Cas Cremers

@CasCremers

Professor of Computer Science, Faculty at CISPA Helmholtz Center for Information Security

Saarbrücken, Germany
Vrijeme pridruživanja: veljača 2016.
5 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @CasCremers

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @CasCremers

  1. proslijedio/la je Tweet
    prije 15 sati

    How about one week of talks, workshops, and discussions on hot topics in IT Security plus a social program with , Mario Fritz? Apply now for CISPA's SeCon taking place in Saarbruecken. More details:

    4 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    30. sij

    I keep watching MLS standards efforts closely - this is still one of the most interesting developments in the messaging space in the last 10 years or so. Not perfect, but it's possible that this will become the best compromise we have right now.

    The IETF Messaging Layer Security (MLS) working group released an update of the Architecture document.
    4 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Poništi
  3. 18. sij

    By choosing the right parameters for C', you can know the private key for C' -- even when you don't know the private key for C -- as Vaudenay noted in 2004.

    2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. 18. sij

    When comparing a received cert to cached root certs, windows only compared the public keys, but not the parameters, and would therefore assume that a received fake root cert C' with different parameters was the same as a cached root cert C, using C' to verify the cert chain.

    3 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  5. 16. sij

    Curve Validation Error

    1 reply 9 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    15. sij

    Thank you to , who stepped down as co-chair of the Crypto Forum Research Group today, after many years of service. Welcome to , who joins and as co-chair going forward.

    5 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa
    Poništi
  7. 15. sij

    This degenerate case was just confirmed to work by , thank you! ( )

    7 proslijeđenih tweetova 31 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 15. sij

    1. Find an ecc root cert C 2. Create C' with the same public key and curve but set the generator to the public key of C 3. Create a normal signing cert C'' with key pair (pk'',sk'') and sign software/cert with sk'' 4. Sign C'' with sk=1 5. Ship software/cert with C'' and C'

    68 proslijeđenih tweetova 156 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 15. sij

    Can someone please confirm/deny if this degenerate version works? (It is still Vaudenay 2004 but with d' the identity) It would be easier to detect in logs of course.

    1 reply 1 proslijeđeni tweet 5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    15. sij

    Aggregated info about CVE-2020-0601:

    2 proslijeđena tweeta 9 korisnika označava da im se sviđa
    Poništi
  11. 15. sij

    3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 15. sij

    1. Find an ecc root cert C with pk 2. Apply Vaudenay|(Pornin&Stern) 2004 get C' with sk',params' for that pk 3. Create a normal code signing cert C'' with key pair (pk'',sk'') and sign software with sk'' 4. Sign C'' with sk' 5. Present software,C'',C' to windows' sigcheck64.exe

    1 reply 33 proslijeđena tweeta 95 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. 15. sij

    Based on what I know now, I think the attack fits into a single tweet, including references:

    1 reply 2 proslijeđena tweeta 11 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 14. sij

    This is ultimately similar to Pornin and Stern (2005). (Which we built on for )

    1 reply 2 proslijeđena tweeta 23 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. 14. sij

    Pre-patch, a cert can be used if the hash of the public key matches one in the cert root, after which the parameters of the new cert get used, enabling Vaudenay's attack. The patch requires the curve parameters to be the same, preventing this attack.

    3 proslijeđena tweeta 24 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 14. sij

    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 14. sij

    It looks like it exploits what Vaudenay warned against in 2004 : "Digital Signature Schemes with Domain Parameters" ( )

    This you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately.
    71 proslijeđeni tweet 175 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    14. sij

    Recent paper on tricky crypto bugs in signature systems, including similarities to today's CVE. Will read this weekend, thanks for sharing (and writing) it Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    14. sij

    The last MLS interim meeting in NYC this weekend was a productive one! We talked about metadata protection, stronger authentication, deniability, improvements to post-compromise forward security, ciphersuites, symbolic analysis and decentralisation.

    5 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  20. 14. sij

    It's a great opportunity, have a look!

    Late registration starting now: CISPA Security Convention for Bachelor and Master students from March 30 – April 3. Lectures/workshops/discussions with our experts , Mario Fritz - Apply now:
    2 korisnika označavaju da im se sviđa
    Poništi

@CasCremers još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·