TLS徹底演習
ã‚»ã‚ュリティ・ã‚ャンプ全国大会2016 集ä¸è¬›ç¾©
Ring learning with errors - Wikipedia
In post-quantum cryptography, ring learning with errors (RLWE) is a computational problem which serves as the foundation of new cryptographic algorithms, such as NewHope, designed to protect against cryptanalysis by quantum computers and also to provide the basis for homomorphic encryption. Public-key cryptography relies on construction of mathematical problems that are believed to be hard to solv
Password Hashing Competition
and our recommendation for hashing passwords: Argon2 Password hashing is everywhere, from web services' credentials storage to mobile and desktop authentication or disk encryption systems. Yet there wasn't an established standard to fulfill the needs of modern applications and to best protect against attackers. We started the Password Hashing Competition (PHC) to solve this problem. PHC ran from 2
Is that ASCII or is it Protobuf? The importance of types in cryptographic signatures.
Is that ASCII or is it Protobuf? The importance of types in cryptographic signatures. By Kenton Varda - 01 May 2015 So here’s a fun problem. Let’s say that a web site wants to implement authentication based on public-key cryptography. That is, to log into your account, you need to prove that you possess a particular public/private key pair associated with the account. You can use the same key pair
Secure Secure Shell
You may have heard that the NSA can decrypt SSH at least some of the time. If you have not, then read the latest batch of Snowden documents now. All of it. This post will still be here when you finish. My goal with this post here is to make NSA analysts sad. TL;DR: Scan this post for fixed width fonts, these will be the config file snippets and commands you have to use. Warning: You will need a re
DiskCryptor wiki
DiskCryptor is an open encryption solution that offers encryption of all disk partitions, including the system partition. The fact of openess goes in sharp contrast with the current situation, where most of the software with comparable functionality is completely proprietary, which makes it unacceptable to use for protection of confidential data. Originally DiskCryptor was developed as a replaceme
Why I Don't Recommend Scrypt
As many of you likely know, I have a “thing†for password storage. I don’t know what it is about it, but it fascinates me. So I try to keep up as best as I can on the latest trends. In the past few years, we’ve seen the rise of a new algorithm called scrypt (it’s 5 years old actually). It’s gaining more and more adoption. But I don’t recommend its use in production systems for password storage. Le
Widespread Weak Keys in Network Devices - factorable.net
We performed a large-scale study of RSA and DSA cryptographic keys in use on the Internet and discovered that significant numbers of keys are insecure due to insufficient randomness. These keys are being used to secure TLS (HTTPS) and SSH connections for hundreds of thousands of hosts. We found that 5.57% of TLS hosts and 9.60% of SSH hosts share public keys in an apparently vulnerable manner, due
All the crypto code you've ever written is probably broken • Tony Arcieri
November 12, 2012 All the crypto code you’ve ever written is probably broken tl;dr: use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. use authenticated encryption. Do you keep up o
Password hashing at scale (YaC 2012)
Follow @Openwall on Twitter for new release announcements and other news Password hashing at scale These are the slides we used at YaC 2012. In a sense, this presentation is a continuation of Password security: past, present, future (PHDays 2012, Passwords^12) and it is continued with New developments in password hashing: ROM-port-hard functions (ZeroNights 2012) and yescrypt: password hashing sca
Cryptohaze.com
Last updated July 2012 For more frequent updates, check out the Cryptohaze Blog Overview Cryptohaze is the home of high performance, open source, network-enabled, US-based cross-platform GPU and OpenCL accelerated password auditing tools for security professionals. Currently, many security professionals are at a serious disadvantage in auditing as they cannot submit hashes to online hash databases
Storing Passwords Securely
Storing Passwords Securely June 6, 2012 Time and time again you hear about a company having all of their users’ passwords, or “password hashesâ€, compromised, and often there’s a press response including one or more prominent security researchers demonstrating how 1,000 users had the password “batmanâ€, and so on. It’s surprising how often this happens considering we’ve had ways to do password authe
Is WPA2 Security Broken Due to Defcon MS-CHAPv2 Cracking?
Is WPA2 Security Broken Due to Defcon MS-CHAPv2 Cracking? Quick answer - No. Read on to hear why. A lot of press has been released this week surrounding the cracking of MS-CHAPv2 authentication protocol at Defcon. For example, see these articles from Ars Technica and CloudCracker. All of these articles contain ambiguous and vague references to this hack affecting Wi-Fi networks running WPA2 securi
Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate
Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate Jul 29, 2012 At Defcon 20 last weekend, David Hulton and I gave a presentation on cracking MS-CHAPv2. This blog post is meant to be a rough overview of what we covered in our talk. Why MS-CHAPv2? The first obvious question is why we looked at MS-CHAPv2, given a lingering sense that the internet should already know better than to rely
ランã‚ング
ランã‚ング
ランã‚ング
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - mjec/khefin: A simple way to generate password-proteceted secrets from a FIDO2 authenticator with the hmac-secret extension
RFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
YubiHSM
cr.yp.to: 2017.07.23: Fast-key-erasure random-number generators)
Robert Morris (cryptographer) - Wikipedia
https://www.digital-scurf.org/software/libgfshare
{{#tags}}- {{label}}
{{/tags}}