"In light of our presented attacks, we believe that WPA3 does not meet the standards of a modern security protocol" we are fucked :/ https://papers.mathyvanhoef.com/dragonblood.pdf
-
-
Replying to @cryptodavidw @gsuberland
Here is somewhat more educated discussion: https://news.ycombinator.com/item?id=19634323 … TL;DR nothing new to see here, move on
1 reply 0 retweets 2 likes -
Replying to @moo9000 @cryptodavidw
I strongly disagree with the point about the side-channel bugs being implementation vulnerabilities rather than algorithm design flaws. If the algorithm has design features that lead to data-dependent behaviour then side-channel attacks are inherently difficult to mitigate.
2 replies 0 retweets 2 likes -
One of the critical parts of cryptographic algorithm design is picking operations that allow for easy, efficient, and secure implementations on common processing architectures. It's why Rijndael beat Serpent in the AES process.
1 reply 0 retweets 3 likes -
RSA is another example of an inherently flawed cryptosystem. Ignoring all the endless problems with padding, Bleichenbacher, etc. it still requires computational shortcuts to make it perform well, and those shortcuts lead to timing and power side-channel attacks.
1 reply 0 retweets 1 like
Is RSA really *inherently* flawed? I would certainly agree with "flawed by default", but a textbook AES implementation is also certainly vulnerable to a variety side-channel attacks.
-
-
Agreed. Poor word choice on my part.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.