The hottest Cryptography Substack posts right now

And their main takeaways
Category
Top Technology Topics

The High Potential of Satellites

Splitting Infinity 0 implied HN points 26 Sep 23
🕹 Technology Cryptography
  1. The value of industry in orbit will be enormous, with falling launch prices enabling new possibilities for Earth in areas such as communications and ecosystem management.
  2. Satellites can revolutionize communications by providing fast, ubiquitous space internet and increasing the speed and accessibility of various applications like stock exchanges and online gaming.
  3. Satellites have great potential for enhancing security through the use of cryptography, as they offer secure platforms for encryption methods like quantum cryptography and relativistic cryptography.

Beijing Infosec Strategic Investment in Yunjizhi Technology

CyberSecurityMew 0 implied HN points 08 Jan 24
🕹 Technology Cryptography
  1. Beijing Infosec made a strategic investment in Yunjizhi Technology on January 8, 2024, initiating a partnership in the data security industry.
  2. Infosec specializes in commercial cryptography products for sectors like finance, government, and enterprises, while Yunjizhi offers structured and unstructured data security products and services.
  3. Through collaboration, Infosec and Yunjizhi aim to tackle data security challenges, introduce innovative technologies, and advance the industry's development.

Sansec announced to acquire Jiangnan Keyou

CyberSecurityMew 0 implied HN points 20 Jun 23
💼 Business Cryptography
  1. Sansec announced the acquisition of 66.9349% shares of Jiangnan Keyou on June 19, 2023, aiming to improve resource integration and leverage synergies.
  2. China's regulatory framework for cryptography has been improving with laws like the 'Password Law' and revised 'Regulations on the Administration of Commercial Cryptography,' accelerating the industry's development.
  3. Upon completion of the acquisition, Jiangnan Keyou will become a wholly-owned subsidiary of Sansec.

Post-Quantum Cryptography Standards

Quantum Formalism 0 implied HN points 05 Jul 22
🕹 Technology Cryptography
  1. The US National Institute of Standards and Technology announced post-quantum cryptography standardisation proposals, marking a historic day in modern cryptography.
  2. Cryptography courses will now include post-quantum cryptography standards in the curriculum, with a focus on the selected standards.
  3. The Quantum Formalism community encourages participation in lectures, Discord community engagements, and sponsorships for events like LOGML Summer School, emphasizing the importance of advanced Geometry in Machine Learning.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

A history of elliptic curves in tweets

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 04 Sep 20
💾 History Cryptography
  1. The history of elliptic curves dates back to the work of prominent mathematicians like Kepler, Newton, and Leibniz, who laid the foundation for further exploration.
  2. Various mathematicians such as Bernoulli, Liouville, and Legendre made significant contributions to understanding elliptic integrals and functions, paving the way for further advancements in mathematics.
  3. Elliptic curves have not only played a crucial role in mathematics but also in modern cryptography, where figures like Diffie-Hellman and NSA have explored their encryption capabilities.

The Internet of Broken Protocols: Showcase #8

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 16 Oct 19
🕹 Technology Cryptography
  1. Cascading multiple encryption algorithms in a specific order, known as a cascade, may not always improve security as commonly thought.
  2. Analyzing a cascade of MAC and digital signature algorithms can reveal potential vulnerabilities in data protection methods.
  3. Using a combination of GMAC with a digital signature for file integrity may not guarantee security as intended, leading to potential security flaws.

Invalid curve attacks, explained

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 28 Sep 18
🕹 Technology Cryptography
  1. The Internet operates on 'donuts,' and many major platforms and technologies rely on them.
  2. Invalid curve attacks involve manipulating specific points on elliptic curves to compromise cryptographic systems.
  3. Understanding the nuances of point manipulation and curve properties is crucial in mitigating vulnerabilities in cryptographic protocols.

On testing (EC)DH and (EC)DSA

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 11 Apr 17
🕹 Technology Cryptography
  1. Validate domain parameters to ensure security in (EC)DSA and (EC)DH. In real-world applications, parameters are typically generated internally or selected from standard options.
  2. In (EC)DSA, if Mallory can manipulate domain parameters, key recovery becomes a potential issue. ECDSA could be vulnerable if the base point and curve are not properly validated.
  3. For (EC)DH security, thorough validation of domain parameters is crucial, especially in scenarios where parameters are chosen by a potentially untrusted source like in SSL handshake.

Trivial birthday attacks against HMAC

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 06 Apr 16
🕹 Technology Cryptography
  1. HMAC is vulnerable to birthday attacks, which can lead to forged signatures with lower cost.
  2. The second attack, duplicate signature attack, is security-relevant as it can produce two messages with the same tag, exploiting a server's validation system.
  3. Birthday attacks on HMAC can often be parallelized, and using HMAC-SHA256 is recommended for increased security.

Diffie & Hellman win the Nobel prize of computer science, yay!

