Plurrrr. Thanks! 👍
@skiff open sourced their cryptographic library "including useful functions for symmetric encryption, asymmetric encryption, hashing, and more. Contributions and suggestions are welcome!"
#OpenSource #foss #npm #nodejs #e2ee #encryption #cryptography #ellipticcurvecryptography #ecc #emailencryption
This post is mostly for beginners, but others may find it useful too.
So, i added timestamps to the unlock information for Portknocking.
Why you may ask?
The obvious answer is replay attacks. Normally you wouldn't have much of a problem with this, but if someone compromised a host that was once allowed to access the resources on the portknocked host as well as a signed unlock code, then that unlock information could be used to access it again by sending the same info again.
As the internet is spanning globally, there are two things that needs to be solved:
1. Latency, sending a packet can sometimes takes seconds, that is why you need a "grace period", like Date.Now.Addseconds(-5) to allow for timestamps to be valid for that many seconds.
2. Services may be spread out globally, so you would instead of Date.Now() use Date.UTCNow() to get the proper zulu timestamp (a.k.a Greenwich village time), using zulu time, it doesn't matter what timezone the server or client is in.
The attack vector of someone compromising the client and the private key is rather small, but the solution there is to encrypt the private key (not the public one) with a passphrase that is entered every time you need to sign an unlock message.
Assume that there is a keylogger installed on the host with the unlock client, the only mitigation then is (apart from cleaning the system) to generate a new keypair and distribute the new public key to the portknocking server.
#cryptography #digitalsignatures #replayattacks #utc #timezones #timestamps
Cryptography to the next level : https://qri.org/blog/psycrypto-contest. You need to be high on LSD to see it. These stunts are performed by trained professionals. Don't try this at home. #cryptography
U.S. Navy dive bombers sank the Japanese cruiser Mikuma and four Japanese aircraft carriers OTD in 1942 in the Battle of Midway; Allied victory was possible thanks to #cryptography https://cromwell-intl.com/travel/japan/wwii-cryptanalysis/?s=mb #history
For any who are interested in tracking this, see this GitHub issue where several platforms are logged
https://github.com/WICG/webcrypto-secure-curves/issues/20
I am surprised WebKit didn't include X25519.
Today is Adi Shamir's birthday! #Cryptography has its own language https://cromwell-intl.com/cybersecurity/crypto/terminology.html?s=mb #cybersecurity
Today is Adi Shamir's birthday! Time to learn about #cryptography https://cromwell-intl.com/cybersecurity/crypto/?s=mb #cybersecurity
It's really interesting, and shows just how little some people know about technology. What's worrying the most, those people are General Directorate for Internal Security and Investigating Judge.
So, if you are, among other things :
- Using Signal or any application encrypting communication,
- Using ProtonMail or equivalent,
- Using VPN,
- Using LineageOS or /e/OS,
- possessing simple technical documentation,
- ...
You may have a terrorist behavior.
https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/
systemd by example, Testing Private Methods, and Ed25519 Signatures
#systemd #SoftwareDevelopment #cryptography
👉 Please retweet if you ❤ Plurrrr. Thanks! 👍
Any #Rust #Cryptography people out there? :blobcatwave:
I've been using the Rust OpenSSL bindings for a while now, and they're fine. They're fine.
But the lib seems to be missing any bindings for EVP_PKEY_pairwise_check() and I'd really like to use it. Support for OpenSSL v3.x apis seems to be generally lacking.
Although, I've heard OpenSSL isn't a great library in general and maybe I should try to use something else. So maybe this is a good opportunity to migrate to a better lib?
What are the good crypto libraries out there for Rust? I'm looking for implementations of basic stuff like RSA, HMAC, AES, etc. Bonus points if the implementation is actually in a memory-safe language (like Rust!).
Ring looks nice maybe? I suppose there are probably bindings for libsodium somewhere. What are people using these days?
