New blog: The Strange Story of “Extended Random”. About crypto backdoors and RSA.https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/ …
-
So I have a Canon consumer inkjet printer, Japanese model, purchased in Japan. No HTTPS on the web interface, but it speaks Cloud Print with Google, and guess what.pic.twitter.com/77MnG9zeYd
Also, WTF is this. I thought the contents were supposed to be *random bytes*?pic.twitter.com/SsTp9NJWce
-
-
what the heck...? is an RSA mess :D
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Incidentally, this printer supports IPv4 and IPv6... which means it winds up with its web interface on the Internet over IPv6 by default, behind typical v4-NAT v6-native setups. It also supports IPv4 ACLs but not IPv6 ACLs. Amusingly it also does IPsec.
-
Well IPsec is part of the IPv6 core requirements, so it’s not unreasonable for it to be present.
End of conversation
New conversation -
-
-
Huh. Uninitialized buffer? If you have the model number it might be interesting to check out the firmware...
-
Pixus MG6730. It updates itself over unencrypted HTTP (of *course*). The firmware seems to be obfuscated with some kind of silly DIY algorithm, though. Typical Japanese. The whole file looks like this. https://mrcn.st/t/mg6730_1.060.bin …pic.twitter.com/vMrLdlKOnq
- Show replies
New conversation -
-
-
I remember BSAFE spitting out weird version tags as part of its random nonces. So maybe they’re just doing the same for ER. I have the code somewhere...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.