Charles Guillemet

@P3b7_

CTO . Cryptography, (Hardware) Security research. Interested in Tech, Security, Cryptography, Blockchain. Built the Donjon ()

Grenoble
Vrijeme pridruživanja: rujan 2018.

Tweetovi

Blokirali ste korisnika/cu @P3b7_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @P3b7_

  1. proslijedio/la je Tweet
    Odgovor korisniku/ci

    I do like that Trezor is all OSS (primary value IMHO) but in practice I believe it has limited value. The Ledger “smart card pattern” vs “using generic processors” brings a lot of value when assessing against associated threat models.

    Poništi
  2. proslijedio/la je Tweet
    2. velj

    I am starting a blog. First post is about the StarkWare Hash Challenge

    Poništi
  3. 31. sij
    Prikaži ovu nit
    Poništi
  4. 31. sij

    Still, it's more secure to HODL with a Hardware wallet rather than in an exchange Considering an attacker w/ a physical access to the Trezor, a STRONG passphrase mitigates the attack An attacker with simply a malware on your PC/mobile would get your exchange creds in 1 min...

    Prikaži ovu nit
    Poništi
  5. 31. sij

    "We responsibly disclosed the full details of this attack to the Trezor team [...]. We are going public with this vulnerability disclosure now so that the crypto community can protect themselves before a fix is released by the Trezor team." The attack is not fixable, so ...

    Poništi
  6. proslijedio/la je Tweet
    31. sij

    2/2. The attack is indeed feasible with a low-cost hardware. We built our own card to ensure this. With a few additional efforts you might be able to dump the WHOLE chip in less than 1 minute

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    31. sij

    1/2. Congrats for contributing to secure the ecosystem! Your attack is very close to the one we implemented a year ago As the attack is not fixable, we preferred not sharing the details to avoid exploitation on the field.

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    31. sij
    Odgovor korisniku/ci
    Poništi
  9. proslijedio/la je Tweet
    31. sij

    Let’s take back control, for real! On the day of the , we empower people to take control and experience the . Learn more:

    Poništi
  10. Poništi
  11. proslijedio/la je Tweet
    28. sij

    A photo is a mathematical representation of your face.

    Poništi
  12. proslijedio/la je Tweet
    27. sij

    Yet another Intel CPU flaw affects SGX. 2020: Please stop cheating by "solving" crypto problems with SGX magic, it does not work.

    Poništi
  13. 27. sij
    Poništi
  14. proslijedio/la je Tweet
    26. sij

    Elliptic curve crypto sucks :-p "Extrapolating (...), at similar classical security levels, elliptic curve cryptography is less secure than RSA against a quantum attack

    Poništi
  15. 26. sij

    Bitcoin Gold (BTG) has been 51% attacked again. 2 deep reorgs in 2 days, both of which contained double-spends... No real market rection... ¯\_(ツ)_/¯

    Poništi
  16. proslijedio/la je Tweet

    So what does an IoT device need? A hardware root of trust should be provided by the device. This should be a unique identifier and a key which is signed by a mutually trusted authority.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    19. velj 2019.

    LASCAR : Ledger's Advanced Side A fast, versatile, and python3 designed to facilitate Side-Channel Analysis

    Poništi
  18. proslijedio/la je Tweet
    24. sij

    This article is dear to me. While Luc ( ) wrote the article and did the in-depth analysis, I did the record of the scenario and the initial analysis with REVEN. It wasn't much, but as primarily a developer this was a small dive in RE and good dogfooding.

    Poništi
  19. proslijedio/la je Tweet
    23. sij

    NEW: is partnering with dapp provider FLETA, offering legally compliant custody solutions as part of its expansion push in Asia. David Pan / reports

    Poništi
  20. 21. sij

    This is the the methodology followed in the Common Criteria security certification framework leading to these "EAL5+" certification.. It comes with an "Attack Method" document which is not public. It's only shared within the certification scheme.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·