MiFare’s CRYPTO1 algorithm mostly reverse-engineered
MiFare’s CRYPTO1 stream cipher has captured my attention for a while. However, hardware reverse-engineering is not a field I actively engage in. So I was very happy when Karsten Nohl (University of...
View ArticleAccepted papers for EUROCRYPT 2009, FSE 2009 and CT-RSA 2009
The lists of accepted papers for the following conferences have become available in the last couple of days: EUROCRYPT 2009 FSE 2009 (PDF) CT-RSA 2009 Interesting cryptanalysis papers will be presented...
View ArticleClik here to view.
802.11 Packets in Packets – Standard-Compliant PHY Exploits
Travis Goodspeed presented a sneaky attack against WiFi networks at 28C3. The idea is simple: Assume we want to inject packets remotely into a wireless network. Assume that there is a user in the...
View ArticleClik here to view.
Encrypted Traffic Mining (TM) – e.g. Leaks in Skype
Stefan Burschka presented a nice attack against Skype on 28C3. The attack allows you to detect a sentence or a sequence of words in an encrypted Skype call, without having to break the cryptography...
View ArticleClik here to view.
Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web
Sebastian Schinzel gave an interesting talk today at 28C3, about timing side channel attacks against web applications. (Timing-) Side channel attacks are known in the cryptography world for a long...
View ArticleClik here to view.
Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC
The EFF presented their proposal how to improve the security of SSL/TLS and the internet PKI infrastructure. To understand their proposal, one needs to understand how PKI in the internet works today:...
View ArticleClik here to view.
Secure Function Evaluation – There is an issue with OTR and plausible denability
OTR is a crypto overlay protocol for instant messaging. Instead of encrypting the connection to an instant messaging service like Gtalk, MSN, Skype or ICQ, OTR encrypts messages send over an arbitrary...
View ArticleClik here to view.
SSL/TLS broken again – A weakness in the RC4 stream cipher
A few days ago, a new attack against SSL/TLS has been published by Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt. Many attacks on SSL/TLS in the past relied on...
View ArticleClik here to view.
SSLv3 considered to be insucure – How the POODLE attack works in detail
POODLE is a recent attack on SSLv3. This article will explain the attack in detail: The POODLE attack on SSL Version 3, that sometimes allows an attacker to decrypt a single byte of an SSLv3 protected...
View Article
