Categories
Cryptography Software Security Vulnerability

Cryptographic Agility and Superior Alternatives

Cryptographic agility is a vaguely defined property, but is commonly understood to mean, “Able to quickly swap between cryptographic primitives in response to new attacks.” Wikipedia defines cryptographic agility as: Cryptographic agility is a practice paradigm in designing information security protocols and standards in a way so that they can support multiple cryptographic primitives and […]

Categories
Software Security Vulnerability

When Soatok Used Bugcrowd

and Got Banned for Doing the Right Thing

Categories
Cryptography Software Security

Using RSA Securely in 2022

If you really must support RSA in 2022, here’s some things to keep in mind.

Categories
Cryptography Software Security Vulnerability

Threema: Three Strikes, You’re Out

Threema boldly claims to be more secure than Signal. Does this hold up to scrutiny?

Categories
Cryptography Software Security

Canonicalization Attacks Against MACs and Signatures

Canonicalization Attacks occur when a protocol that feeds data into a hash function used in a Message Authentication Code (MAC) or Digital Signature calculation fails to ensure some property that’s expected of the overall protocol. The textbook example of a canonicalization attack is the length-extension attack against hash functions such as MD5–which famously broke the […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #2: Timing Side-Channels

Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of side-channel cryptanalysis is one of the subjects I’m deeply fascinated by, and it’s something you’ll hear me yap about a lot on this blog in the future. […]

Categories
Cryptography Software Security

Cryptography Interface Design is a Security Concern

Cryptographers and cryptography engineers love to talk about the latest attacks and how to mitigate them. LadderLeak breaks ECDSA with less than 1 bit of nonce leakage? Raccoon attack brings the Hidden Number attack to finite field Diffie-Hellman in TLS? And while this sort of research is important and fun, most software developers have much […]

Categories
Badness Cryptography Software Security Vulnerability

On The Toxicity of Zed A. Shaw

Boycott Zed Shaw’s writing. (With bonus zero-days in his work.)

Categories
Cryptography Software Security

Please Stop Encrypting with RSA Directly

RSA is for encrypting symmetric keys, not entire messages. Pass it on.

Categories
Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #1: Length Extension Attacks

This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis. Cryptography engineering is one of many specialties within the wider field of security engineering. Security engineering is a discipline that chiefly concerns itself with studying how systems fail in order to build better systems–ones that are […]

Categories
Badness Software Security Vulnerability

EduTech Spyware is Still Spyware: Proctorio Edition

Spyware written for educational institutions to flex their muscles of control over students and their families when learning from their home computer is still, categorically, spyware. Depending on your persuasion, the previous sentence sounds like either needless pedantry, or it reads like tautology. But we need to be clear on our terms. Educational spyware is […]

Categories
Cryptography Software Security

Soatok’s Guide to Side-Channel Attacks

If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels. The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation […]

Categories
Cryptography Software Security

GNU: A Heuristic for Bad Cryptography

If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree. This is as true of GnuPG (and PGP in general) as it is of designs like the proposed GNU Name System (IETF draft) and cryptographic […]

Categories
Humor Software Security Vulnerability

Why Server-Side Input Validation Matters

Update (2020-04-29): Twitter has fixed their oversight. Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text. The original article follows after the separator. I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve […]

Categories
Software Security

“Source Code Leak” is Effectively Meaningless to Endpoint Security

There are two news stories today. Unfortunately, some people have difficulty uncoupling the two. The Team Fortress 2 Source Code has been leaked. Hackers discovered a Remote Code Execution exploit. The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient […]