/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

rareskills.io
| | blog.trailofbits.com
2.3 parsecs away

Travel
| | The elliptic curve digital signature algorithm (ECDSA) is a common digital signature scheme that we see in many of our code reviews. It has some desirable properties, but can also be very fragile. For example, LadderLeak was published just a couple of weeks ago, which demonstrated the feasibility of key recovery with a side channel [...]
| | keymaterial.net
2.7 parsecs away

Travel
| | One weird hobby of mine is reasonable properties of cryptographic schemes that nobody promised they do or don't have. Whether that's invisible salamanders or binding through shared secrets, anything that isn't just boring IND-CCA2 or existential unforgeability is just delightful material to construct vulnerabilities with. Normally, with a signature scheme, you have the public key...
| | rot256.dev
3.0 parsecs away

Travel
| | This is the companion post to a tool, git-ring, that I recently released on Github. Github/Gitlab makes the public keys of its users publicly available (at github.com/USERNAME.keys and gitlab.com/USERNAME.keys), this means that these services bind the users identity to public keys via this endpoint. Git-ring "exploits" this to enable the creation of (cryptographic) proofs showing membership among a set of users (or organizations) without revealing the identity of the person generating the proof. The public keys of everyone (including the signer) is automatically downloaded from Github, while the tool finds the correct private key on the signers local computer. All this combined makes using the tool pretty easy, as shown below, where we sign a message and the...
| | blog.ropnop.com
19.9 parsecs away

Travel
| After compromising an OpenNMS server, I recovered salted password hashes. I couldn't find any info online, so I reversed them and wrote a tool to crack them