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 02 Mar 16
🕹 Technology Cryptography
  1. Diffie & Hellman won the Nobel prize in computer science for their groundbreaking work in cryptography.
  2. Their invention of Diffie-Hellman is a crucial component of internet security, used when connecting to major platforms like Google and Facebook.
  3. Despite its complexity, the math trick behind Diffie-Hellman is surprisingly simple and has remained unsolved for over 40 years.

Exploiting the Diffie-Hellman bug in socat

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 03 Feb 16
🕹 Technology Cryptography
  1. The Diffie-Hellman bug in socat involved a vulnerability where the hard-coded DH p parameter was not prime, making the key exchange weaker and potentially insecure.
  2. Knowing the factors of the p parameter can allow one to solve the discrete log problem (DLP) on Z_p through the Chinese Remainder Theorem, which can be a powerful cryptanalysis tool.
  3. To exploit the bug, one can factor p completely, reduce DLP on Z_p to a smaller group, use Pollard's rho or index calculus, sniff socat traffic, and profit - highlighting the potential risks and methods involved in exploiting this vulnerability.

Exploiting the math/rsa bug in Go

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Jan 16
🕹 Technology Cryptography
  1. The math/rsa bug in Go impacted crypto/tls and crypto/openpgp, prompting the need to change RSA private keys.
  2. Go uses Montgomery reduction and Chinese Remainder Theorem to speed up modular operations, but a small mistake led to leaking RSA private keys.
  3. By exploiting the bug, one can potentially obtain the RSA private key values and learn how multiple modular results can help determine values like 'q'.

Làm an toàn sản phẩm (product security) là làm gì?

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Jan 16
🕹 Technology Cryptography
  1. Start product security early to save time and cost - fixing issues during design phase is cheaper than after product development.
  2. Segment product security project into vulnerability assessment and penetration testing phases for thorough evaluation.
  3. Balance time between breaking and building software for security expertise and lead a team specialized in cryptography solutions.

djb

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 30 Sep 15
🕹 Technology Cryptography
  1. Daniel J. Bernstein, also known as djb, created qmail and djbdns to replace Sendmail and BIND9 due to security vulnerabilities, with qmail and djbdns being crucial services on the Internet.
  2. Despite skepticism, only a single security vulnerability has been found in qmail and djbdns each, cementing djb's reputation as a legendary figure in Internet infrastructure.
  3. Besides his contributions to email and DNS services, djb is a renowned cryptographer, striving to encrypt the entire Internet with his high-speed cryptography algorithms, impacting the security of online services like Gmail.

Từ đại số đến Bitcoin: 26, Fermat và tôi

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 15 Jul 14
🔬 Science Cryptography
  1. 26 is a unique natural number sandwiched between a square and a cube, a discovery by Fermat, a notable French mathematician.
  2. Euler's proof on Fermat's equation $y^2 = x^3 - 2$ showcases the power of abstract algebra and group theory in solving complex mathematical problems.
  3. Understanding algebraic structures like groups, rings, and unique factorization plays a crucial role in various fields, from cryptography to machine learning.

Google End-To-End

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 08 Jun 14
🕹 Technology Cryptography
  1. The creation of the End-To-End email encryption program involved significant effort and collaboration, highlighting the importance of teamwork in large software projects.
  2. Working on projects like encryption libraries can lead to gaining a wealth of new knowledge and skills through the experience.
  3. Understanding mathematical concepts like elliptic curve cryptography and number theory is crucial for creating secure encryption systems.

A quick audit of CryptoCat's elliptic curve crypto

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 20 Oct 13
🕹 Technology Cryptography
  1. CryptoCat's engineering practices appear lacking due to minimal testing and mixing different cryptographic functions, risking security vulnerabilities.
  2. Writing secure crypto code in JavaScript is challenging due to its lack of type checks and bounds access issues detection, requiring thorough testing and careful data type handling.
  3. Specific issues were found in CryptoCat's elliptic curve crypto library, such as private key generation mistakes and incorrect signature verification, highlighting potential security risks.

Oakland 2011

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 22 May 11
🕹 Technology Cryptography
  1. The misuse of cryptography in web security, particularly in ASP.NET, can lead to severe vulnerabilities allowing attackers to compromise web applications.
  2. Researching and questioning the implementation of cryptographic techniques can lead to the discovery of new attack methods and security flaws.
  3. Utilizing cryptography correctly is crucial for security solutions, but it is challenging as there are numerous serious vulnerabilities, requiring more focus and research in the field.

How to recover RSA private key in a coredump of ssh-agent - Sapheads HackJam 2009 Challenge 6

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 24 Sep 09
🕹 Technology Cryptography
  1. Sapheads HackJam 2009 Challenge 6 involved recovering an RSA private key from a coredump of ssh-agent, showcasing real-world scenarios in CTFs
  2. The coredump contained data structures like RSA and BIGNUM that could be extracted to retrieve the private key for SSH access
  3. Understanding ASN.1 and using tools like pyasn1 were recommended for generating RSA private keys from parameters like n, d, e, p, and q

Crypto challenges - WOWHacker CTF

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 18 Aug 09
🕹 Technology Cryptography
  1. Challenge 1 involved decoding base64-encoded strings, revealing the significance of the cookie's structure and encryption method.
  2. Challenge 10 required understanding Java serialization to recover an RSA private key used for decryption.
  3. The challenges highlighted the importance of paying attention to details and avoiding false trails while solving cryptographic puzzles.

