CodesInChaos
@CodesInChaos
C# programmer and cryptography enthusiast
You might like
`plnlrtfpijpuhqylxbgqiiyipieyxvfsavzgxbbcfusqkozwpngsyejqlmjsytrmd` and `eBkXQTfuBqp'cTcar&g*` have the same PBKDF2-HMAC-SHA1 hash
OMG. Does Intel have broken speculative execution? "AMD ... does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode when that access would result in a page fault." lkml.org/lkml/2017/12/2…
Intent To Deprecate And Remove: Public Key Pinning (in Chromium) groups.google.com/a/chromium.org…
Is there a known technique for finding fixed points in the full SHA-256 compression function? crypto.stackexchange.com/q/48580/180
We clearly need sth. like Certificate Transparency for software updates. Doesn't prevent malicious updates, but helps with detecting them.
A new mode of operation suggested in UK: Encrypt-then-serve-time. Security arguments are far from being convincing.
@fugueish @ErrataRob If size_t is smaller than int, wouldn't the multiplication promote to int, causing UB via signed int overflow?
.@veorq My SHA512 impl. tests 3 update calls with various sizes and compares against result of single update. github.com/CodesInChaos/C…
Thursday, an OpenSSL patch will be released for 1.0.1 and 1.0.2 that fixes a "high" severity security bug mta.openssl.org/pipermail/open… via HN
Have You Ever Tried to Sell a Diamond? (the Atlantic article from 1982) theatlantic.com/magazine/archi… @byrneseyeview @zooko
Twitter CSRF bypass, fixed and published. hackerone.com/reports/14883 Freaking AWESOME research and discovery. (mindblown)
Awesome new vulnerability website: backronym.fail (vulnerability itself is boring, just ssl strip against mysql) #BACKRONYM
.@patientdoctor Only cool if you think sending cheap to compute and effectively unsalted password hashes to a third party is a good idea.
My contribution to 1 year Heartbleed: Experiment how Heartbleed could've been found with fuzzing blog.hboeck.de/archives/868-H… /cc @lcamtuf
.@mrkoot Be strict in what you accept, but include well defined extension points. Flat list of key-value pairs is usually good for extension
The 4 round biases given in section 4 of the paper match my results. Perhaps I'll add ChaCha and NORX later. @veorq @sevenps
Wrote a program to find biases in (round reduced) Salsa20. Code: github.com/CodesInChaos/S… Results: github.com/CodesInChaos/S… @sevenps @veorq
github.com
GitHub - CodesInChaos/SalsaBias
Contribute to CodesInChaos/SalsaBias development by creating an account on GitHub.
.@dakami @solardiz Somebody built an HMAC based stream cipher that breaks down for long keys due to this property. crypto.stackexchange.com/q/5740/180
@will_in_wi Seems to be in the developer version of chromium:
Resource Integrity now landing in Blink: <script src="file.js" integrity="ni://sha256;BpfBw7ivV8q2jLiT13…"></script> codereview.chromium.org/566083003/
United States Trends
- 1. Sonny Gray 7,546 posts
- 2. Rush Hour 4 10.2K posts
- 3. Godzilla 21K posts
- 4. Dick Fitts N/A
- 5. Red Sox 7,388 posts
- 6. Raising Arizona N/A
- 7. National Treasure 5,643 posts
- 8. Chelsea 328K posts
- 9. Happy Thanksgiving 21.9K posts
- 10. Gone in 60 2,054 posts
- 11. 50 Cent 4,760 posts
- 12. Giolito N/A
- 13. Clarke 6,567 posts
- 14. Brett Ratner 3,218 posts
- 15. #yummymeets N/A
- 16. Valley Girl N/A
- 17. #ThanksYouTube N/A
- 18. Remember the Time 21.2K posts
- 19. Lord of War 1,488 posts
- 20. Ghost Rider 2,468 posts
You might like
-
Tanja Lange
@hyperelliptic -
JP Aumasson
@veorq -
Daniel J. Bernstein
@hashbreaker -
Julien Vanegue
@jvanegue -
Philipp Jovanovic 🇪🇺
@Daeinar -
Alex Biryukov
@alexcryptan -
Ben Laurie
@BenLaurie -
Pepe Vila
@cgvwzq -
The Keccak Team
@KeccakTeam -
Taylor Hornby 🛡❤️
@DefuseSec -
mjos\dwez @m-jos.bsky.social
@mjos_crypto -
Brian Smith
@BRIAN_____ -
Justin Troutman
@justintroutman
Something went wrong.
Something went wrong.