thaidn

@XorNinja

XorOps at a high-wage Walmart, contributing to Tink and Wycheproof. SSL attack trilogy: BEAST, CRIME, PODDLE. Opinions are Alice's and Bob's.

Vrijeme pridruživanja: rujan 2012.

Tweetovi

Blokirali ste korisnika/cu @XorNinja

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @XorNinja

  1. Prikvačeni tweet
    20. kol 2019.
    Poništi
  2. 1. velj

    . Flights from/to Taiwan are also unbanned. Safe flights home my friends!

    Poništi
  3. 19. sij

    It was a long time ago, and it wasn't my interview, but I was shadowing a coworker who asked the interviewee "If you were an animal what would you be?" I was like, WTF, why am I even here?!

    Poništi
  4. proslijedio/la je Tweet
    15. sij

    History repeats itself: after padding oracles, another attack discovered by Serge becomes a practical threat many, many years after its publication.

    Poništi
  5. proslijedio/la je Tweet
    15. sij

    1. Find an ecc root cert C 2. Create C' with the same public key and curve but set the generator to the public key of C 3. Create a normal signing cert C'' with key pair (pk'',sk'') and sign software/cert with sk'' 4. Sign C'' with sk=1 5. Ship software/cert with C'' and C'

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    15. sij
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    15. sij
    Poništi
  8. proslijedio/la je Tweet
    14. sij
    Odgovor korisnicima

    Thomas's write-up on HN, for anyone following this thread:

    Poništi
  9. 14. sij

    I can't remember why, but I spent some time finding bad libraries that blindly trust specified curve parameters. I couldn't find anything. Wycheproof also has test vectors. "NamedCurve"

    Prikaži ovu nit
    Poništi
  10. 14. sij

    Wow. So this is not a boring parsing bug. My guess is that Windows blindly trusted curve parameters from a rogue certificate. This is interesting because states that " This choice [specified curve parameters] MUST NOT be used"

    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    14. sij

    But the fundamental reason why I'm worried about shaking the ads ecosystem too hard, too fast: news media largely relies on ads right now and their business models are already very shaky. If media can't make money, we're left with media that doesn't need to make money.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    14. sij

    Just to be very clear on this point: This is not about blocking a subset of 3P cookies via lists and/or heuristics. This announcement is that we are going to remove 3P cookies and related tracking mechanisms entirely.

    Poništi
  13. proslijedio/la je Tweet
    Odgovor korisniku/ci

    One way to create secure and private ads is to remove tracking altogether. Pay for placement, like in newspapers. The societal problems from online advertising come from the fact that it's extra profitable and effective to use personal information for targeting.

    Poništi
  14. 9. sij

    To celebrate and HACS, here's the latest installation of the Internet of broken protocols series

    Poništi
  15. proslijedio/la je Tweet
    8. sij
    Odgovor korisnicima

    I think aspects of the cryptowars and in particular crypto vulns found during during that period would contradict this - Notable Examples: A51 (GSM), CSS (for DVD).

    Poništi
  16. 8. sij

    new version of Boneh-Shoup's magnificent book is out!

    Poništi
  17. 8. sij

    TIL cryptographers offer reduced-round of their ciphers to attract cryptanalysts

    Poništi
  18. 8. sij

    Did you notice that there's no vulnerability disclosure debate in crypto research, because everyone happily follows full disclosure? Probably because "the vendors" are also cryptographers, and usually found themselves on the other side of the table

    Poništi
  19. 8. sij

    Authenticated encryption is old enough to vote

    Poništi
  20. proslijedio/la je Tweet
    8. sij

    Ok, Vietnam, now it’s your turn. Here they come.

    Poništi
  21. 1. sij
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·