Categories
Cryptography Software Security

The Subtle Hazards of Real-World Cryptography

Imagine you’re a software developer, and you need to authenticate users based on a username and password. If you’re well-read on the industry standard best practices, you’ll probably elect to use something like bcrypt, scrypt, Argon2id, or PBKDF2. (If you thought to use something else, you’re almost certainly doing it wrong.) Let’s say, due to […]

Categories
Cryptography Software Security

Dead Ends in Cryptanalysis #1: Length Extension Attacks

This is the first entry in a (potentially infinite) series of dead end roads in the field of cryptanalysis. Cryptography engineering is one of many specialties within the wider field of security engineering. Security engineering is a discipline that chiefly concerns itself with studying how systems fail in order to build better systems–ones that are […]

Categories
Cryptocurrency

Kerlissions – Trivial Collisions in Iota’s Hash Function (Kerl)

Historical Context of Iota’s Hash Functions Once upon a time, researchers discovered that the hash function used within the Iota cryptocurrency (Curl-P), was vulnerable to practical collisions. When pressed about this, the Iota Foundation said the following: In response to this research, the Iota developers threatened to sue the researchers. Iota replaced Curl-P-27 with a […]