• Breaking News

    Monday, February 18, 2019

    Home Unlabelled Cryptography What is the BLS signature scheme?

    Cryptography What is the BLS signature scheme?

    February 18, 2019

    Cryptography What is the BLS signature scheme?

    What is the BLS signature scheme?

    Posted: 17 Feb 2019 09:19 AM PST

    Grab my crypto red packet!

    Posted: 18 Feb 2019 01:40 AM PST

    Pentesterlab. ECDSA challenge

    Posted: 17 Feb 2019 11:05 AM PST

    Hi there,

    I am struggling with Pentesterlab challenge: https://pentesterlab.com/exercises/ecdsa

    I'm wondering who can give some lights on how to resolve some steps in this challenge. You can read about similar challenge there - https://ropnroll.co.uk/2017/05/breaking-ecdsa/

    I suppose I have problems with extracting (r,s) from ESDCA (SECP256k1) signature (here details - https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm)

    I even try to brute-force all possible (r,s) values but no luck. Every time I receive error 500.

    Input_data (2 cookies in base64):

    cookie1_b64 = "dGVzdDEtLTBFAiAvi95NGgcgk1W0pyUKXFEo6IuEvdxhmrfLqNVpskDv5AIhAPIKmKXHWWWlQmeYNW5LRJwQsEBTLhM%2FYteAhVX5HAwE"
    cookie2_b64 = "dGVzdDItLTBFAiAvi95NGgcgk1W0pyUKXFEo6IuEvdxhmrfLqNVpskDv5AIhAP%2FROxry83vNbSS6ap4fiR2aokEvsRL3jXxT9WEuDlCq" 

    def recover_key(c1, sig1, c2, sig2, r_len, s_len): n = SECP256k1.order cookies = {} for s_idx in range(s_len, s_len + 2): for r_idx in range(r_len, r_len + 2): s1 = string_to_number(sig1[0 - s_idx:]) s2 = string_to_number(sig2[0 - s_idx:]) # https://bitcoin.stackexchange.com/questions/58853/how-do-you-figure-out-the-r-and-s-out-of-a-signature-using-python r1 = string_to_number(sig1[0 - (s_idx + r_idx + 2):0 - (s_idx)]) r2 = string_to_number(sig2[0 - (s_idx + r_idx + 2):0 - (s_idx)]) z1 = string_to_number(sha2(c1)) z2 = string_to_number(sha2(c2)) # Find cryptographically secure random k = (((z1 - z2) % n) * inverse_mod((s1 - s2), n)) % n # k = len(login1) # Recover private key da1 = ((((s1 * k) % n) - z1) * inverse_mod(r1, n)) % n # da2 = ((((s2 * k) % n) - z2) * inverse_mod(r2, n)) % n # SECP256k1 is the Bitcoin elliptic curve sk = SigningKey.from_secret_exponent(da1, curve=SECP256k1, hashfunc=hashlib.sha256) # create the signature login_tgt = "admin" # Sign account login_hash = sha2(login_tgt) signature = sk.sign(login_hash, k=k) # Create signature key sig_dic_key = "r" + str(r_idx) + "s" + str(s_idx) try: # because who trusts python vk = sk.get_verifying_key() vk.verify(signature, login_hash) print(sig_dic_key, " - good signature") except BadSignatureError: print(sig_dic_key, " - BAD SIGNATURE")

    Its very interesting challenge and I want to break ECDSA finally.

    Thanks in advance

    submitted by /u/unk1nd0n3
    [link] [comments]

    A question about cryptopals problem 6

    Posted: 17 Feb 2019 07:05 AM PST

    I am working through the cryptopals problems for the second time. The first time I used them mainly as an exercise to learn to code but this time I am trying to understand each step as thoroughly as possible.

    First though, I know that problem 6 deals more with subject matter found on r/codes but I am looking for relation to cryptographic relevance as well so I am posting here.

    For the most part I understand the problem, excepting the 4th step:

    "The KEYSIZE with the smallest normalized edit distance is probably the key. You could proceed perhaps with the smallest 2-3 KEYSIZE values. Or take 4 KEYSIZE blocks instead of 2 and average the distances. "

    Why is the KEYSIZE with the smallest edit distance probably the key? When xoring plaintext with the key isn't the idea that the results are randomized? Even if they weren't, how would xoring byte x with byte y each time produce similar results given a key that isn't just a single byte?

    I suppose I would be more prone to understand if we were given a suggestion of a longer KEYSIZE sample, but 40 characters seems rather small to determine letter frequency.

    In any case, thanks for whatever explanation I get and apologies if it is ultimately determined this does not belong here

    submitted by /u/zalazalaza
    [link] [comments]

    Looking to contribute!

    Posted: 17 Feb 2019 10:49 AM PST

    I'm looking to get stuck into more cryptography related engineering projects, please point me in the right direction! Preferably something C or Go based, but I'm open to anything with open issues. :)

    submitted by /u/gregdhill
    [link] [comments]

    Is SHA-3 (Keccak) already broken?

    Posted: 17 Feb 2019 12:40 PM PST
    Read more
    at

    No comments:

    Post a Comment