Student Focus – WhatsApp Security

This is a guest post by Aleksandr Mylnikov, who did his semester project under JP Aumasson during his master's at EPFL, co-supervised by Prof. Arjen Lenstra. This post summarizes part of his work, thanks Alex! This part-time research project started in February 2017 and finished middle of June 2017. The goal was to understand WhatsApp's network architecture … Continue reading Student Focus – WhatsApp Security

Configuring YubiKey for GPG and U2F

Here is a little walkthrough on how to get started with the YubiKey and GPG. After following this guide you will have a secure setup using a YubiKey containing your GPG keys as well as an authentication key that could be used for SSH. Moreover the configured YubiKey will also be capable of U2F and managing a password store (for examples, … Continue reading Configuring YubiKey for GPG and U2F

E-Voting Crypto Protocols

“It's not the voting that's democracy; it's the counting.”      —Tom Stoppard For cryptography researchers, e-voting isn’t about voting machine or online voting, but is a field of research in its own right. E-voting research is about designing e-voting protocols, the core mathematical components of end-to-end auditable voting systems, or voting systems where independent auditors … Continue reading E-Voting Crypto Protocols

Drones – A hacker’s playground

Unmanned Aerial Vehicles (UAVs) offer new perspectives, both from a civilian and a military standpoint; yet, they present vulnerabilities having the potential to lead to disastrous consequences regarding public safety if exploited successfully, as evidenced by recent hacks. These repercussions can be prevented by implementing best practices, continuously assessing the technologies used and most importantly … Continue reading Drones – A hacker’s playground

TROOPERS 2016

I recently attended the TROOPERS conference, held in Heidelberg, Germany. A lot of interesting research was presented, in this blog post I’m going to summarize selected talks that I particularly enjoyed. The first presentation was by Philippe Teuwen, where he demonstrated his latest attack on white-box cryptography. The idea is to apply existing hardware attacks such as side-channel … Continue reading TROOPERS 2016

A perspective on the state of the SSLiverse as of early 2016

tl;dr; Most studies about SSL tend to use SSL information retrieved by DNS domain names. This article provides an overview of the SSLiverse when SSL information is retrieved from each SSL enabled host in the IPv4 range on port 443. With today's state of the art scanning tools and proper infrastructure, it is now possible to … Continue reading A perspective on the state of the SSLiverse as of early 2016

How to crack Ubuntu encryption and passwords

During Positive Hack Days V, I made a fast track presentation about eCryptfs and password cracking. The idea came to me after using one feature of Ubuntu which consists in encrypting the home folder directory. This option can be selected during installation or activated later. If you select this option, nothing changes for the user … Continue reading How to crack Ubuntu encryption and passwords