Joanne Woodage (@joannewoodage) outlines a really cool attack on Facebook’s abuse reporting mechanism for encrypted messages. A great example of how popular schemes like AES-GCM can be easily misused. #RealWorldCrypto
-
-
Prikaži ovu nit
-
The team also came up with a new one-pass authenticated encryption scheme based only on collision-resistant hash functions. It’s somewhat reminiscent of the Keccac team’s Keyac encryption based the a sponge construction: https://keccak.team/keyak.html
Prikaži ovu nit -
Subhash Sankuratripati from
@Snap is speaking on the deployment of E2E encryption, which launched in 2018 and now encryptes 1B snaps/s. Supporting multiple devices with forward secrecy was a huge problem because of confirmation and retry issues (~2% failure rate).#RealWorldCryptoPrikaži ovu nit -
Now for the Cryptography and Politics section. Insights from working for U.S. congress from
@shaananc and Gabriel Kaptchuk. What works with politicians is statements like: “TLS 1.3: good, SSLv2: bad”#RealWorldCryptopic.twitter.com/LYOYkGMIFU
Prikaži ovu nit -
And now
@mattblaze attempts to convince the crowd that crypto mean cryptography but not voting. He’s making a pretty convincing case that voting security is hard and crypto magic will likely make things worse rather than better.#RealWorldCryptoPrikaži ovu nit -
The 2019 Max Levchin prizes go to Mihir Bellare and Eric Rescorla!
Prikaži ovu nit -
In the secure communications session,
@kaepora goes into detail about the Noise Explorer project (https://noiseexplorer.com ) and announces a new feature: the ability to automatically generate Noise handshake implementations in both JavaScript and Go. Coming very soon.Prikaži ovu nit -
Now
@cesarghali from Google goes into detail about ALTS, a protocol first developed back in 2007 to add TLS-like security to internal RPCs using protobufs. It’s currently used in over 10B RPCs per second (actually per second this time).Prikaži ovu nit -
-
Now Hugo Krawczyk goes on to explain a new password-authenticated key exchange algorithm called OPAQUE. Paper: https://eprint.iacr.org/2018/163.pdf IETF draft: https://tools.ietf.org/html/draft-krawczyk-cfrg-opaque-01 …
#RealWorldCryptoPrikaži ovu nit -
It’s the first PAKE secure against precomputation attacks since the salt is never sent in the clear.
Prikaži ovu nit -
More password work presented by
@eyalronen. He presents a method to help protect the Internet from large scale attacks by enabling servers to identify popular passwords (heavy hitters).#RealWorldCryptoPrikaži ovu nit -
Correction:
@eyalr0, who I actually follow. Thanks Twitter autocorrect!Prikaži ovu nit -
Catching back up as I was distracted by digging into how to shoehorn OPAQUE into TLS 1.3.
Prikaži ovu nit -
There were three talks in the Crypto Usability section. The first was by Joshua Baron, in which he went into DARPA's Investments in Real World Cryptography. Garbled RAM, Oblivious RAM, Fuctional Secret Sharing, Differential Privacy but no zero-knowledge proofs!
Prikaži ovu nit -
Next, Bailey Kacsmar and
@chelseakomlo went in depth into secret sharing schemes such as the one used by@FreedomofPress's Sunder (https://github.com/freedomofpress/sunder …) and concluded that they're not ready for use in many real world scenarios.Prikaži ovu nit -
Michelle Mazurek shared some of the knowledge gained by the programming contest they created to study how developers write secure code (https://builditbreakit.org/ ). Some takeaways: concept errors are more common than bad decision and non-attempts are more common than mistakes.
Prikaži ovu nit -
Day 2! Encryption at Scale in AWS by Matt Campagna. KMS is now a huge system integrated in over 50 AWS services. At this scale collisions are a real problem, so deterministic IVs are necessary.
#RealWorldCryptoPrikaži ovu nit -
Applying Proxy-Re-Encryption to Payments by Sivanarayana Gaddam of Visa. In an attempt to reduce reliance on HSMs for pin encryption, they came up with system built on proxy-re-encryption. The scheme used (BBS98) is CPA but not CCA secure, which prompted audience questions.
Prikaži ovu nit -
Managing keys for teams.
@maxtaco explains the decisions made by Keybase to support teams. Some choices: a user-centric approach focused on devices instead of keys, post-compromise security by default but opt-in forward secrecy, checkpoints every 4 hours on the bitcoin blockchainPrikaži ovu nit -
In the Cryptographic Implementation session: Jasper van Woudenberg of
@Riscure's talk "Practicing the art and science of side channel and fault attacks" explores the implementation of cryptographic algorithms down at the physical layer. Fun graphs, too.#RealWorldCryptoPrikaži ovu nit -
Bartosz Przydatek from Google is now introducing Tink, a multi-platform cryptography library focused on clean and hard to misuse APIs. Joint work with
@XorNinja, Daniel Bleichenbacher and others. https://github.com/google/tink#RealWorldCryptoPrikaži ovu nit -
Tink goes beyond the functionality of other libraries by providing key management interfaces to enable the use of features like key rotation without a lot of pain.
#RealWorldCryptoPrikaži ovu nit -
And now the


round. I'll try to capture what I can.Prikaži ovu nit -
First, Vipin Bharathan says: don't bash blockchain! Also, Hyperledger needs help by cryptographers.
Prikaži ovu nit -
Second,
@BenarrochDaniel announces the second@zkproof standardization conference.Prikaži ovu nit -
Greg Rubin from AWS Crypto Tools is working on generic tools for crypto along with AWS tools. He needs your help! https://docs.aws.amazon.com/aws-crypto-tools/ …
Prikaži ovu nit -
Yevgeniy Dodis wants to talk with people about how to generate random numbers safely.
Prikaži ovu nit -
Christopher Allen (
@ChristopherA) of TLS 1.0 fame is proposing a decentralized identifier. It's not just about blockchains. Read more: https://w3c-ccg.github.io/did-primer/Prikaži ovu nit -
Brent confessed his downward trajectory into blockchain addition.
Prikaži ovu nit - Još 39 drugih odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.