Today is Whitfield Diffie's birthday! #Cryptography has its own language https://cromwell-intl.com/cybersecurity/crypto/terminology.html?s=mb #cybersecurity
Today is Whitfield Diffie's birthday! Time to learn about #cryptography https://cromwell-intl.com/cybersecurity/crypto/?s=mb #cybersecurity
Hackaday Links: June 4, 2023 - A report released this week suggests that 50 flights into its five-flight schedule... - https://hackaday.com/2023/06/04/hackaday-links-june-4-2023/ #darksideofthemoon #hackadaycolumns #refractiveindex #hackadaylinks #perserverance #amateurradio #cryptography #interference #ingenuity #pinkfloyd #hakuto-r #physics #slider #decode #jezero #optics #prism #mars #seti #fcc #ham
The Battle of Midway began OTD in 1942; US victory was based on cryptanalysis https://cromwell-intl.com/travel/uk/bletchley-park/?s=mb #travel #history #cryptography
#Cryptography question: I'm building a project that deduplicates stored data chunks. Chunks are encrypted using their own hash as the key. For this to not break deduplication, I think the IV needs to be deterministic?
What security properties am I losing by doing this, and is there a better way (that does not involve "just use ZFS" or similar)?
If you're reading this, your last Diffie-Hellman-Merkle key exchange probably happened just seconds ago.
Have you ever wondered under what circumstances it is secure?
Me too, so let's take a look ⤵️
#Infosec #CyberSecurity #BugBounty #Pentesting #Cryptography
"In a suburban Brisbane garage, young women decoded radio transmissions that changed the course of World War II. For the first time, their top-secret work on a panicked Japanese cable about a new type of weapon can be revealed." #WWII #WW2 #cryptography #encryption #decryption #CodeBreaking #Australia #history #ModernHistory #TypeX #military #signals
The Garage Girls and the secret war machine which uncovered Japanese secrets - ABC News https://www.abc.net.au/news/2023-06-03/garage-girls-world-war-2-spying-in-australia/102411022
Heute ging es an der TH Köln um das chinesische Spionage- und Cyberrecht - bei vollem Haus mit 170 angemeldeten Teilnehmer:innen! Wer nicht dabei sein konnte: Der Vortrag wurde aufgezeichnet, in Kürze gibt es hier den Link. #china #cyberlaw #cybersecurity #cryptography
.... .- ...- . / .- / --. .-. . .- - / .-- . . -.- . -. -.. -.-.--
Unir n terng jrrxraq!
IDQWO ZNYLA CTLJS EA
V945N4QNUODJQBOGOYWM
OASIS Open is a cosponsor of this year's International Cryptographic Module Conference (#ICMC23) in Ottawa this September; two of our technical committees, #KMIP and #PKCS11, are on the agenda.
More details: https://icmconference.org
#cryptography #security #standards
RT @CryptoModConf@twitter.com: Agenda Announced! The Industry Reconvenes this Fall in Ottawa to Review Changing Global Standards ... in commercial cryptography.
Graph theory is one of those areas of mathematics that I never expected to use in #cryptography, but it keeps coming up! For example, the most serious attack on AES mentioned in Section 4.5 uses graph theory. So does the post-quantum technique known as Supersingular Isogeny Graph Cryptography --- something I hope to get to in the second edition!
@QuantaMagazine
Finished @pluralistic 's Red Team Blues over the weekend and loved it. Can't stop recommending it #cryptography #RedTeamBlues #InfoSec #ScienceFiction Here's a cryptographer's review - https://blog.cryptographyengineering.com/2023/04/24/book-review-red-team-blues/
While still in his teens, Évariste Galois laid the foundations for Galois theory and group theory, used in #cryptography; he died OTD in 1832 at age 20 from wounds suffered in a duel https://cromwell-intl.com/cybersecurity/crypto/?s=mb #cybersecurity #history
Want to know how these beautiful geometric figures are related to the Diffie-Hellman-Merkle key exchange?
Then look forward to the thread this Saturday!
#Infosec #CyberSecurity #BugBounty #Pentesting #Cryptography
@Perl Good news, the #Perl module IO::Socket::SSL now defaults to using the #TLS cryptographic protocol version 1.2 or greater. (Earlier versions have been widely deprecated for a couple of years due to weaknesses found in the #MD5 and #SHA1 hashing functions.)
Note that if you’ve updated #OpenSSL recently you may also have to rebuild and reinstall Net::SSLeay from #CPAN.
