Cryptography Cryptosystem Dependencies |
- Cryptosystem Dependencies
- Tor 0.3.2.9 released with support for v3 onions with elliptic-curve cryptography (SHA3/ed25519/curve25519 replaces SHA1/DH/RSA1024)
- Clarification needed on security of chaos based Cryptography techniques.
- Hugo Krawczyk and the OpenSSL team awarded the 2018 Levchin Prize for Advancements in Real-World Cryptography
- OpenSSL command cheatsheet
- How to manually check validity of certificate?
- How does IPSec prevent MITM attacks?
- Secure computation protocol for the simplest voting webapp?
- Cryptography as it relates to hardware wallets vs iOS SEP
| Posted: 10 Jan 2018 04:48 PM PST |
| Posted: 11 Jan 2018 01:56 AM PST |
| Clarification needed on security of chaos based Cryptography techniques. Posted: 11 Jan 2018 01:19 AM PST So I am working on Cryptography for my degree and I came across a lot of academic papers which use chaotic functions to generate a seemingly random stream of numbers which the authors then use as a key. Most of these schemes are implemented on images and use the correlation between adjacent pixels, NPCR and UACI as metrics to evaluate the encryption scheme. But they don't really provide any proof of security apart from their numbers being better than other research papers. My questions: How secure are these chaos based cryptosystems ? These chaotic functions behave in a similar way to Hash functions. So can these be used in place of, say, a SHA scheme ? Here are links to some of the papers (These are from Sciencedirect which is Elsevier's database so you might encounter a paywall) : [link] [comments]  |
| Posted: 10 Jan 2018 06:02 PM PST |
| Posted: 10 Jan 2018 12:28 PM PST |
| How to manually check validity of certificate? Posted: 10 Jan 2018 04:00 PM PST I'm just revising for my Cryptography exam and I'm up to X.509. A certificate has a bunch of information like version, serial, period of validity, subject public key.... etc... All of this is hashed then encrypted using the CAs private key to form a signature for the certificate. To check the validity in theory, I can just hash the certificate using the hash algorithm mentioned in the certificate (SHA-256), and decrypt the hash at the end of the certificate using the CAs public key. Finally compare the two hashes. I want to use Cryptool to do this but I'm struggling with figuring out what part I can put in and how to get the public key of the CA. I'm using FireFox, and I use StartPage. Clicking on the little green padlock and going to view the certificate allows you to export it into a .crt file. I'm stuck at this point. [link] [comments]  |
| How does IPSec prevent MITM attacks? Posted: 10 Jan 2018 05:45 AM PST First off, I don't know much about the IPSec crypto suite and I'm by no means a cryptography guru. I only have a superficial understanding of technologies such as TLS, PGP, Bitlocker and dmcrypt. From what I've gathered, IPSec does not depend on anything like a pre-distributed set of trusted root certificates which are commonly found in the world of HTTPS PKI. Secure communication involves the so-called "Security Association Database" but I think it is generated dynamically and is nothing like a certificate store, despite its name. This part made me wonder - how does IPSec prevent MITM? This may also depend on whether tunnel mode or transport mode is being used. From what I gathered, transport mode is preferred but cannot always be used due to technical constraints in bigger networks. Let's assume there are three nodes in my local ethernet network: A, B, C. A and C are uncompromised nodes communicating with each other via B, which is the compromised node performing the man-in-the-middle attack. A and C don't even know about the existence of B - they think they're directly connected to each other. So, assuming that B spoofs the ethernet MACs and the IPv6 addresses and everything correctly - how can either side tell they're being MITM-attacked if B has been in control since the start of the conversation? Is there some magic in the AH or even the ESP portion of the package that is capable of detecting this type of attack? Or is this something that IPSec isn't supposed to prevent in the first place? Did I get it all wrong? [link] [comments]  |
| Secure computation protocol for the simplest voting webapp? Posted: 10 Jan 2018 08:49 AM PST Hey guys, I'm trying to build a very simple voting web app as a small project for my university, mainly to broaden my skills and practice. I've built a big part of the app already but it would be interesting implementing a secure computation protocol. I'm not looking to make something amazing, I'm trying to keep it as basic as possible and learn something on the way. I'm using python I'm willing to use other languages too. Do you have any suggestions on what to use? I've looked online a bit and the SPDZ protocol caught my attention. Any disadvantages in using it? What would be easy enough and simple to implement and still secure and not completely outdated? It would be really interesting as a final product to introduce both versions of the app and show how one is more secure than the other. [link] [comments]  |
| Cryptography as it relates to hardware wallets vs iOS SEP Posted: 10 Jan 2018 12:37 PM PST Is there a reason to use a Ledger/Trezor hardware wallet if there are wallets like Jaxx that do not store keys on the device and iOS's SEP (iPhone 7 and above) is the best in the world? Even cryptography researchers have said that Apple's security hardware design is more advanced than any competitor's on the planet. So if the iOS device is already a hardware wallet and has a security processor that is just as good as Ledger/Trezor if not better, is there a reason to buy a hardware wallet if you already own an iOS device? I already know that the SEP key was posted online but this does not affect the security of the SEP in (new) iPhones. The key should be able to decrypt an older iPhone 5s IMG4 SEP image, but does not affect the security of the content. And even then the wallet keys are not stored on the device. Only the seed phrase is stored on the device and it's encrypted on the device/sandbox. I'd like to hear your opinions and see data proving that Ledger/Trezor is more secure than a newer iOS device. [link] [comments]  |
![[link]](https://i.redd.it/rlqipbvp5c901.png){kind=link}
| You are subscribed to email updates from Cryptography news and discussions. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment