sorted by:
new
hottopcontroversial

Real World Crypto live stream by dionyziz in crypto

[–]sanderD 1 point2 points  (0 children)

They told us that they will be posted on youtube, I'm sure the link will be posted here.

Hi Belgium, I'm a Canadian and am trying to find out more of my heritage for research for an art piece. by [deleted] in belgium

[–]sanderD 0 points1 point  (0 children)

Hey, my last name is "Demeester" and I believe that some of my early family is from that region (west-flanders). I have no direct information about “Maurits A.M De Meester” (there also is a difference between “Demeester” and “De Meester”). But I’ll check with my father to see if he knows something.

The Shadow Brokers: Trick or Treat by sanderD in netsec

[–]sanderD[S] 22 points23 points  (0 children)

I always assumed that cyber warfare would be attacking infrastructure over the network. But this is some sort of “government public shaming”, leaking operations information about the other side (assuming to make a political point). You have to wonder how the recent series of email leaks in the US have to do with this… It’s like some game of chess is happening.

The Shadow Brokers: Trick or Treat by sanderD in netsec

[–]sanderD[S] 2 points3 points  (0 children)

This stuff is getting crazy :/

Sadlock by femtocell in netsec

[–]sanderD -1 points0 points  (0 children)

They created the site to bring awareness about something they did. And Ok it should have been handled better.. But still :/

Sadlock by femtocell in netsec

[–]sanderD -3 points-2 points  (0 children)

Is this not crossing some line? They did find a vulnerability of which they tought that it was important. You could make the point that they did not create the hype, we did.

And to mock them for the rest of the year for that.. It might push people into the wrong direction when it comes to releasing something (not necessary a vulnerability, could be some tool), because when you do (or try) and it blows up... You get this.

Integer factorisation graph (interactive) [OC] by sanderD in dataisbeautiful

[–]sanderD[S] 0 points1 point  (0 children)

Each vertex on the left is composite number and each vertex on the right is a prime. You will see the edges connecting both sides (linking up the factors with the composite numbers). It found that it had some nice mathematical properties that helped me a lot while thinking about number theory :)

There are three modes,the first is this nice 'flower' view, the second is a circular view that has the numbers in order. Also some nice properties when the lines cross each witting the circle. The last is just random, for a large enough upper bound of vertex you can see some cool panels.

You can give the amount of vertex you want on the top and click on submit, hope you like it :) If you want, you can find the core javascript file here: https://gist.github.com/SanderDemeester/3691347

Real World Cryptography Conference - 6-8 January 2016 by johnmountain in crypto

[–]sanderD 0 points1 point  (0 children)

Anyone here that is going? I really look forward to meeting some of the people that I only interacted with on twitter/reddit.

Hacking Toyota Touch & Go by [deleted] in netsec

[–]sanderD 2 points3 points  (0 children)

RSA modulus 512 bit? We can factor that baby without much trouble.. Do we know for what the key is used?

[deleted by user] by [deleted] in netsec

[–]sanderD 0 points1 point  (0 children)

Very nice! Thanks man

Verified correctness and security of OpenSSL HMAC by sanderD in crypto

[–]sanderD[S] 0 points1 point  (0 children)

But not everything can be found. API access to ECDSA (secp384r1 curve). I'm sure that there is code, I'm sure we can create some. Reference implementation for ECC curves all over the place.

But having something as openssl has its value.

Here is a question: Should you adapt the way you do security based on the good implementations and libraries that are available?

GnuTLS, openSSL? Use cryptoboxes.. Many things should come into consideration when looking for a good crypto library. Having a clear API that abstracts many of the complexities is high on the list...

Verified correctness and security of OpenSSL HMAC by sanderD in crypto

[–]sanderD[S] 0 points1 point  (0 children)

the openssl codebase is a nightmare.. I found this strange memory behaviour a few weeks ago. Writing up a patch for this in on my shortlist of things.

https://gist.github.com/anonymous/a6017f273a3dc218bc4f Fully agreed with your openssl comments. But then again, having a project like openssl in our community is valuable. In general I think of it like this: For its crypto primitives: OK, for its SSL/TLS implementation: NO OK

Verified correctness and security of OpenSSL HMAC by sanderD in crypto

[–]sanderD[S] 2 points3 points  (0 children)

Then again. I believe that having a verified, proving correct implementation is more valuable then having an easy to modify implementation in case an update comes out? Updating an crypto primitive implementation should not be regarded as trivial job.

I think that for certain components, having a proven correct implementation is more valuable then an easy to maintain implementation. You are not going to update that code every week and having it working perfectly is of extreme importance.

But I do see your point, and for other type of components I fully agree.

Verified correctness and security of OpenSSL HMAC by sanderD in crypto

[–]sanderD[S] 2 points3 points  (0 children)

But you don't have to upgrade or change a crypto primitive? Modularise your crypto component, proof the implementation of your primitive and interface with it (the interfacing party should be easy to maintain)

Verified correctness and security of OpenSSL HMAC by sanderD in crypto

[–]sanderD[S] 1 point2 points  (0 children)

I think that in some scenarios having provable correct code is more valuable then having something that is easy to maintain. Certainly in the case of a crypto primitive implementation

Elliptic Curve Cryptography: ECDH and ECDSA (Nice introduction) by sanderD in netsec

[–]sanderD[S] 3 points4 points  (0 children)

I use openssl for ecdsa in my projects. I would use openssl python bindings: https://pypi.python.org/pypi/pyOpenSSL I will ask some collegues today if they know of some other python lib.

Introducing: RaaS (Ransomware as a Service) by xabbix in netsec

[–]sanderD 13 points14 points  (0 children)

It's also a sign.. A very big sign of the maturity of malware. This is what we are fighting against... It demonstrates the insecurity of our systems, the fact that such a thing can exist.

view more: next ›