#infosec #security #cryptography #SSL https://g0v.social/@gugod/110392435778885615
KryptEY: Android keyboard for E2EE communication through the signal protocol in any messenger
https://github.com/amnesica/KryptEY
Discussions: https://discu.eu/q/https://github.com/amnesica/KryptEY
The draft for Ristretto255 and Decaf448 in the IRTF stream has closed. There are two yes's and five no objections. "The poll is concluded with enough positions to progress"
Will we see an RFC soon? #cryptography
https://datatracker.ietf.org/doc/draft-irtf-cfrg-ristretto255-decaf448/history/
@kkarhan @BleepingComputer@infosec.exchange @me @mozilla @torproject
#Thunderbird is actually working on making #e2ee more seamless for email.
They aren't at the opportunistic encryption point yet though. And I suspect, thanks to the federated nature of email, that they're never going to be comfortable with a "just trust us bro" approach to accepting any old keypair that has a given email address from any old keyserver.
The closest we can get to that presently is #WKD, and, spoiler alert: *none* of the major email providers have *any* interest at all in supporting it. And, alas, pretty much everyone uses those major email providers for their email (gmail, hotmail, outlook/MSFT, yahoo, etc). The major providers don't want to support WKD because (1) it'll make handling spam much more difficult:
https://moderncrypto.org/mail-archive/messaging/2014/000780.html
and (2) it'll also cut off a powerful revenue stream for them. For most folks, nothing is more intimate than their inbox. It's an advertiser's dream.
-----
I've often wondered if it would be possible for a type of opt-in WKD system for users on those major email providers. E.g., a MUA like Thunderbird offers users the option of checking an alternate domain for WKD details (or hell, even gives them the option of setting up a key within the MUA and then automatically sending it to that alternate domain). I.e., bob@gmail.com chooses to provide his public key to wkdforeveryone.org, and wkdforeveryone.org does not accept the key until the user verifies ownership of the email (like how ownership is typically done with online accounts; "click the link we sent you" or some such). Then, the MUA can query that alternate domain for users from gmail, or yahoo, or wherever. This would require a slight adjustment to the WKD scheme, but is something I think might be doable.
Sequency, A Powerful C++ Library for Random Numbers Generation!
https://github.com/JoshuaKasa/Sequency
Discussions: https://discu.eu/q/https://github.com/JoshuaKasa/Sequency
New versions of LibreSSL released https://undeadly.org/cgi?action=article;sid=20230528115900 #libressl #openbsd #ssl #tls #security #encryption #crypto #cryptography
*long exhale in frustration* #Cryptography
Rewriting my network code and adding #ECDH turns out to be a job that requires attention to detail, so i added a switch to select what key exchange algorithm to use instead of just ripping out all #RSA code and risk having non functioning code.
Wish that I've had access to ECDH from the start instead of implementing RSA key exchange.
It's not just pasting a few statements over the other, the network protocol has to be changed as well, like using RSA you can just send the public key to the client and the client can create a session key and send that to the server (as a minimum.
ECDH on the other hand is two way and both the client and the server have to exchange public keys then calculate the shared secret. It may not sound like a big job, I've been there myself in the thought process - but it really is.
Break-out session for today:
- #OpenPGP v4->v6 Transition / #GnuPG Interoperability
- Signature Failures and how to deal with them
- Post Quantum #Cryptography (#pqc)
- Shared Library API
- OpenPGP-CA
But first lunch! 🌮
Just discovered about #elizabethfriedman, pure genius, an incredbile mind!
Breaking SHA256: length extension attacks in practice (with Go)
https://kerkour.com/sha256-length-extension-attacks
Discussions: https://discu.eu/q/https://kerkour.com/sha256-length-extension-attacks
Just a girl teaching her cat cryptography because I now can’t understand it at all. I’m pretty sure he preferred the good old times of me reading fiction to him.
