Published in ASecuritySite: When Bob Met Alice·PinnedMember-onlyThe Strange Tale of Dual_EC_DRBGJulian Assange being arrested recently brought back memories of how he leaked Edward Snowden’s memos around the possible existence of an NSA-sourced cryptographic backdoor — the Dual EC standard (Dual_EC_DRBG). So let’s dive into the method and the trap door, and see the “magic” behind it. With Elliptic Curve methods…Security5 min readSecurity5 min read
Published in ASecuritySite: When Bob Met Alice·15 hours agoRoute SummarizationWe often take network routing for granted, but in an instance, it could bring down the whole of the Internet. Along with IP, TCP, Ethernet and ARP, it was the thing that allowed the Internet to scale up. With this, I can turn my computer on, and almost instantly it…Networking3 min readNetworking3 min read
1 day agoSpotting RandomnessYou are gambling in a casino and there seems to be rather too many occurrences of a certain number. So how can you tell if the casino is cheating? Well, we would measure the entropy of the system, and determine how random the numbers were. Encrypted content tends not to…Cryptography3 min readCryptography3 min read
Published in ASecuritySite: When Bob Met Alice·3 days agoAt The Core of Cybersecurity Is “The Secret”: And The Great Protector is PBKDF2At the core of cybersecurity is the secret. What does that mean? Well, somewhere on your system, there are core secrets that protect you from Eve and Mallory. If they discover these secrets, your environment will likely be compromised in some way. These are likely to relate to your password…Cybersecurity4 min readCybersecurity4 min read
Published in ASecuritySite: When Bob Met Alice·3 days agoMicrosoft’s Little Secret: Encrypting Passwords and KeysAre you a cybersecurity professional? If yes, do you know if Windows encrypts your password? If you don’t know, then read on, and let’s look at Microsoft’s little secret. In the password, Windows used the MD4 hashing method, and which meant that it was fairly easy to crack the password…Cryptography3 min readCryptography3 min read
Published in ASecuritySite: When Bob Met Alice·6 days agoMember-onlyCybersecurity Is Beautiful and Magical!Don’t you get tired of searching for a cybersecurity-related image, and end up with endless images of “hackers with hoodies” and blurred lines of JavaScript code? And, sometimes, don’t you just find cybersecurity presentations to be a little boring … “Beware of clicking on the spear phishing email!”, “The only…Cybersecurity5 min readCybersecurity5 min read
Published in ASecuritySite: When Bob Met Alice·Mar 15Member-onlyOvercoming Dragonblood: Hashing Data To An Elliptic Curve Point (or Scalar) In A Constant TimeLet’s say we have almost 2²⁵⁶ integer point values. This will give us 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 different (x,y) points. …Cryptography6 min readCryptography6 min read
Published in ASecuritySite: When Bob Met Alice·Mar 15Member-onlyFor Improved Wifi Security, It’s Hello To DragonFly (WPA3)Like it or not, WPA2 is not secure and can be cracked using an offline dictionary attack. The core strength of the handshake between the client and the access point is the strength of the difficulty in cracking a PBKDF2 hash. If a user’s password is contained in a dictionary…Cryptography3 min readCryptography3 min read
Mar 12Member-onlyThe People Who Got Me Into Cybersecurity and Cryptography … Marty Hellman, Neal Koblitz and Bruce SchneierIt’s not often you get to chat with the people who got you into what you do just now, but, over the past couple of weeks, I have been lucky enough to do that. So, who were they? So, the first is Bruce Schneier, and he came along and chatted…Cryptography4 min readCryptography4 min read
Published in ASecuritySite: When Bob Met Alice·Mar 9Member-onlyWhat Happens If I Don’t Trust The Dealer in a Card Game: A Bit of Mental Poker in a Distributed WorldOkay. You have 52 cards, and you have five people in the game ( Alice, Bob, Carol, Dave and Eve), and they are all remote and none of them trusts any dealer. So how can you create a game, where we shuffle the cards, and where each player will get…Cryptography7 min readCryptography7 min read