Twitter | Pretraživanje | |
Marc Stevens
Cryptologist. Highlights: first SHA-1 collision, SVP&MQ records, exposed FLAME's collision attack, MD5 rogue CA.
409
Tweetovi
48
Pratim
1.590
Osobe koje vas prate
Tweetovi
Marc Stevens proslijedio/la je tweet
VUSec 27. sij
Another day, another embargo and addendum! “New” (not really!) variants of the day: L1D evictions (Fig 6, RIDL paper) or and vector registers or . See . As a bonus: a faster RIDL exploit that leaks a root hash in 4s:
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 21. sij
Odgovor korisniku/ci @bascule @whitequark
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 21. sij
Odgovor korisniku/ci @bascule @whitequark
Hardened SHA-1 won't detect all CP coll attacks (e.g. not 2^80 birthday CP coll). But it will detect any collision attack using one of 32 listed 'disturbance vectors'. Based on our current understanding, it won't give 80 bits of security back, but something like 70.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 21. sij
Odgovor korisniku/ci @bascule @whitequark
Not supporting continued use of SHA-1, but look at the papers. The counter-cryptanalysis was invented to solve the problem of detecting chosen-prefix collisions.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
Ben Lincoln 14. sij
The NSA immediately prior to hitting the submit button to report CVE-2020-0601:
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
Filippo Valsorda 14. sij
> Certificates with named elliptic curves, […], can be ruled benign. […] Certificates with explicitly-defined parameters […] which fully-match those of a standard curve can similarly be ruled benign. So it's a vulnerability in ECDSA verification of custom curves.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
briankrebs 14. sij
...and CERT's take on CVE-2020-0601: Crypt32.dll fails to validate ECC certificates in a way that properly leverages protections that ECC should provide. As a result, an attacker may be able to craft a certificate that appears to have the ability to be traced to a trusted root CA
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
briankrebs 14. sij
Odgovor korisniku/ci @briankrebs
Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely."
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
briankrebs 13. sij
Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 13. sij
Odgovor korisniku/ci @mrkoot @angealbertini i 4 ostali
For background, see also the (dutch) text of the Amendment by funding this:
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
Gaëtan Leurent 10. sij
Odgovor korisniku/ci @realhashbreaker
Congrats for the well deserved prize! We couldn't have done the Shambles attack without all the work that came before on MD5 and SHA1, by you and many others...
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 10. sij
Odgovor korisniku/ci @cryptosaurus6
So many developed tools aren't being made public. This is quite a loss for the community. Public tools help in verification of results and helps new work: many implementation details never get into the paper + avoids researchers spending precious time reimplementing prior work.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 10. sij
Odgovor korisniku/ci @cryptosaurus6
Thanks Gaëtan! This is also exactly why I think it is important for cryptanalytic tools to get published to further the community. E.g., our tools have already helped others in a number of publications including SLOTH and SHAmbles.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
The only issue is that the final total lengths have to be identical, otherwise the two paddings will be different and break the collision in the end. This is why there is a same length requirement on the prefixes.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
So there we can just directly append anything after the internal collision, as long as the suffix is identical for both.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
The SHA-1 attacks don't specifically rely on the length extension attack, because it is an internal state collision. (Length extension doesn't hold for truncated/wide-pipe hashes)
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
First, strengthened MD is still vulnerable to a length extension attack, you just have to include the original padding in the extension.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens proslijedio/la je tweet
Cards Against Cryptography 8. sij
We hear there might be a deck of cards up for grabs at the 2020 lightning talks tomorrow.
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
Odgovor korisniku/ci @hugojonker
Thanks Hugo!
Reply Retweet Označi sa "sviđa mi se"
Marc Stevens 8. sij
Odgovor korisniku/ci @angealbertini
Thanks!
Reply Retweet Označi sa "sviđa mi se"