PGP signatures on PyPI: worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
Discussions: https://discu.eu/q/https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
PGP signatures on PyPI: worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security
https://www.helpnetsecurity.com/2023/05/17/cve-2023-32784/
Discussions: https://discu.eu/q/https://www.helpnetsecurity.com/2023/05/17/cve-2023-32784/
RFC 6920: Naming Things with Hashes (2013)
https://www.rfc-editor.org/rfc/rfc6920.html
Discussions: https://discu.eu/q/https://www.rfc-editor.org/rfc/rfc6920.html
#Development #Demos
TLS byte by byte · Watch a web page performing a live, annotated https request for itself https://ilo.im/12unm4
_____
#Security #Cryptography #Protocol #WebDevelopment #WebDev #HTTPS #SSL #TLS
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #19/2023 is out! It includes, but not only:
‣ New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing #Phishing Pages
‣ #Netgear Routers' Flaws Expose Users to #Malware, Remote Attacks, and Surveillance
‣ 🇮🇹 🏎️ #WordPress Plugin Vulnerability Exposed #Ferrari Website to Hackers
‣ 🇯🇵 🚗 #Toyota Japan exposed data on millions of vehicles for a decade
‣ 📨 #Microsoft patches bypass for recently fixed Outlook zero-click bug
‣ 🇺🇸 🇺🇦 IRS gives #Ukraine tools to expose Russian oligarchs hiding riches in #crypto exchanges
‣ 🇨🇭 Multinational tech firm #ABB hit by Black Basta #ransomware attack
‣ 🐥 #Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
‣ 🇺🇸 Cybersecurity firm #Dragos discloses cybersecurity incident, extortion attempt
‣ 🇰🇵 North Korean hackers breached major hospital in Seoul to steal data
‣ 🇺🇸 #Google Now Lets US Users Search #DarkWeb for Their Gmail ID
‣ 🇺🇸 #IBM Delivers Roadmap for Transition to Quantum-safe #Cryptography
‣ 🇪🇸 Spanish police dismantle phishing operation linked to crime ring
‣ 🇺🇸 Microsoft #PatchTuesday: 40 Vulnerabilities, 2 Zero-Days
‣ 🇺🇸 🇷🇺 Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by #Russia's Federal Security Service
‣ 🇺🇸 Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
‣ #MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
‣ 🇮🇷 Microsoft: Iranian hacking groups join #Papercut attack spree
📚 This week's recommended reading is: "The Pentester BluePrint: Starting a Career as an Ethical Hacker" by @phillipwylie and @crowgirl
#security #data #databreach #surveillance #hospital
Subscribe to the #newsletter to have it piping hot in your inbox every Sunday ⬇️
The #LastPass password generator uses a userspace #RC4 generator.
Here's their #JavaScript:
dogenerate() -> lpCreatePass() -> get_random() -> rng_get_bytes() -> rng_get_byte() -> prng_newstate() -> ARC4init(); ARC4next()
As RC4 is insecure, you would be wise not to use their web-based password generator.
Further, it seems likely they're using the same code in their password manager. You would be wise not to use it there also.
Announcing Durin: a New Mobile App for the IPFS Network https://blog.ipfs.tech/announcing-durin/ | https://lobste.rs/s/9reana #cryptography #distributed #networking
Experimenting with multi-factor encryption https://notes.volution.ro/v1/2023/05/remarks/e175b2ef/ | https://lobste.rs/s/azphsq #cryptography
Nice series introducing cryptography concepts for beginners
Part 1: https://sergioprado.blog/introduction-to-encryption-for-embedded-linux-developers/
Part 2: https://sergioprado.blog/a-hands-on-approach-to-symmetric-key-encryption/
Part 3: https://sergioprado.blog/asymmetric-key-encryption-and-digital-signatures-in-practice/
Testing a new encrypted messaging app's extraordinary claims
https://crnkovic.dev/testing-converso/
Discussions: https://discu.eu/q/https://crnkovic.dev/testing-converso/
#compsci #cryptography #netsec #privacy #programming #reverseengineering #security
just went down a deep rabbit hole of how to serialize #json in a canonical way, for use with #p2p #cryptography like a future #ssb 🐇 🕳️
i present: https://github.com/ahdinosaur/json-canon
@couts @agreenberg well, #WhatsApp and #Signal are too #Singlevendor / #SingleProvider "solutions" with no transparent #cryptography or even #SelfHosting capabilities.
Also #Facebook snitches it's users as do all #GAFAM|s & #PRISM members...
A quote that I always liked:
"If the theory of numbers could be employed for any practical and obviously honourable purpose, if it could be turned directly to the furtherance of human happiness or the relief of human suffering, as physiology or even chemistry can, then surely neither Gauss nor any other mathematician would have been so foolish as to decry or regret such applications. But science works for evil as well as for good (and particularly, of course, in time of war); and both Gauss and lesser mathematicians may be justified in rejoicing that there is one science at any rate, and that their own, whose very remoteness from ordinary human activities should keep it gentle and clean."
