Collaborate Disseminate
My organization within my company uses this KEX Algorithm in our SSH Implementation.
Another organization within my company won’t connect to our servers as long as this algorithm is implemented as they claim it is “weak and vulnerable”. … Continue reading ECDH_SHA2_NISTP256 (KEX) Algorithm in SSH – Vulnerabilities?
I am currently learning about the Diffie-Helman key exchange. I understand that for a g of 1, you’re resulting key would always end up as one which would obviously not be secure. However, I read that a p – 1 value for g is not secure but i… Continue reading For Diffie-Helman, why is a g value of p − 1 not a suitable choice? [migrated]
I am designing a basic KMS based on a simple HSM, I only have access to: AES256, SHA256, PBKDF2, HMAC (and combinations like AES256-HMAC-SHA256).
The admin and the users of the system have a personal HSM where the keys are stored and it wo… Continue reading Establish a symmetric key: KDF based on shared secret and random salt or key wrapping?
I have an Ansible script that setup google chrome apt repo. I keep Google’s signing key together with the scripts (rather than download it every time) because I think it minimizes the chance of getting malicious key (TOFU security model).
… Continue reading How to verify that Google’s apt signing key change is not malicious?
I am using an Android SDK to test some API calls to Backend. I have already a keystore with certificate inside. I am using a Powermockito to mock some app features because I am only trying to call an API.
When I run my JUnit Test, i get … Continue reading Failed to load AndroidKeyStore [migrated]
TL;DR: Is it possible to have both sides of a SSL/TLS connection have the same public and private key, so long as that public key is trusted by both sides?
More info if helpful:
I’m trying to test how I’d setup having Java application co… Continue reading Can I use the same truststore and keystore on the client and the server?
I am interested in algorithms that consume as less space available on a memory, for low consuming power devices such as wireless nodes. From a search I have found this article here:
https://dl.acm.org/doi/pdf/10.1145/2103380… Continue reading Security of the Half-Key Key Management Scheme
I have almost 0 knowledge of IoT, their protocols and usual device constraints. I had a discussion today with someone that has a fair amount of IoT experience and we were discussing some security related issues and the establ… Continue reading Using Diffie-Hellman exchange on low power IoT devices
The IKE_SA_INIT does create a key seed SKEYSEED from the Diffie-Hellman values and nonces. Since the exchange does sharing the secret between the communication partners, I do not understand why it is not enough for authentication.
The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You’ve read all the code in the client, or someone you tr… Continue reading How can I verify Keybase’s end-to-end encryption between me and a friend?