Collaborate Disseminate
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with … Continue reading Attack on Old ANSI Random Number Generator
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent blog post on the research…. Continue reading Attack on Old ANSI Random Number Generator
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize all of them. For example,… Continue reading Security Flaw in Infineon Smart Cards and TPMs
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generate… Continue reading Security Flaw in Infineon Smart Cards and TPMs
As part of a cryptanalytic attack I’ve carried out, I used a divide-and-conquer strategy to divide the secret key $k$ into several equal-sized partial keys $k = {k_1, k_2, …}$.
The attack works successfully against these p… Continue reading Cracking a key using a combination of partial keys [migrated]
Disclaimer: I have very very little experience with ransomware/encryption, so I’m sorry if I ask something stupid.
Ransomware attacks are all over the news, especially this year. And this got me wondering of a very typical… Continue reading Can you find the ransomware key if you already have decrypted files?
As a premise, I have to say that I have already done my reading here, but I have found nothing useful. As a challenge, a friend of mine gave me a list of random integers (around 5000; looks like they’re uniformly distributed … Continue reading Cracking an unknown random number generator
Consider the random generator function in https://www.libsdl.org/tmp/SDL/src/test/SDL_test_random.c
A simplified version is provided below (this is C++, mind that “seed” is a reference):
uint32_t Rand(uint64_t& seed)
{
seed = 1683268614LL * (seed & 0xffffffff) + (seed >> 32);
return seed & 0xffffffff;
}
This is almost a linear congruential generator (LCG), the only difference is that the increment is not a constant, but a part of the seed itself.
My question is on the security of this algorithm, since LCGs are very easy to break.
Does using a non constant increment improve or decrease security? How could this be cracked other than by bruteforceing it?
Continue reading Linear congruential generator with non constant increment [migrated]
The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It’s based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are mostly inscrutable to anyone without a Ph.D. in a related field, but… Continue reading NSA Brute-Force Keysearch Machine
In the Web and in certain online dictionaries, I see both terms: cryptanalysis and cryptoanalysis, the former being much more prevalent. Is the second form wrong? If both forms are correct, what is the semantic difference?
E… Continue reading cryptanalysis vs cryptoanalysis [on hold]