This whitepaper demonstrates that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. The paper shows that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. The authors provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use their attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations.
481aab67e2963f899f4d0981c2be3f03e3ff14965119cb78e929b36c27b58597This paper describes a vulnerability in several implementations of the Secure Hash Algorithm 3 (SHA-3) that have been released by its designers. The vulnerability has been present since the final-round update of Keccak was submitted to the National Institute of Standards and Technology (NIST) SHA-3 hash function competition in January 2011, and is present in the eXtended Keccak Code Package (XKCP) of the Keccak team. It affects all software projects that have integrated this code, such as the scripting languages Python and PHP Hypertext Preprocessor (PHP). The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (without any restrictions on values to be XORed and even far beyond the location of the original buffer), thereby making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.
e5ce94c802fc96b96a37593074295283819a7abf859a04a1c1cbfcdb566dcdb1Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to investigate the extent to which blockchains are truly decentralized. They focused primarily on the two most popular blockchains: Bitcoin and Ethereum. They also investigated proof-of-stake (PoS) blockchains and Byzantine fault tolerant consensus protocols in general. This report provides a high-level summary of results from the academic literature, as well as their novel research on software centrality and the topology of the Bitcoin consensus network.
7539c81d4b8e441403714a6c53dc14d36bda7acb1b5c0dadb8762f8d53177dd5Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.
d4ec44d04cda2c87a67db49c174fec961eb574fcddcdec97e38b0cdd8f2c2a23Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.
7bdd578be202b278bcaaefbcc9d6e1f9481932cdadde98dfd4ce55ede0123dedSide channel attacks against cryptographic systems involve identifying ways in which their physical implementations leak useful information. A cryptographic algorithm may be secure on paper but when implemented on physical hardware some of the secret data, such as key bits, may potentially be recovered by an attacker by measuring various physical properties whilst encryption or decryption is being performed. This essay reviews the most successful countermeasures that can be used to make different classes of side channel attacks as difficult as possible. An understanding of basic principles of cryptography is assumed.
291a3d1be421c2c85288ddda1845bef8abe134544fe137f42cec5bfcdd6661a4This paper investigates the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, they present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, the researchers implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, they can compute arbitrary discrete logs in that group in about a minute. They found that 82% of vulnerable servers use a single 512-bit group, allowing them to compromise connections to 7% of Alexa Top Million HTTPS sites. They go on to consider Diffie-Hellman with 768- and 1024-bit groups. They estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. They conclude that moving to stronger key exchange methods should be a priority for the Internet community.
34229b5a84df1c71f6a8f6c2fbd22fb444d37a13ea7fdfe2f50f3fe60983e984This is a whitepaper that touches on various cryptography and discusses hash functions at a slightly greater length.
5aa0be1d76aebe75b38c23e223c667b62f5b40c08d40af7df228f6c99c7dfcbfWhitepaper called the Cryptographic Overhead of IPSec Protocol Suite During the Packet Exchange Process.
a50726bde091619f65322e9ea8f52a770da87b90c239063c84c5925eee955739The goal of this paper is to discuss the application of known techniques, knowledge and technology in a novel way, to encrypt computer and non-computer data. There are two distinct and separate methods presented in this paper.
7837b2e39a3acb57fd028e01088d02c8d625277f4bb1d9f456e27f5493650d32The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto secure protocol of choice for Internet and mobile applications. DTLS is a variant of TLS that is growing in importance. In this paper, the authors present distinguishing and plaintext recovery attacks against TLS and DTLS. The attacks are based on a delicate timing analysis of decryption processing in the two protocols. The authors include experimental results demonstrating the feasibility of the attacks in realistic network environments for several different implementations of TLS and DTLS, including the leading OpenSSL implementations. The authors provide countermeasures for the attacks. Finally, they discuss the wider implications of their attacks for the cryptographic design used by TLS and DTLS.
5e5f1f853fbe738cb8f080812f033a884a041ffb3a968f219a1bbc25ac8d892dThis paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.
2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0The cryptographic algorithm called INCrypt32 is a MAC algorithm to authenticate participants, RFID cards and readers, in HID Global's iCLASS systems. HID's iCLASS cards are widely used contactless smart cards for physical access control. Although INCrypt32 is a heart of the security of HID's iCLASS systems, its security has not been evaluated yet since the specification has not been open to public. In this paper, they reveal the specification of INCrypt32 by reverse engineering an iCLASS card and investigate the security of INCrypt32. As a result, we show that the secret key of size 64 bits can be recovered using only 218 MAC queries if the attacker can request MAC for chosen messages of arbitrary length. If the length of messages is limited to pre-determined values by the authentication protocol, the required number of MAC queries grows to 242 to recover the secret key.
cb8784c8a30a60fd5be4ccee3a92361bbb9b0c25e831d60269f418117ec0e6b6This document is version 1.0, as adopted by the CA/Browser Forum on 22 Nov. 2011 with an Effective Date of 1 July 2012. These Baseline Requirements describe an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements that are necessary (but not sufficient) for the issuance and management of Publicly-Trusted Certificates; Certificates that are trusted by virtue of the fact that their corresponding Root Certificate is distributed in widely-available application software. The Requirements are not mandatory for Certification Authorities unless and until they become adopted and enforced by relying–party Application Software Suppliers.
7e40dcea212696d52d1c4425eabf0a1c02ba09e85412416def237608e9fe7832This paper covers a conjecture of equivalence between a statement regarding Ξ matrix and Zeta.
fd9949c76741d04356c6c3b465f8fa4625be9eb480863888cf5eb7f612ef95f6This document covers the introduction of the R-sequence, i.e. the sequence of numbers closely related to the distribution of the prime numbers. The paper contains its connection to ζ and Mobius function.
7e932293969c1baba57394e3041702cc25637d677c17477a1a235e85d8d9b6b3This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.
afe6f4a0ab4ce26e52bdcf64e8ae768dd81416309332ac0a348749bb8aaf5074Whitepaper called Biclique Cryptanalysis of the Full AES. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. This paper discusses shortcut attacks on AES.
892f69df7711f607a712c9642c0b94ef2229b7c62e1af9495c6c69a8dfd8fb59This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
a639445448cf4d50a71d847a0554fa7ab0640e8c63cc63998bd97f803f5b3b40Whitepaper called Elliptic Curve Cryptography Anomalous Curves. Written in Spanish.
c45415603979c78761b5dc3c885231f762afa6be15075f10d182a3ec944861faThis whitepaper is a comparison of the security provider by Window's Local Area Network Manager and Message Digest Five hashes in the application of personal and business computers.
6b8a3087033c3403b1476120c4698035c6629b2e9b70c738b61fb10009954ed8Whitepaper called Cryptography - The Magic Of The Asymmetric. Written in German.
f737c81ee79e0d58d85ded394f940a3195d39935d8a7917ec137a9d11bab632bWhitepaper called SSL Sniffing. It discusses the basic use of SSL and what types of attack tools and methodologies exist.
de3b2e24d4c45610d923e09653831838fc578281e0df75ef9fab4c92d3ab4e77Whitepaper titled Breaking RSA: Totient indirect factorization.
6ec72b3df0558322188aaacfe4c6a5da08bb84134c850474aaaa5c66090bd689Whitepaper entitled Application Level Cryptography: Combination Stream And Block Ciphering Using Double Encryption Algorithms.
54d5e2cd2f382e5bab89c50c763f3a086a983c656a1aa1b329596d85ebac7bb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed