I’ve been reviewing the source code of a number of blockchain thingies, both for paid audits and for fun on my spare time, and I
Tag: Crypto
Our submission to NIST’s post-quantum project: Gravity-SPHINCS
In posts of September 25 and 28 we described several optimizations to SPHINCS, a signature algorithm that only relies on hash functions’ security, as opposed to RSA
The making of Serious Cryptography
Many want to write a book, but what most people don’t realize is the actual extent to which it takes to write said book. Grueling
On the PGP cipher preferences, and a gaffe
I recently discovered a problem that involves PGP and a symmetric cipher called Camellia. It is possible to advertise the use of Camellia in your
How to defeat Ed25519 and EdDSA using faults
We’ve succesfully conducted a fault attack against EdDSA that allowed us to recover enough secret key material to produce fake signatures for any message in a way a verifier cannot detect.
OpenSSH hardening for cloud machine – part 1
SSH is often required to access Linux machines that run on the Cloud infrastructure. SSH is perfect to keep confidentiality and integrity of data exchanged between two
