Collaborate Disseminate
Nowadays lots of big websites are using traffic analysis fingerprinting. They check/compare the response of every user’s packets size, type, frequency time interval/duration to the set of responses they have already available… Continue reading How to avoid Traffic Analysis by generating unique response everytime?
New paper: "A Simple Power Analysis Attack on the Twofish Key Schedule." This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the computer. I wrote a paper… Continue reading Twofish Power Analysis Attack
New paper: "A Simple Power Analysis Attack on the Twofish Key Schedule." This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the computer. I wrote a paper… Continue reading Twofish Power Analysis Attack
Project Wycheproof is a tool to test crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. At Google, they rely on many third party cryptographic software li… Continue reading Wycheproof – Test Crypto Libraries Against Known Attacks
Google has released Project Wycheproof a test suite designed to test cryptographic libraries against a series of known attacks. From a blog post: In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to… Continue reading Google Releases Crypto Test Suite
We’ve long known that 64 bits is too small for a block cipher these days. That’s why new block ciphers like AES have 128-bit, or larger, block sizes. The insecurity of the smaller block is nicely illustrated by a new attack called "Sweet32." It exploits the ability to find block collisions in Internet protocols to decrypt some traffic, even through… Continue reading Collision Attacks Against 64-Bit Block Ciphers
I’ve been reading up on GUIDs. According to the Wiki:
Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given full knowledge of the internal state, it is possible to p… Continue reading With a very large number of GUIDs, can one predict the previous and subsequent GUIDs that will be generated?
News has been bubbling about an announcement by Google that it’s starting to experiment with public-key cryptography that’s resistant to cryptanalysis by a quantum computer. Specifically, it’s experimenting with the New Hope algorithm. It’s certainly interesting that Google is thinking about this, and probably okay that it’s available in the Canary version of Chrome, but this algorithm is by no… Continue reading Google’s Post-Quantum Cryptography
The Zodiac Killer was a serial killer in the late 60’s and early 70’s. The twist is, he would frequently taunt the local press with cryptic letters. Four of these letters were actually encoded, but only one has been cracked… Continue reading Why haven’t (most of) the Zodiac Killer’s letters been decrypted? [closed]
I designed an authentication protocol for consumer-producer applications, which barrows features from Kerberos and Tesla.
To check the strength of protocol I considered different well known attacks like Parallel session, Replay, Binding a… Continue reading What are the formal methods to analyze Authentication Protocol