Responding to Ticketbleed

Today Cloudflare publicly disclosed a software vulnerability in the F5 BIG-IP appliance. The following is our action report for clients utilizing the BIG-IP appliance.  It is worth noting that this only impacts appliances running the non-default Session Tickets option. Summary Ticketbleed is a high severity software vulnerability in the TLS stack of F5 BIG-IP appliances allowing a … Continue reading Responding to Ticketbleed

Wire Cryptography Audit (with X41 D-Sec)

Kudelski Security's JP Aumasson and X41 D-Sec's Markus Vervier were hired to audit Wire's cryptography core, the Proteus library. Wire is an application for mobile and desktop systems that provides end-to-end encrypted messaging, and Proteus implements a protocol combining the X3DH key agreement protocol and the double ratchet algorithm in order to provide high security guarantees to Wire's … Continue reading Wire Cryptography Audit (with X41 D-Sec)

The Quantum Computer FAQ

This is probably how a quantum computer looks    ¯\(°_o)/¯ Several readers of the post Defeating Quantum Algorithms with Hash Functions found it difficult to follow without background information on quantum computers. So here I'd like to summarize basic facts about quantum computers and to debunk some preconceived ideas: What is NOT a quantum computer? A quantum computer … Continue reading The Quantum Computer FAQ

Forging RSA-PSS signatures with mbedTLS

This posts describes how to forge public-key signatures computed using mbedTLS’s implementation of RSA-PSS (the RSA-based standard signature scheme). Forging a signature means determining a valid signature of some message without knowing the secret key, but possibly know valid signatures of other messages. A signature scheme—or implementation thereof—is considered insecure if such forgeries are practical. … Continue reading Forging RSA-PSS signatures with mbedTLS

Defeating Quantum Algorithms with Hash Functions

In this post I'll explain why quantum computers are useless to find hash function collisions, and how we can leverage this powerlessness to build post-quantum signature schemes. I'll then describe a quantum computing model that you can try at home, and  one where hash function collisions are easy to find. Let me start with a few … Continue reading Defeating Quantum Algorithms with Hash Functions

When Constant-Time Source Code May Not Save You

On November 14 at CANS 2016 in Milan I presented a timing attack against an implementation of Curve25519 (also called X25519). This elliptic curve was designed by DJ Bernstein in order to provide a secure curve without probable NSA back doors and with safe computations. Additionally it was designed to be protected against state-of-the-art timing attacks. The targeted implementation called … Continue reading When Constant-Time Source Code May Not Save You

SANS Holiday Hack Challenge 2016

During my holiday I tackled the SANS HolidayHack challenge 2016. It was a lot of fun and a useful way of keeping my skills up to date. The goal of the challenge was to answer some questions and play a little game with a lot of quests made up of computer science challenges. I will publish just a condensed section … Continue reading SANS Holiday Hack Challenge 2016