Category: cryptography

Auto Added by WPeMatico

The CIA's “Development Tradecraft DOs and DON'Ts”

Posted on By infossl
cia, cryptography, encryption, hacking, malware, Security technology, tradecraft

Useful best practices for malware writers, courtesy of the CIA. Seems like a lot of good advice. General: DO obfuscate or encrypt all strings and configuration data that directly relate to tool functionality. Consideration should be made to also only de-obfuscating strings in-memory at the moment the data is needed. When a previously de-obfuscated value … Read More “The CIA's “Development Tradecraft DOs and DON'Ts”” »

More on the CIA Document Leak

Posted on By infossl
cia, cryptography, leaks, malware, russia, Security technology, wikileaks

If I had to guess right now, I’d say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It’s exactly what you’d expect the CIA to be doing in cyberspace. That makes the whistleblower motive less likely. And … Read More “More on the CIA Document Leak” »

Twofish Power Analysis Attack

Posted on By infossl
academicpapers, cryptanalysis, cryptography, encryption, Security technology, sidechannelattacks, twofish

New paper: “A Simple Power Analysis Attack on the Twofish Key Schedule.” This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the … Read More “Twofish Power Analysis Attack” »

Let's Encrypt Is Making Web Encryption Easier

Posted on By infossl
academicpapers, certificates, cryptography, encryption, Security technology

That’s the conclusion of a research paper: Once [costs and complexity] are eliminated, it enables big hosting providers to issue and deploy certificates for their customers in bulk, thus quickly and automatically enable encryption across a large number of domains. For example, we have shown that currently, 47% of LE certified domains are hosted at … Read More “Let's Encrypt Is Making Web Encryption Easier” »

Whistleblower Investigative Report on NSA Suite B Cryptography

Posted on By infossl
algorithms, cryptography, encryption, nsa, Security technology, whistleblowers

The NSA has been abandoning secret and proprietary cryptographic algorithms in favor of commercial public algorithms, generally known as “Suite B.” In 2010, an NSA employee filed some sort of whistleblower complaint, alleging that this move is both insecure and wasteful. The US DoD Inspector General investigated and wrote a report in 2011. The report … Read More “Whistleblower Investigative Report on NSA Suite B Cryptography” »

Self-Propagating Smart Light Bulb Worm

Posted on By infossl
academicpapers, aes, authentication, cryptography, encryption, internetofthings, malware, Security technology, sidechannelattacks

This is exactly the sort of Internet-of-Things attack that has me worried: “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten. Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat … Read More “Self-Propagating Smart Light Bulb Worm” »

Hacking Bridge-Hand Generation Software

Posted on By infossl
cheating, cryptography, games, hacking, Security technology

Interesting: Roughly three weeks later, there is a operation program available to crack ACBL hand records. Given three consecutive boards, all the remaining boards for that session can be determined. The program can be easily parallelized. This analysis can be finished while sessions are still running this would permit the following type of attack: A … Read More “Hacking Bridge-Hand Generation Software” »