Categories
Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]

Categories
Cryptography

Elliptic Curve Diffie-Hellman for Humans and Furries

Suppose you need to encrypt data between two peer-to-peer devices over an untrusted medium (i.e. the Internet), and you have an authenticated low-bandwidth channel that can be used to send and authenticate a few bytes (less than 100), but that channel isn’t itself encrypted (otherwise it’d be a chicken-and-egg problem). Aside: If it helps your […]

Categories
Cryptography

Authenticated Key Exchanges

Authenticated Key Exchanges are an interesting and important building block in any protocol that aims to allow people to communicate privately over an untrusted medium (i.e. the Internet). What’s an AKE? At their core, Authenticated Key Exchanges (AKEs for short) combine two different classes of protocol. An authentication mechanism, such as a MAC or a […]

Categories
Uncategorized

Welcome to Soatok.blog

Hi, I’m Soatok! I’m a bit of what you might call a nerd. This will the future home of my musings, side projects, and research notes. You can expect less “here’s me explaining a thing I’m an expert in” and more “here’s me writing about learning new stuff”. I will also be writing about the […]