G.H. Hardy, A mathematician's apology, page 120. https://www.rarebooksocietyofindia.org/book_archive/196174216674_10151379429531675.pdf
Clearly Hardy did not anticipate the application of number theory to cryptography. He went on to cite quantum mechanics as "almost as 'useless' as the theory of numbers". He did however say that "Time may change all of this". He got that part right. #cryptography #mathematics
Are you confused by what end-to-end encryption means?
I've found a few videos that explain this topic in plain language.
https://youtube.com/playlist?list=PLMItfTVgwEAvTX4-sZkcF5s3-l1JDocY0
Great work, @kelseyahe!
#OnThisDay, May 9, in 1941, the Royal Navy captured German U-boat U-110, recovering an Enigma machine, its cipher keys, and code books (depicted in U-571, 2000)
#Movies #Film #Cinemastodon #Enigma #U571 #Cipher #Cryptography #Histodons @histodons
Tune in to our new episode! @katherined and @dsearls talk to @kyle about a proposal for authenticating content with cryptographic signing, and saving the internet.
Visit the following link for full episode - https://www.reality2cast.com/145
#authenticity #security #ai #cryptography #Technology #Privacy #Podcast #newEpisode
On the security of the Linux disk encryption LUKS
https://dys2p.com/en/2023-05-luks-security.html
Discussions: https://discu.eu/q/https://dys2p.com/en/2023-05-luks-security.html
I just learned that #Wireguard will automatically and correctly clamp any private 32-byte key.
For example:
$ openssl rand -base64 32
tx6Kwv9L17ARq8WOd0M3sjm8gKU8bmdoSeBoGTzyEyY=
Even though the first and last bytes are not properly clamped above, when generating the public key, the wg(8) tool will clamp it. Further, when bringing up the interface, Wireguard will also clamp it.
See https://git.zx2c4.com/wireguard-tools/tree/src/genkey.c and https://git.zx2c4.com/wireguard-linux/tree/drivers/net/wireguard/noise.c (search for "curve25519_clamp_secret")
Just saw someone implementing user authentication for an #E2EE application by taking the users password, running it through libsodium's crypto_pwhash with a fixed salt derived from the user's email address, before sending the (email, hash) pair to the remote server.. and I'm just like "is this secure?"
I'd always thought you'd want a construct like SRP6a for conducting the authentication between client & server (without the server learning the user's password)... #security #cryptography
The #IEFT were warning of this in the 90s:
"Export controls and usage controls [on cryptographic software] are slowing the deployment of security at the same time as the Internet is exponentially increasing in size and attackers are increasing in sophistication. This puts users in a dangerous position as they are forced to rely on insecure electronic communication."
https://datatracker.ietf.org/doc/html/rfc1984
#introduction
Never got around to doing the Twitter thing, but figured I’d give Mastodon a whirl. So, hey.
I’ve been in #InfoSec for a good while now, from handling all manner of different things to varying degrees at a smaller company launching a dedicated security department, to focusing on #AppSec and #ProductSecurity at larger entities more recently. Dealt with #PaymentsCompliance A Lot over the years, including the #cryptography related standards.
Ristretto255 has enough positions to pass! #cryptography
https://datatracker.ietf.org/doc/draft-irtf-cfrg-ristretto255-decaf448/ballot/irsg/
I have a little challenge for all you cryptography enjoyers out there.
I am presenting you with this text:
MSbGoAAAIAAgACAFWyAAZgAAAAAAeAB4ACAACqLAAAqi799gAUgmWMoAAAAAAAAAAAAAAAAAAAAAAMMAIAAgQEBlAcASwAVbIABmIABC1AAAQsZqosAAAAAAAG00uaGEveMs9Fbjnf0zN0327OmOD7nb1Vnbu/sreakDnUnnETTgW/Y2W14tvoZflwSjQMwbg/dP
First one to DM me a decoded result, along with the process they used for decoding the text, will advance to the next round...