Solutions manual for "A computational introduction to number theory and algebra"

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 07 Jul 09
🚌 Education Cryptography
  1. The book "A computational introduction to number theory and algebra" is recommended as an excellent resource for those interested in number theory, algebra, and cryptography, particularly from a computer science perspective.
  2. The book emphasizes computational aspects, presents algorithms, and discusses complexity analysis, making it a valuable resource for cryptography applications.
  3. The author has created a solutions manual for some chapters of the book, focusing on exercises related to basic properties of integers, congruences, and computing with large integers.

CodeGate 2009's Challenge 18 - Diffie-Hellman parameter tampering case study

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 12 Mar 09
🕹 Technology Cryptography
  1. CodeGate 2009 Challenge 18 involved a cryptography challenge focusing on RSA, Diffie-Hellman Key Protocol Agreement, and AES block cipher.
  2. The protocol in the challenge included steps where the client exchanged RSA public keys with the server, the server sent DH parameters to the client, and both parties used the shared secret as the key for AES encryption.
  3. Vulnerabilities in the protocol included weak RSA public-keys and susceptibility to Man-In-The-Middle attacks against Diffie-Hellman, leading to the decryption of messages by malicious third parties.

detecting snake oil

Thái | Hacker | Kỹ sư tin tặc 0 implied HN points 31 Mar 08
🕹 Technology Cryptography
  1. Security-clueless companies often focus too much on fancy network devices like firewalls and IDS without considering the human element, a key weak point in security.
  2. Be cautious of companies that claim their products or solutions are 'secure' without specifying what threats they protect against or how they handle unexpected disasters.
  3. Companies that overlook scalability, high-availability, and the importance of cryptography in their security solutions may not fully understand the comprehensive nature of security.

Deep-Tech Newsletter | August 2022.

Deep-Tech Newsletter 0 implied HN points 08 Aug 22
🕹 Technology Cryptography
  1. Researchers successfully attacked the SIKE encryption algorithm using classical methods, raising questions about other potential vulnerabilities in post-quantum cryptography.
  2. Understanding advanced mathematics is crucial for analyzing and implementing secure cryptographic standards.
  3. Zaiku Group is launching a community course on Measure Theory and Functional Analysis, valuable for those interested in quantum information and related fields.

Deep-Tech Newsletter | July 2022

Deep-Tech Newsletter 0 implied HN points 14 Jul 22
🕹 Technology Cryptography
  1. NIST announced post-quantum cryptography standards, setting a foundation for a transition to secure systems resistant to quantum computer attacks in the future.
  2. Zaiku Group initiated a mentorship program for young mathematicians to transition from academia to industry, offering resources, mentorship, and work placements.
  3. Zaiku Group is sponsoring the LOGML Summer School, emphasizing the synergy between modern Geometry and Machine Learning.

Diamond Cuts Diamond

Sector 6 | The Newsletter of AIM 0 implied HN points 20 Feb 23
🕹 Technology Cryptography
  1. Classical computers, which use binary codes, are at risk because of the rise of quantum computing. This new technology opens up vulnerabilities in the encryption systems we currently rely on.
  2. To protect against quantum threats, experts are looking at solutions like Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC). These approaches aim to keep our data safe from future attacks.
  3. The idea is that the best way to fight the challenges posed by quantum computing is by using quantum computing itself. It's a kind of 'use fire to fight fire' approach.

A First Principles guide to Data Availability: Part 2

Matthew’s Substack 0 implied HN points 31 Jul 24
🕹 Technology Cryptography
  1. Data Availability (DA) is crucial for ensuring that transaction data is accessible and secure, especially as blockchain technology grows. New solutions are needed to handle increased demand without high costs.
  2. There are two main types of DA solutions: Ordered DA, which includes consensus and provides stronger security, and DACs (Data Availability Committees), which focus on scalability and lower costs but offer less security.
  3. Choosing the right DA solution depends on factors like transaction value, data cost, and security needs. Different use cases, like finance or gaming, may prefer different DA features.

Selective Disclosure for JWTs

ciamweekly 0 implied HN points 16 Jun 25
🕹 Technology Cryptography
  1. Selective Disclosure for JWTs lets issuers control what parts of the information can be shared with different parties. This means not everyone gets to see everything in the JWT.
  2. There are three main parties involved: the issuer who creates the JWT, the holder who possesses it, and the verifier who checks it. Each has a different level of access to the information.
  3. This approach is useful in situations where privacy is key, allowing only specific data to be shared while keeping other details confidential.