protocols – WindowsTechs.com

What patterns of security protocol (or protocol) match discourse between cultures, or class of people? [closed]

Posted on December 16, 2024 by Christopher

Beyond what they might have been inspired by, what protocols OSI2, OSI7, others have non syntactical name matching for what is done by people, government or agency, or wealth?
This is the center of my research at what I’m modeling between … Continue reading What patterns of security protocol (or protocol) match discourse between cultures, or class of people? [closed]→

Security Analysis of the MERGE Voting Protocol

Posted on November 25, 2024 by Bruce Schneier

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways.

Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions. The gap between theory and practice is large and unbridgeable for the foreseeable future. Promoters of this research project at DARPA, the agency that sponsored the research, should acknowledge that MERGE is internet voting (election results rely on votes transmitted over the internet except in the event of a full hand count) and refrain from claiming that it could be a component of trustworthy elections without sweeping changes to election law and election administration throughout the U.S…

Continue reading Security Analysis of the MERGE Voting Protocol→

Can other apps on my phone see the data advertised by a device if it has been connected via BLE to another app on my phone?

Posted on September 3, 2024 by Randomstudenttryingtolearn

I am just trying to learn something about Android / iOS BLE (Bluetooth Low Energy) or Bluetooth services.
Say I want to create an app that connects to an external device via BLE. If the device doesn’t have any extra encryption on an app le… Continue reading Can other apps on my phone see the data advertised by a device if it has been connected via BLE to another app on my phone?→

RADIUS Vulnerability

Posted on July 10, 2024 by Bruce Schneier

New attack against the RADIUS authentication protocol:

The Blast-RADIUS attack allows a man-in-the-middle attacker between the RADIUS client and server to forge a valid protocol accept message in response to a failed authentication request. This forgery could give the attacker access to network devices and services without the attacker guessing or brute forcing passwords or shared secrets. The attacker does not learn user credentials.

This is one of those vulnerabilities that comes with a cool name, its own website, and a logo.

News article. Research …

Continue reading RADIUS Vulnerability→

benefits of a common session key over a common password

Posted on July 8, 2024 by yolooow

Password-authenticated key exchange (PAKE) is a method in which two or more parties, based on their knowledge of a shared password,
establish a cryptographic key using an exchange of messages, such that
an unauthorized party (one who cont… Continue reading benefits of a common session key over a common password→

benefits of a common session key over a common password

Posted on July 8, 2024 by yolooow

Security considerations in choosing DTLS connection IDs

Posted on July 5, 2024 by Perseids

Are there any security concerns with choosing highly structured or short connection IDs for use in DTLS? For example:

32bit connection IDs handed out sequentially: There is obviously statistical data being revealed and wrapping around the… Continue reading Security considerations in choosing DTLS connection IDs→

Can puzzle-based data exchange enhance decentralized network security? [closed]

Posted on July 1, 2024 by Lesha

I’m a student and during one of my classes I came up with an idea about sharing data online. I’ll say right away that I’m not an expert, but rather an amateur who wants to share my thoughts and get your professional opinion.
So, if we take… Continue reading Can puzzle-based data exchange enhance decentralized network security? [closed]→

Could this method allow two people using weak cryptography to bootstrap their way to unbreakable cryptography (e.g. otp) [migrated]

Posted on June 12, 2024 by Faceplanted

Encryption schemes are usually explained to the general public in terms of "time required to break" where strong encryption like AES-256 should in theory take millions of years.
Given that secure random numbers streams are incomp… Continue reading Could this method allow two people using weak cryptography to bootstrap their way to unbreakable cryptography (e.g. otp) [migrated]→

Issue with -N Option in AFLNET: Fails to Parse Network Settings Correctly [closed]

Posted on June 1, 2024 by Mishaal Ahmed

I am facing a recurring issue when attempting to use the -N option to specify network settings for fuzzing an HTTP server. Despite following the syntax guidelines, AFLNET doesn’t seem to recognize the network settings correctly.
Commands U… Continue reading Issue with -N Option in AFLNET: Fails to Parse Network Settings Correctly [closed]→