CRoCS @ fi.muni.cz

@CRoCS_MUNI

IT Security lab at Faculty of Informatics, Masaryk university. Focused on , , and more (see: )

Vrijeme pridruživanja: rujan 2014.

Tweetovi

Blokirali ste korisnika/cu @CRoCS_MUNI

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @CRoCS_MUNI

  1. Prikvačeni tweet
    2. lis 2019.

    1) Disclosure of ECDSA implementation vulnerabilities in cryptographic smartcards and libraries . Leakage of random nonce length enough for full recovery of EC private key after observing a few hundred to a few thousands of signatures.

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet

    Need some "bad" X.509/HTTPS certs, or simple description of various validation errors in OpenSSL/GnuTLS (more libs later), all in one place similar to MDN? See built by people from

    Poništi
  3. 27. sij

    Our research on usable certificate errors (see details at , feedback welcome) presented at 2020 in Brno. Apart from that, we are collecting developer's opinions for the new study on the research booth.

    Poništi
  4. proslijedio/la je Tweet
    3. lis 2019.

    "Our attack and proof-of-concept code is inspired by the method of Brumley & Tuveri ..." Still making waves after 8 years! NISEC's

    Poništi
  5. 3. lis 2019.

    4) We added list of cards and libraries tested and NOT found vulnerable (thx for suggesting this).

    Prikaži ovu nit
    Poništi
  6. 2. lis 2019.

    3) The necessary time for successful attacks depends on the setup, but with ordinary laptop and library/card, it was 20-30mins for Athena IDProtect smartcard and <10min for libraries. With cards, the majority of time is to collect enough signatures

    Prikaži ovu nit
    Poništi
  7. 2. lis 2019.
    Poništi
  8. 2. lis 2019.

    2) Athena IDProtect (CVE-2019-15809), SunEC/OpenJDK/Oracle JDK (CVE-2019-2894), libgcrypt (CVE-2019-13627), wolfSSL/wolfCrypt (CVE-2019-13628), MatrixSSL (CVE-2019-13629), Crypto++ (CVE-2019-14318) affected. Tester and PoC available. Thx

    Prikaži ovu nit
    Poništi
  9. 13. ruj 2019.

    Let us deposit this here: b86fe2cb57aedfe98183522da1ae85daf71e43899460f92a0694207b62b345c4

    Poništi
  10. proslijedio/la je Tweet
    16. srp 2019.

    Many thanks to JavaCardOS for supporting us with sample cards to test and improve JavaCard open-source library . New cards soon to be added. Use ECPoint and BigInteger operations without proprietary APIs

    Poništi
  11. 16. srp 2019.

    We are systematically working to make JavaCard ecosystem more secure, open and fun to use for novel ideas - JCMathLib on which we cooperate with is one example

    Poništi
  12. 19. velj 2019.

    Usable Security and Privacy Enthusiasts: Consider submitting a paper to EuroUSEC, co-located with , deadline is March 7!

    Poništi
  13. proslijedio/la je Tweet
    14. stu 2018.

    had option for verified paper artifacts (at least last year)👏 Also asked authors in various submission stages about interest: Submission: not sure 36%, Yes 57% Accepted: not sure 33%, Yes 56% Actually provided and verified: Yes 25%, No 75%

    Tweet je nedostupan.
    Poništi
  14. 10. stu 2018.
    Poništi
  15. 10. stu 2018.

    Congrats to our who just scored 2nd place at Applied Research Competition for paper (factorable RSA keys from smartcards, eID, TPMs...) 🍾 See poster here: , all details here:

    Poništi
  16. 16. lis 2018.

    Workshop on Socio-Technical Aspects, co-located with ACSAC 2018, submission deadline extended to October 23

    Poništi
  17. 8. lis 2018.
    Prikaži ovu nit
    Poništi
  18. 8. lis 2018.

    Congratulations to our lab member Milan - well deserved acknowledgement of his continued work on dm-crypt, cryptsetup, AE ciphers in Linux kernel and his quest to bring strong integrity to full disk encryption 🍾

    Prikaži ovu nit
    Poništi
  19. 6. kol 2018.

    Very honored to see our RSA factorization attack on IFX smartcards (, M.Sys, , and V.Matyas)() nominated for Pwnie for Best Cryptographic Attack !

    Poništi
  20. proslijedio/la je Tweet
    6. velj 2018.

    My article on hardware-trojans and defenses is out! It's based on our paper with , a collaboration between and

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·