what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 293 RSS Feed

Cryptography Files

Passive SSH Key Compromise Via Lattices
Posted Nov 13, 2023
Authored by Nadia Heninger, Keegan Ryan, Kaiwen He, George Arnold Sullivan

This whitepaper demonstrates that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. The paper shows that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. The authors provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use their attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.

tags | paper, cryptography, protocol
SHA-256 | 481aab67e2963f899f4d0981c2be3f03e3ff14965119cb78e929b36c27b58597
Debian Security Advisory 5539-1
Posted Oct 31, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5539-1 - It was reported that incorrect bound checks in the dsaVerify function in node-browserify-sign, a Node.js library which adds crypto signing for browsers, allows an attacker to perform signature forgery attacks by constructing signatures that can be successfully verified by any public key.

tags | advisory, cryptography
systems | linux, debian
advisories | CVE-2023-46234
SHA-256 | bd4d2f5bb4a56492acf5a0f3f5a7176edb7f3f2a9e00ffd9fa12ec5357176f21
Ubuntu Security Notice USN-6400-1
Posted Sep 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6400-1 - It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information.

tags | advisory, cryptography, python
systems | linux, ubuntu
advisories | CVE-2022-48566
SHA-256 | 78f05f302971fdd61c41b154c5089eddceaa4838a9b6ffba2b409c27fe5f9ad4
Crypto Currency Tracker (CCT) 9.5 Add Administrator
Posted Aug 21, 2023
Authored by 0xBr

Crypto Currency Tracker (CCT) versions 9.5 and below suffer from a flaw that allows an administrative account to be added without authentication.

tags | exploit, cryptography, add administrator
advisories | CVE-2023-37759
SHA-256 | 9bfa02f5d59b5e3cf33ee7b1bbfbf8405639a69db395f6a7dbbbe7f5809ce517
Speculative Denial-of-Service Attacks In Ethereum
Posted Jun 19, 2023
Authored by Kaihua Qin, Liyi Zhou, Aviv Yaish, Arthur Gervais, Aviv Zohar

The expressiveness of Turing-complete blockchains implies that verifying a transaction's validity requires executing it on the current blockchain state. Transaction fees are designed to compensate actors for resources expended on transactions, but can only be charged from transactions included in blocks. In this work, the authors show that adversaries can craft malicious transactions that decouple the work imposed on blockchain actors from the compensation offered in return by introducing three attacks.

tags | paper, cryptography
SHA-256 | 68b4adbac9a02de43d43f0c0b285dc603d363d3be1f6185ba4fe1c00129c1969
A Vulnerability In Implementations of SHA-3, SHAKE, EdDSA, And Other NIST-Approved Algorithms
Posted Mar 7, 2023
Authored by Nicky Mouha, Christopher Celi | Site eprint.iacr.org

This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

tags | paper, overflow, cryptography, php, python
advisories | CVE-2022-37454
SHA-256 | e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1
Breaking A Fifth-Order Masked Implementation Of CRYSTALS-Kyber By Copy-Paste
Posted Feb 28, 2023
Authored by Kalle Ngo, Joel Gartner, Elena Dubrova

CRYSTALS-Kyber has been selected by the NIST as a public-key encryption and key encapsulation mechanism to be standardized. It is also included in the NSA's suite of cryptographic algorithms recommended for national security systems. This makes it important to evaluate the resistance of CRYSTALS-Kyber’s implementations to side-channel attacks. The unprotected and first-order masked software implementations have been already analysed. In this paper, they present deep learning-based message recovery attacks on the ω-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU for ω ≤ 5. The main contribution is a new neural network training method called recursive learning. In the attack on an ω-order masked implementation, they start training from an artificially constructed neural network M ω whose weights are partly copied from a model M ω−1 trained on the (ω − 1)-order masked implementation, and then extended to one more share. Such a method allows them to train neural networks that can recover a message bit with the probability above 99% from high-order masked implementations.

tags | paper, cryptography
SHA-256 | bb8f1a666a9bb3b7ef38e7e61e8980c7e3efb86a13dead4ae283a439aa94aded
Red Hat Security Advisory 2022-7384-01
Posted Nov 3, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7384-01 - The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, cryptography
systems | linux, redhat
advisories | CVE-2022-3602, CVE-2022-3786
SHA-256 | 2d06e9dfb51b5c9d873e5550a4253a970790f764b91c9681acc1009726636955
Red Hat Security Advisory 2022-6854-01
Posted Oct 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6854-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Issues addressed include a double free vulnerability.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2022-2509
SHA-256 | dff461130a763c1fd068e986dd002fa1af64116943515003ec50ff603edd70a2
Hashcat Advanced Password Recovery 6.2.6 Source Code
Posted Sep 2, 2022
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Changes: 21 hash modes added, 11 features added, and dozens of bugs fixed.
tags | tool, cracker, cryptography
systems | unix
SHA-256 | b25e1077bcf34908cc8f18c1a69a2ec98b047b2cbcf0f51144dcf3ba1e0b7b2a
Hashcat Advanced Password Recovery 6.2.6 Binary Release
Posted Sep 2, 2022
Authored by Kartan | Site hashcat.net

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Changes: 21 hash modes added, 11 features added, and dozens of bugs fixed.
tags | tool, cracker, cryptography
SHA-256 | 96697e9ef6a795d45863c91d61be85a9f138596e3151e7c2cd63ccf48aaa8783
Red Hat Security Advisory 2021-4582-02
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4582-02 - Service Telemetry Framework provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform deployment for storage, retrieval, and monitoring. Security fixes: golang: crypto/tls: certificate of wrong type is causing TLS client to panic.

tags | advisory, remote, cryptography
systems | linux, redhat
advisories | CVE-2019-3842, CVE-2020-13776, CVE-2021-22922, CVE-2021-22923, CVE-2021-34558, CVE-2021-3620
SHA-256 | f28cc76ddb412145654050664da26602d7c4d62da2e36475367e140177eb756a
Red Hat Security Advisory 2021-4451-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4451-03 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Issues addressed include a use-after-free vulnerability.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20231, CVE-2021-20232, CVE-2021-3580
SHA-256 | d6a613e034ba768ea74172f7f2974826a7f6e4c5dbcf90bbb89e1d4814ee6509
Red Hat Security Advisory 2021-2760-01
Posted Jul 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2760-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | e42ce41d08e975a1430a27c51239e1c6b441bfc1ee6419a8f1260663774b670b
Red Hat Security Advisory 2021-2758-01
Posted Jul 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2758-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | f366a4741628270515ea9df33e6f46069b4595fc20f17cc3b7778a467f9fa2f9
Petalus 1.0.0
Posted Jun 10, 2021
Authored by Luis Campo Giralte | Site bitbucket.org

Petalus is a crypto wallet microservice in python that allows users to store any type of information on a virtual wallet. The main functionalities of Petalus are blockchain support on the storage data, multiple hashes for the blockchain (sha256, blake2s and sha3-256), multiple process execution, support for read/write triggers on the wallets, and authorization of write blocks with public/private key.

tags | tool, cryptography, python
systems | unix
SHA-256 | 535dcde4cc02e3aaed94a32fcddbf9482acb15845d4e4689e59fc8aee26cd414
Red Hat Security Advisory 2021-2356-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2356-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | f0b868aecc984ffac536b2f7445dec720e102809e48c65ea1b5287ba47f543d5
Red Hat Security Advisory 2021-2280-01
Posted Jun 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2280-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | 25a368fa3e5e2ba5618296e78e07cf7dddc9a96c8c3b675919627a7ed133283b
Red Hat Security Advisory 2021-1246-01
Posted Apr 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1246-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | a6ed120c427bdf965416633946bf2c8c87af6e47ae6eeb335fa638330e7de30b
Red Hat Security Advisory 2021-1245-01
Posted Apr 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1245-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | 03ae9d4d6c692462185f91ccac59efd11a557f501eca9ed834b624631545538d
Red Hat Security Advisory 2021-1206-01
Posted Apr 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1206-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, protocol, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | cfc2ddbf194ca98e9bd00034d5a3de9b781c3c4eaf8683beb24a941d9f66d122
Red Hat Security Advisory 2021-1145-01
Posted Apr 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.

tags | advisory, kernel, cryptography, python
systems | linux, redhat
advisories | CVE-2021-20305
SHA-256 | c64e53f209824c0541aa87a7b3d247fd85ddd3bfb744137d79b41874b72f64e3
Ubuntu Security Notice USN-4550-1
Posted Sep 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4550-1 - Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host.

tags | advisory, denial of service, arbitrary, cryptography
systems | linux, ubuntu
advisories | CVE-2020-14374, CVE-2020-14378
SHA-256 | d8af98378677f0c95696fed25979abbe5c17bc959e6fb291f1db9dd93bd3a233
Ubuntu Security Notice USN-3901-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, cryptography
systems | linux, ubuntu
advisories | CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
SHA-256 | 2733d1718525888590b59662b23b1cc1de9b8d11aba8290d25b543ffd636e966
Android Securty Research: Crypto Local Storage Attack
Posted Feb 28, 2019
Authored by Viet Nguyen Quoc, Loc Phan Van

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

tags | paper, local, cryptography
SHA-256 | d4ec44d04cda2c87a67db49c174fec961eb574fcddcdec97e38b0cdd8f2c2a23
Page 1 of 12
Back12345Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close