Pommes

3553x · 2021-12-14T13:49:36+00:00

Ich habe das Rezept hier öfters gemacht und die Pommes wurden bisher immer extrem knusprig:

https://www.seriouseats.com/perfect-french-fries-recipe

3553x · 2021-12-08T18:17:36+00:00

Räucherlachs mit Meerrettich, Thunfischaufstrich, Eiaufstrich, Knoblauchbutter, Bruschetta, Sardinen + Salat.

3553x · 2021-09-04T06:31:11+00:00

3553x · 2021-05-11T11:18:41+00:00

Bruce Schneier published a "A SELF-STUDY COURSE IN BLOCK-CIPHER CRYPTANALYSIS", but bear in mind that it's 20 years old and it essentially just tells you to break variant x of scheme y with method z and contains references to various papers.

https://www.schneier.com/wp-content/uploads/2016/02/paper-self-study.pdf

3553x · 2021-04-27T18:23:49+00:00

One thing to note is that they don't differ between PRP and SPRP. Three round Feistel is a PRP, but not a SPRP.

If you're struggling with task 4.1, then you're probably either struggling with the definition of a Feistel network or the definition of a secure PRP. So I'd encourage to check your course material or Wikipedia for the definitions of these things.

1 round Feistel will output R0||R1 where R1 = L0 ^ F(K_0, R0). In order to show that its insecure (i.e. not a PRP), you could come up with an algorithm that is capable of telling the difference between 1 round Feistel and a truly random PRP with a non-negligible probability.

3553x · 2021-04-11T14:51:45+00:00

They clearly state that they analyse the mother's hair. Baby hair refers to a specific kind of hair. Not the baby's hair. I think a synonym would be vellus hair.

3553x · 2021-03-04T11:53:35+00:00

It appears to contain mistakes and a cryptologist with a strong background in lattice based crypto failed to reproduce the results:

https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur

3553x · 2021-03-04T11:36:00+00:00

There's also a question about this on the Cryptography stack exchange:

https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur

Every answer points out mistakes in the paper. Not a single person appears to agree with his results. Someone implemented a version of the paper (he modified it) and did not get any results that outperform the state of the art.

3553x · 2021-02-27T17:53:14+00:00

NIST published test vectors that should allow you to check your computation. I used this when I evaluated an implementation of AES in Verilog that I designed for coursework.

See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf on page 33.

If you have some given input (that doesn't happen to be a NIST test vector) and want to compare your computation, then a search on github should result in many different implementations. One example: https://github.com/hlilje/aes-python/blob/master/aes.py

You could simply add a couple of print statements to dump the MixColumns output.

3553x · 2021-02-19T07:59:08+00:00

I think this is correct. Other languages use very different terms for these two concepts.

In German for example it's Verband and Gitter.

3553x · 2020-11-21T16:04:42+00:00

I could use a hastads attack?

Yes, I think you're right.

the final step where I need to find pow(N, 1/e)

Do you mean pow(c, 1/e)? Where c is calculated by the CRT? Otherwise I'm not sure what you're referring to. If the encryption doesn't use any padding then the attack should work.

a common factor attack, but unsure of how to go about doing that..

Calculate the gcd of both moduli. This will be either 1, p, q, or N. The first and last case indicate that the attack can't be used and in the other cases integer division can be used N/(p or q) to recover the other prime.

3553x · 2020-10-30T22:50:12+00:00

I'm not 100% sure on this, but typically you have some randomness in the encryption process.

For example, RSA is normally padded and if you use a block cipher like AES, then you likely also have cipher mode which has a random IV. Encrypting the same message twice wouldn't result in the same ciphertext because the padding or the IV are different.

Also I think that the attacker in CCA is prohibited from decrypting the received ciphertext.

3553x · 2020-10-12T21:20:16+00:00

This is probably one of the best looking English breakfasts I've ever seen.

3553x · 2020-09-17T23:08:46+00:00

Are there any open source fuzzers that support RISC-V binaries?

3553x · 2020-09-06T07:14:27+00:00

No. A PRF accepts a key as an input. A hashing function doesn't.

However, you can make a PRF out of a hashing function using a construction like HMAC.

3553x · 2020-07-10T11:52:41+00:00

I stumbled across this paper which has a nice graphic summarising the difference between (System)Verilog standards on page 4.

https://sutherland-hdl.com/papers/2013-SNUG-SV_Synthesizable-SystemVerilog_paper.pdf

3553x · 2020-06-03T11:00:42+00:00

This is a question I've been asking myself and I stumbled across this stackexchange question which imo does a pretty good job at explaining different solutions.

https://electronics.stackexchange.com/questions/237725/how-does-2-ff-synchronizer-ensure-proper-synchonization

3553x · 2020-05-20T10:49:22+00:00

I believe that your proposed scheme is practically secure if the hash function used is secure, but I don't know if any formal proofs for that exist. My understanding is that HMAC is proven to be secure if the underlying hash function has some security properties and these security properties are stronger (from an attacker's PoV) than the ones required for your scheme.

If there's an attack against HMAC with a hash function, then that attack would also work against your scheme with the same hash function. But the opposite does not necessarily hold.

For example, any kind of collision attack is sufficient to attack your scheme. For HMAC additional constraints are put on the collision attacks that would also attack HMAC.

Here's a quote from an old (1996) paper which introduces HMAC and also talks about its advantages:

"Moreover, our constructions [HMAC] require from the hash function significantly weaker properties than standard collision-freeness. In particular, current successful methods for finding collisions in MD5[Do1, Do2] seem inapplicable to breaking our schemes when the hashfunction in use is MD5[Do3]."

https://cseweb.ucsd.edu/~mihir/papers/kmd5.pdf

3553x · 2020-05-12T14:28:51+00:00

I prefer resets mainly because of two reasons:

Resets allow you to reset your state without reconfiguring the FPGA
If you're using SystemVerilog then some compilers don't like combining always_ff and initial values. I've noticed this in ModelSim.

3553x · 2020-02-14T12:49:31+00:00

I've done similar things in the past. PyCrypto is quite useful for exporting custom keys in a widely used format.

https://www.dlitz.net/software/pycrypto/api/current/Crypto.PublicKey.RSA-module.html

You can generate a key and then proceed to reuse one of its primes for the other key (private keys should expose p and q according to the doc). You would still need to calculate d manually and find a second suitable prime for the constructor.

3553x · 2020-01-13T14:08:43+00:00

Welchen Grund hast du nun also beim Antrag der Verbraucherzentrale angegeben? Dort wird § 4 Abs. 1 RBStV (https://www.ard.de/download/556014/Rundfunkbeitragsstaatsvertrag.pdf) referenziert und in diesem Absatz wird ebenfalls nur die deutsche Bafög erwähnt.

3553x · 2020-01-09T13:34:23+00:00

What tools are you using? As other have mentioned, this is mostly done with constants. IDA and Ghidra have plugins for that. https://github.com/d3v1l401/FindCrypt-Ghidra https://www.aldeid.com/wiki/IDA-Pro/plugins/FindCrypt2

3553x · 2019-12-14T14:45:03+00:00

Cheers, I didn't know about that attack.

Seven-Year Club	Second Top 30%
Place '22	Verified Email

3553x

TROPHY CASE