Collaborate Disseminate
Is it possible for an unauthenticated bystander to force reassociation/reauthentication of a pair of Bluetooth 2.1 devices in a manner similar to IEEE 802.11i deauths? Bluetooth 2.1 (BR/EDR) uses Simple Secure Pairing (SSP) w… Continue reading Non-invasively forcing reauthentication in Bluetooth 2.1
According to the end of RFC 4253 § 6, the random padding introduced to each SSH packet is an arbitrary multiple of 8. It mentions that random padding lengths can mitigate traffic analysis:
Note that the length of the conc… Continue reading Does OpenSSH use padding of random lengths?
On Linux, it is possible for userspace to mix arbitrary data with the kernel entropy pool by writing to the /dev/urandom device. Is there any equivalent on Windows which does not require SYSTEM?
Continue reading Injecting data into the Windows entropy pool
It was mentioned that JPEG should not be used between image creation and redaction of sensitive contents, because compression artifacts around the redacted area may leak information. Given how this lossy format works, this makes sense. Is … Continue reading JPEG artifacts leaking information about redacted contents
When using a TPM to provide integrity measurements for a system via SRTM, the trusted computing base is reduced to only the TPM and CRTM. The CRTM is a component of the BIOS (specifically the bootblock) which executes first and allows the … Continue reading Verifying that the CRTM is read-only for the purpose of trusted computing
The Linux kernel’s randomness driver collects entropy from the environment. Because there will be little entropy during boot, a random seed is often kept at /var/lib/misc/random-seed or a similar location. When the system shuts down, a new… Continue reading Random seed not propagating to the entropy pools in a timely manner
A comment on a Microsoft blog from 2005 mentions over 150 sources of entropy for the Windows CryptGenRandom function. The majority of sources come from low-level system information (precise stat counters), the process’ environment block, h… Continue reading Entropy sources used by modern Windows
According to the second draft of the TLS 1.3 specification, custom DH groups have been deprecated. As we all know, hardcoded DH groups are vulnerable to a precomputation attack that allows retroactive decryption. Since TLS 1.3 doesn’t depr… Continue reading Why does TLS 1.3 deprecate custom DHE groups?
The JavaScript Math.random() function is designed to return a single IEEE floating point value n such that 0 ≤ n < 1. It is (or at least should be) widely known that the output is not cryptographically secure. Most modern implementation… Continue reading Why is Math.random() not designed to be cryptographically secure?
GCC 6 has a flag, -mmitigate-rop, which compiles binaries in a way that reduces the number gadgets exploitable by ROP. The GCC documentation explaining this feature is minimal:
-mmitigate-rop
Try to avoid generating cod… Continue reading How does GCC’s -mmitigate-rop work?