#cryptography #Programming #challenge #Recruiting #jobs #Job
Which challenge should I start after the Easter holidays to learn more about save programming or / and security? :BoostOK:
--
#hack #rust #100daysofcode #rustlang #hackthebox #hacking #cryptohack #dev #security #code #cryptography #crypto #infosec #challenge
now also available in English:
NIST fully retires the SHA-1 hash function -- Check whether your signed domains need switching to a modern DNSSEC algorithm
https://www.sidn.nl/en/news-and-blogs/nist-fully-retires-the-sha-1-hash-function
"NIST retired SHA-1 from use in digital signatures ten years ago. Now the hash has also been retired from all other uses, including HMAC (authentication of messages on the basis of a shared key), random number generation and password hashing."
Are you an expert in Post-Quantum Cryptography and would you like to speak at our next conference?
We are now accepting proposals for presentations at the next Post-Quantum Cryptography Conference of the PKI Consortium, taking place in Europe after the summer of 2023.
https://pkic.org/2023/03/07/call-for-post-quantum-cryptography-presentations/
Coze: A cryptographic JSON messaging specification designed for human readability
https://github.com/Cyphrme/Coze
Discussions: https://discu.eu/q/https://github.com/Cyphrme/Coze
#compsci #cryptography #golang #programming #release #webdev
Planning Go 1.21 Cryptography Work https://words.filippo.io/dispatches/go-1-21-plan/ #go #cryptography
@hallam wants talk about "The Mathematical Mesh - A Fediverse PKI. User autonomy. End to end security, including direct messaging and E2E encrypted forums" at #FediForum next week.
If you are interested in serious #cryptography applied to the #Fediverse, this session is probably for you.
In an era of quantum computing "arms race", it is time to transition to quantum-safe systems.
Tutanota is well ahead of the race: We already have a working prototype with post-quantum secure encryption. Stay tuned for future updates! 🤓💪
#postquantumcryptography #encryption #cryptography
https://tutanota.com/blog/posts/cybersecurity-strategy-post-quantum-encryption
The #internet is broken. #cryptography is dead. We are all doomed. #Privacy is part of the past. Governments will know everything. Attackers will steal your #bitcoin. Quantumcomputer will kill privacy. All hyped b*llshit.
If you want to get a realistic view without all the hype and in a language normal guys understand, watch this video.
You won't be able to program a #quantumcomputer afterwards, but at least you will understand algorithms described by Peter Shor.
Behold, young followers. Let me give thou a fairest of warnings. I come from ancient times (10 years ago) where #crypto meant #cryptography and #ML meant Markup Language. Where HTML was seen by the elders as a simplified SGML that had no future. Where we hoped for bidirectional links a la Project Xanadu. If I may sound dismissive at times, it is because I come from those yonder times, where we hoped to build the Internet of People. We still hope. And build.
An "srandom" Linux kernel module source code project based on the xorshift PRNG that has been in development for 8+ years had made incorrect claims on security, inaccurate descriptions of the kernel CSPRNG, and offered some bad security advice.
For a bit of fun, I made a version of the end-to-end encrypted Kitten chat example that animates part of the ciphertext descrambling into the plaintext. Because why not have a little fun along the way?
Video: https://vimeo.com/smalltech/kitten-animated-e2ee-chat
#Kitten #SmallWeb #encryption #e2ee #cryptography #animation #web #dev
op SIDN.nl:
NIST faseert de 'SHA-1'-hash-functie volledig uit -- Controleer of je je ondertekende domeinen nog moet overzetten naar een modern DNSSEC-algoritme
https://www.sidn.nl/nieuws-en-blogs/nist-faseert-de-sha-1-hash-functie-volledig-uit
"Tien jaar geleden deed NIST SHA-1 al in de ban voor de toepassing in digitale handtekeningen. Nu dus ook voor alle andere toepassingen, waaronder HMAC (authenticatie van berichten op basis van een gedeelde sleutel), het genereren van random getallen en het hashen van paswoorden."
Introducing Polynonce, a novel attack against ECDSA.
New paper released, which tells the story of how researchers ran it against datasets like Bitcoin, and code so you can run the attack yourself and verify your systems aren’t vulnerable.
🆕 blog! “Offline Digital Currency Transactions”
Wouldn't it be good if digital currencies worked offline? I'm going to talk through a proposed user experience, and then discuss how it would work in practice. Let us imagine a future digital currency ₢. It might be fiat, it might be crypto, doesn't really matter. Alice loads up a smartcard with ₢100 and locks […]
👀 Read more: https://shkspr.mobi/blog/2023/03/offline-digital-currency-transactions/
⸻
#blockchain #crypto #cryptography