Cryptography – WindowsTechs.com

Compromising the Secure Boot Process

Posted on July 26, 2024 by Bruce Schneier

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon/Ryzen2000_4000.git, and it’s not clear when it was taken down…

Continue reading Compromising the Secure Boot Process→

In TLS1.3 server hello can the legacy version field set to 0x0304

Posted on July 24, 2024 by hjhjh

As part of TLS1.3 handshake client hello sent containing the TLS1.3 version support as part of suppored_versions extension, consider if as part of server hello supported_versions extension is not present, but Legacy_version is set to 0x030… Continue reading In TLS1.3 server hello can the legacy version field set to 0x0304→

Can linear congruential generator be used in public-key cryptography? [closed]

Posted on July 23, 2024 by Ivan Stepanov

The question is not about generating pseudo-random numbers with linear congruential generator.
A linear congruential generator (LCG) is defined by the recurrence relation:
[ X_{n+1} = (a X_n + c) \mod m ]
Can LCG be used in public-key cryp… Continue reading Can linear congruential generator be used in public-key cryptography? [closed]→

What exactly is the Randstorm vulnerability?

Posted on July 21, 2024 by Maltoon Yezi

I’ve read the article from Unciphered about it, multiple times, and still fail to understand it.
It basically says that wallets generated by the BitcoinJS front-end library from 2011 to 2015 are vulnerable because of poor randomness genera… Continue reading What exactly is the Randstorm vulnerability?→

what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested

Posted on July 17, 2024 by hjhjh

"The KeyUpdate handshake message is used to indicate that the sender is updating its sending cryptographic keys."
"If the request_update field is set to "update_requested", then the receiver MUST send a KeyUpdate o… Continue reading what should be the response of keyupdate if the initial KeyUpdateRequest is set to update_not_requested not update_requested→

Undo Arduino Encryption with an Oscilloscope

Posted on July 14, 2024 by Elliot Williams

Cryptography ain’t easy. Seemingly small details like how many times a computationally intensive loop runs can give the game away. [Lord Feistel] gives us a demo of how this could …read more Continue reading Undo Arduino Encryption with an Oscilloscope→

benefits of a common session key over a common password

Posted on July 8, 2024 by yolooow

Password-authenticated key exchange (PAKE) is a method in which two or more parties, based on their knowledge of a shared password,
establish a cryptographic key using an exchange of messages, such that
an unauthorized party (one who cont… Continue reading benefits of a common session key over a common password→

benefits of a common session key over a common password

Posted on July 8, 2024 by yolooow

Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt

Posted on July 8, 2024 by jamesgaddum

I’m working on a project where I want to generate a set of crypto wallet seed phrases from an existing seed phrase. The reason for this is so that using just the original seed phrase the wallet holder can access multiple connected accounts… Continue reading Security Risks of Deriving Crypto Wallet Seed Phrases Using Deterministically Derived Salt→

Security considerations in choosing DTLS connection IDs

Posted on July 5, 2024 by Perseids

Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:

32bit connection IDs handed out sequentially: There is obviously statistical data being revealed and wrapping around the… Continue reading Security considerations in choosing DTLS connection IDs→