Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @realhashbreaker
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @realhashbreaker
-
Marc Stevens proslijedio/la je Tweet
Another day, another
#RIDL embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or#L1DES and vector registers or#VRS. See http://mdsattacks.com . As a bonus: a faster RIDL exploit that leaks a root hash in 4s:https://www.youtube.com/watch?v=4DQAcCfg3b8 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
The NSA immediately prior to hitting the submit button to report CVE-2020-0601:pic.twitter.com/rPTFp2pDJt
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
> Certificates with named elliptic curves, […], can be ruled benign. […] Certificates with explicitly-defined parameters […] which fully-match those of a standard curve can similarly be ruled benign. So it's a vulnerability in ECDSA verification of custom curves.https://twitter.com/NSAGov/status/1217152211056238593 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
...and CERT's take on CVE-2020-0601: Crypt32.dll fails to validate ECC certificates in a way that properly leverages protections that ECC should provide. As a result, an attacker may be able to craft a certificate that appears to have the ability to be traced to a trusted root CAhttps://twitter.com/tababodash/status/1217147738443350018 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely." https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
Congrats for the well deserved prize! We couldn't have done the Shambles attack without all the work that came before on MD5 and SHA1, by you and many others...
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
We hear there might be a deck of cards up for grabs at the
#realworldcrypto 2020 lightning talks tomorrow.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
The second 2020 Levchin Prize is awarded to Xiaoyun Wang and Marc Stevens! Their citation reads, "For groundbreaking work on the security of collision resistant hash functions."
#RealWorldCrypto http://levchinprize.com pic.twitter.com/0aUeFZW1TD
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I'm very proud and thankful to have won one of the RWC2020 Levchin prize together with Xiaoyun Wang for our work on hash function cryptanalysis!!
#realworldcryptoHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
So SHA1 won't disappear soon in practice... So a practical attack against SHA1 could be possible even in the next few years, like Flame for MD5.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
Unless someone is willing to compute re-useable prefixes for standard formats (PDF, PE, JPG, PNG, MP4...) to raise awareness and get SHA1 deprecated faster.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
GitHub now uses our SHA-1 collision detection code to protect repositories against SHA-1 collisions: https://github.com/blog/2338-sha-1-collision-detection-on-github-com … Great!!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
No serious threat indeed, mainly since it only distributed company material. However, they were planning to also distribute user generated content soon, which would change the risk analysis of CP-collisions to an actual threat.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
No panic needed at all if no adversarial threat is considered. But no SHA-1, no worries & no need to re-evaluate later on. I once had a chat with a big pc game company about their CDN using MD5. They wanted me to confirm there was no threat from MD5 CP-collision.https://twitter.com/anders_fogh/status/1214503866219290624 …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je Tweet
Funny that both for MD5 and SHA-1 the first chosen-prefix collision happened 3 years after the first identical-prefix collision. Note that for MD5 five years later FLAME used a CP-collision to create a signed malicious windows update exe, because MD5 was still used & accepted.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Marc Stevens proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Funny that both for MD5 and SHA-1 the first chosen-prefix collision happened 3 years after the first identical-prefix collision. Note that for MD5 five years later FLAME used a CP-collision to create a signed malicious windows update exe, because MD5 was still used & accepted.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Seriously, stop using SHA-1! SHA-1 chosen-prefix collisions are now practically demonstrated. Beware of ALL possible collision exploits. E.g. see the amazing list of PoCs by
@angealbertini.https://twitter.com/IACR_News/status/1214482323808358400 …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.