"The theory I'd like to present today, without any proof of course…"
#realworldcryptopic.twitter.com/iWLVv9jjdt
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Want more scientific and rational approach to choosing round numbers, tolerance for corrections.
More consistent security margins across primitives.
Better nomenclature for better understanding.
#realworldcrypto
"I see no one running screaming from the room, so…"
#realworldcryptopic.twitter.com/T2i8zSbwLj
"It's not just about speed, but attacks like distinguishers"
#realworldcrypto
"If NIST is in the room, I hope they're paying attention…"
#realworldcryptopic.twitter.com/E8bAWrPJMG
Q: Limit round parameter input, choose a secure 'fast' version and less fast higher round version.
A: Agreed. Also I'm not responsible for any damage as a result of this talk.
#realworldcrypto
Next up! "The First Chosen-Prefix Collision on SHA-1" -> https://sha-mbles.github.io
#realworldcrypto
SHA-1 is still used in many places in the real world, X.509 certificates, PGP (stop using PGP, use age), TLS, SSH, HMAC-SHA-1, and
GIT GIT GIT
#realworldcrypto
Why still used? Collision attacks are hard to run in practice, and you might end up with garbage that's not very useful.
#realworldcrypto
Totally within the cost budget of academics, so nation states can definitely afford it
#realworldcryptopic.twitter.com/LNE8B5ZjaY
When the Bitcoin price crashed in 2018, there was suddenly a glut of cheap GPUs! Nice for researchers :)
#realworldcryptopic.twitter.com/Yhnigv986s
I hope they put these graphs in a grant proposal
#realworldcryptopic.twitter.com/cwOmWVXmdG
If you achieve a collision, you can snipe an existing signature over that hash and 'verify' the wrong binary/cert/etc
#realworldcryptopic.twitter.com/BYNsQFFCPX
As long as SHA-1 is supported, downgrade attacks are possible!
#realworldcrypto
Q: Do you think sha-1 would still be safe with a few more rounds?
A: tl;dr 'yes'
#realworldcrypto
Q: Does not apply to HMAC-SHA-1, right?
A: Correct no known attacks on HMAC, but why keep using SHA-1 there or anywhere else? I wouldn't recommend using HMAC-MD5 either.
// @SchmiegSophie
#realworldcrypto
Next up, "Adept Secret Sharing" by Phil Rogaway
#realworldcrypto
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.