Collaborate Disseminate
Circom is a circuit language capable of generating zero-knowledge proofs, which involves some input signals and output signals. If all the input and output signals during the generation of the zero-knowledge proof are public, meaning that … Continue reading The issue of public/private signals when generating zero-knowledge proofs with Circom [migrated]
Suppose you need to define for an organization what should be considered an information security incident which, when observed, triggers security incident response (investigate, contain, eradicate, recover – details of which might also nee… Continue reading Is loss of availability automatically a security incident?
Information security was the topic of my Ph.D. dissertation, but I was investigating a rather specific sort of issue, and I am now starting to think about the notion of (information) security in broader terms. Ross Anderson’s book Security… Continue reading Books about security patterns and anti-patterns?
The context is described in another of my question, and is as follow : i’ve got to securely store identifiers, called TIP. We need (1) a method to derive always the same UID from a TIP, so that no one can do the reverse operation, except … Continue reading PGP keys as a hashing method
Here is my situation : we’ve got ID, named TIP, from remote and large databases. We want to store all the data, but laws prevents us to store the TIP directly, but rather anonymize them, for security reasons, as these TIP are, indeed, iden… Continue reading What to do if i have no salt?
Ken Thompson’s famous trusting trust paper describes an attack wherein a compiler is subverted, and subsequently subverts all software it compiles, including itself. I have always thought the idea of the trusting trust attack is somewhat f… Continue reading Practical examples of a trusting trust attack
I read about a concept that went something like "access equals authorization," the idea being that there is something secured, and if someone manages to get into it, then they have proven themselves to be allowed to see it. Essen… Continue reading What’s the term/aphorism for a security practice where access equals authorization?
Do you ever get a project stuck in your mind? An idea so good you just keep thinking about it? Going over iterations and options and pros and cons in …read more Continue reading Dream Projects Face Reality
This question is purely theoretical, I have no intention of ever implementing this scheme in practice. I’m familiar with the shortcomings of sleeping as means of mitigating timing attacks. I’m more interested in this from the attacker’s pe… Continue reading Does this theoretical salted-hash-sleep scheme mitigate timing attacks?
My son was into “Secret Coders“, a graphic novel series wherein a pair of kids discover and thwart a plot to take over the world by learning to program in …read more Continue reading The Real World Strikes Back