Found these vulns in 7 out of 9 impls
#realworldcryptopic.twitter.com/ziKVlxX2F6
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
The three-party handshake logo is cut off, my apologies
#realworldcryptopic.twitter.com/0GjRpeSjBh
(That
operation is an elliptic curve group operation)
#realworldcrypto
Results in a handshake circuit with AND complexity of ~770k, runs in ~1.40seconds on wired network. Plenty fast for DECO.
#realworldcrypto
So, if this is a proof based on the TLS connection of the data provider, what happens when the data provider gets social engineered or forgets to patch their database backend?
#realworldcrypto
Q: In the MPC it's broken into two parts, what prevents a malicious input in the second part?
A: This will be caught later on in the protocol in the proof stage this will be caught, the two parties commit to their shares beforehand
#realworldcrypto
Next up is the first symmetric crypto session, starting with Attacks only get better: The case of OCB2 by Tetsu Iwata
#realworldcrypto
No authenticity, allowing the ciphertext to be manipulated.
#REALWORLDCRYPTOpic.twitter.com/XwbeF4CX1L
Nonce changes for every* encryption operation
*except when it doesn't , like when you ask the user to provide a nonce
#REALWORLDCRYPTOpic.twitter.com/twmxJ4qxUj
GCM, CCM are NIST-certified
IETF ones include GCM, ChaCha20-Poly1305
CAESAR includes 6 more
Some more in the ongoing NIST lightweight crypto competition
#realworldcrypto
OCB includes 3 versions, nonce-based AE with AD with strong features, including proof of security
#realworldcryptopic.twitter.com/hZ9D7HyKXF
Result: authenticity attack on OCB2, not related to the underlying block cipher.
#realworldcryptopic.twitter.com/nRbwCXsRyi
> SJCL affected
Free corgi pix to someone who collects metrics on real world usage of the SJCL in the wild.
#realworldcrypto
If we encrypt the same message twice, the nonce will* be different and the ciphertext will be different.
* CAVEAT EMPTOR
#realworldcrypto
Simplest attack is a minimal forgery (existential forgery), adversary must know content of the message, it might not be that important but it's still not generated by the original sender.
#realworldcryptopic.twitter.com/X1ibibpXF3
On its own may not mean much, but can be leveraged into more powerful attacks.
#realworldcrypto
Universal forgery: for any nonce and message (possibly chosen by the adversary), can compute ciphertext and tag that will be accepted as legit
#realworldcrypto
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.