Marc Stevens

@realhashbreaker

Cryptologist. Highlights: first SHA-1 collision, SVP&MQ records, exposed FLAME's collision attack, MD5 rogue CA.

RWC2020
Vrijeme pridruživanja: veljača 2017.

Tweetovi

Blokirali ste korisnika/cu @realhashbreaker

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @realhashbreaker

  1. proslijedio/la je Tweet
    27. sij

    Another day, another embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or and vector registers or . See . As a bonus: a faster RIDL exploit that leaks a root hash in 4s:

    Poništi
  2. proslijedio/la je Tweet
    14. sij

    The NSA immediately prior to hitting the submit button to report CVE-2020-0601:

    Poništi
  3. proslijedio/la je Tweet

    > Certificates with named elliptic curves, […], can be ruled benign. […] Certificates with explicitly-defined parameters […] which fully-match those of a standard curve can similarly be ruled benign. So it's a vulnerability in ECDSA verification of custom curves.

    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    14. sij

    ...and CERT's take on CVE-2020-0601: Crypt32.dll fails to validate ECC certificates in a way that properly leverages protections that ECC should provide. As a result, an attacker may be able to craft a certificate that appears to have the ability to be traced to a trusted root CA

    Poništi
  5. proslijedio/la je Tweet
    14. sij

    Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely."

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    13. sij

    Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    10. sij
    Odgovor korisniku/ci

    Congrats for the well deserved prize! We couldn't have done the Shambles attack without all the work that came before on MD5 and SHA1, by you and many others...

    Poništi
  8. proslijedio/la je Tweet

    We hear there might be a deck of cards up for grabs at the 2020 lightning talks tomorrow.

    Poništi
  9. proslijedio/la je Tweet
    8. sij

    The second 2020 Levchin Prize is awarded to Xiaoyun Wang and Marc Stevens! Their citation reads, "For groundbreaking work on the security of collision resistant hash functions."

    Prikaži ovu nit
    Poništi
  10. 8. sij

    I'm very proud and thankful to have won one of the RWC2020 Levchin prize together with Xiaoyun Wang for our work on hash function cryptanalysis!!

    Poništi
  11. proslijedio/la je Tweet
    7. sij

    So SHA1 won't disappear soon in practice... So a practical attack against SHA1 could be possible even in the next few years, like Flame for MD5.

    Prikaži ovu nit
    Poništi
  12. proslijedio/la je Tweet
    7. sij

    Unless someone is willing to compute re-useable prefixes for standard formats (PDF, PE, JPG, PNG, MP4...) to raise awareness and get SHA1 deprecated faster.

    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    22. ožu 2017.

    GitHub now uses our SHA-1 collision detection code to protect repositories against SHA-1 collisions: Great!!

    Poništi
  14. 7. sij

    No serious threat indeed, mainly since it only distributed company material. However, they were planning to also distribute user generated content soon, which would change the risk analysis of CP-collisions to an actual threat.

    Prikaži ovu nit
    Poništi
  15. 7. sij

    No panic needed at all if no adversarial threat is considered. But no SHA-1, no worries & no need to re-evaluate later on. I once had a chat with a big pc game company about their CDN using MD5. They wanted me to confirm there was no threat from MD5 CP-collision.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    7. sij

    Funny that both for MD5 and SHA-1 the first chosen-prefix collision happened 3 years after the first identical-prefix collision. Note that for MD5 five years later FLAME used a CP-collision to create a signed malicious windows update exe, because MD5 was still used & accepted.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    7. sij
    Prikaži ovu nit
    Poništi
  18. 7. sij

    Funny that both for MD5 and SHA-1 the first chosen-prefix collision happened 3 years after the first identical-prefix collision. Note that for MD5 five years later FLAME used a CP-collision to create a signed malicious windows update exe, because MD5 was still used & accepted.

    Prikaži ovu nit
    Poništi
  19. 7. sij
    Prikaži ovu nit
    Poništi
  20. 7. sij

    Seriously, stop using SHA-1! SHA-1 chosen-prefix collisions are now practically demonstrated. Beware of ALL possible collision exploits. E.g. see the amazing list of PoCs by .

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·