While analyzing Signal with Markus, I noticed that Signal’s Curve25519-based ECDH doesn’t validate public keys, and in particular will accept the 0 point as a
Author: JP Aumasson
Auditing code for crypto flaws: the first 30 minutes
Auditing your code for proper crypto use is extremely important. However, what if it’s not generally your focus? If your job today is to find
On CIA Crypto
On Tuesday, Wikileaks released a tranche of alleged Top Secret CIA documents, many involving explanations of their cryptographic requirements. Reading through the documents turned out
Why Replace SHA-1 with BLAKE2?
Unless you’ve lived under a rock for the last twelve years, you must know that the cryptographic hash function SHA-1 is broken, in the sense
Wire Cryptography Audit (with X41 D-Sec)
Kudelski Security’s JP Aumasson and X41 D-Sec‘s Markus Vervier were hired to audit Wire‘s cryptography core, the Proteus library. Wire is an application for mobile and desktop
The Quantum Computer FAQ
This is probably how a quantum computer looks ¯\(°_o)/¯ Several readers of the post Defeating Quantum Algorithms with Hash Functions found it difficult to follow without background