SHA-1 is broken
"We have broken SHA-1 in practice, and tools like GIT are affected by this problem"
https://shattered.io/
@DevMisc
#security #cryptography
"We have broken SHA-1 in practice, and tools like GIT are affected by this problem"
https://shattered.io/
@DevMisc
#security #cryptography
API Tokens: A Tedious Survey
An overview about API tokens and how (and where) to use them.
https://fly.io/blog/api-tokens-a-tedious-survey/
@DevMisc
#cryptography #api #overview
An overview about API tokens and how (and where) to use them.
https://fly.io/blog/api-tokens-a-tedious-survey/
@DevMisc
#cryptography #api #overview
How Do Computers Generate Random Numbers?
The simple answer to “how computers can create random numbers?” is that they can’t. At least, not on their own...
https://betterprogramming.pub/generating-random-numbers-is-a-lot-harder-than-you-think-b121c3e75d08
@DevMisc
#misc #cryptography #learn
The simple answer to “how computers can create random numbers?” is that they can’t. At least, not on their own...
https://betterprogramming.pub/generating-random-numbers-is-a-lot-harder-than-you-think-b121c3e75d08
@DevMisc
#misc #cryptography #learn
SHA-1 'Fully and Practically Broken' by New Collision
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.
https://duo.com/decipher/sha-1-fully-and-practically-broken-by-new-collision
@DevMisc
#sha1 #cryptography #security
A chosen prefix collision in SHA-1 has demonstrated a new issue with the venerable hash function developed by the NSA.
https://duo.com/decipher/sha-1-fully-and-practically-broken-by-new-collision
@DevMisc
#sha1 #cryptography #security
Understanding ID Token
https://darutk.medium.com/understanding-id-token-5f83f50fa02e
@DevMic
#cryptography #learn #misc
https://darutk.medium.com/understanding-id-token-5f83f50fa02e
@DevMic
#cryptography #learn #misc
Illegal prime number
An illegal prime is a prime number that represents information whose possession or distribution is forbidden in some legal jurisdictions.
https://en.wikipedia.org/wiki/Illegal_number#Illegal_primes
@DevMisc
#cryptography #extra
An illegal prime is a prime number that represents information whose possession or distribution is forbidden in some legal jurisdictions.
https://en.wikipedia.org/wiki/Illegal_number#Illegal_primes
@DevMisc
#cryptography #extra
👍1
The Animated Elliptic Curve
Visualize elliptic curve cryptography with animated examples.
https://curves.ulfheim.net/
@DevMisc
#cryptography #ec #learn
Visualize elliptic curve cryptography with animated examples.
https://curves.ulfheim.net/
@DevMisc
#cryptography #ec #learn
How Karatsuba's algorithm gave us new ways to multiply
https://www.youtu.be/cCKOl5li6YM
@DevMisc
#cryptography #math #misc
https://www.youtu.be/cCKOl5li6YM
@DevMisc
#cryptography #math #misc
👍1
zxcvbn: realistic password strength estimation
https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation
@DevMisc
#security #cryptography #misc
https://dropbox.tech/security/zxcvbn-realistic-password-strength-estimation
@DevMisc
#security #cryptography #misc
🐳6🗿2🖕1
Memorable Unique Identifiers (MUIDs)
Generating offline identifiers in which
https://www.gkbrk.com/2022/10/memorable-unique-identifiers-muid
@DevMisc
#cryptography #api #misc
Generating offline identifiers in which
p = os.urandom(x) is the private key and sha256(p) is the public key, with PoW constraints.https://www.gkbrk.com/2022/10/memorable-unique-identifiers-muid
@DevMisc
#cryptography #api #misc
🔥3👍1🖕1
Constructing a sponge function from MD5
Let’s do some unholy programming and turn MD5 into a sponge function.
https://www.gkbrk.com/2021/03/md5-sponge
@DevMisc
#cryptography #learn #misc
Let’s do some unholy programming and turn MD5 into a sponge function.
https://www.gkbrk.com/2021/03/md5-sponge
@DevMisc
#cryptography #learn #misc
🆒2🖕1
Cryptographic Best Practices
https://gist.github.com/atoponce/07d8d4c833873be2f68c34f9afc5a78a
@DevMisc
#cryptography #learn #misc
https://gist.github.com/atoponce/07d8d4c833873be2f68c34f9afc5a78a
@DevMisc
#cryptography #learn #misc
🐳4❤1🖕1
Testing a new encrypted messaging app's extraordinary claims
https://crnkovic.dev/testing-converso
@DevMisc
#cryptography #privacy #rev
https://crnkovic.dev/testing-converso
@DevMisc
#cryptography #privacy #rev
🔥4❤2🖕1
Shamir Secret Sharing
How a cryptography incident at PayPal HQ nearly killed the whole startup.
https://max.levch.in/post/724289457144070144/shamir-secret-sharing
@DevMisc
#cryptography #fun #learn
How a cryptography incident at PayPal HQ nearly killed the whole startup.
https://max.levch.in/post/724289457144070144/shamir-secret-sharing
@DevMisc
#cryptography #fun #learn
😱2
Password protect a static HTML page, decrypted in-browser in JavaScript
https://github.com/robinmoisson/staticrypt
@DevMisc
#fun #web #cryptography #tools #extra
Safely encrypt and password protect the content of your public static HTML file, to be decrypted in-browser without any back-end - to serve it over static hosting like Netlify, GitHub pages, etc. (see a live example)
https://github.com/robinmoisson/staticrypt
@DevMisc
#fun #web #cryptography #tools #extra
👍2
Programming Zero Knowledge Proofs: From Zero to Hero
https://zkintro.com/articles/programming-zkps-from-zero-to-hero
@DevMisc
#cryptography #zkp #misc
- Zero Knowledge Proofs (ZKPs) allow one party (the prover) to prove to another party (the verifier) that they know some secret information without revealing that information.
- ZKPs have the key properties of privacy (proving something without revealing anything else) and succinctness (the proof stays roughly the same size regardless of the complexity of the computation).
- ZKPs can be programmed by writing special programs called circuits, which specify constraints that must be satisfied.
- The process of generating a ZKP involves a trusted setup to create a proving key and verification key, which can then be used to generate and verify proofs.
- Implementing basic ZKP programs involves defining constraints, compiling the circuit, performing a trusted setup, generating a witness, and generating/verifying proofs.
- Improving ZKP programs often involves adding more complex constraints, such as checking that inputs are not equal to 1.
- ZKPs can be used to implement cryptographic primitives like digital signatures, using hash functions and commitments instead of public-key cryptography.
- Implementing a digital signature scheme with ZKPs involves generating a private/public key pair (identity secret/identity commitment) and using them to sign and verify messages.
- ZKPs make it possible to implement complex cryptographic protocols, like group signatures, in a more straightforward way compared to traditional cryptographic techniques.
- Writing effective ZKP programs requires developing an intuition for how to express constraints in a way that satisfies the requirements of the underlying arithmetic circuits.
https://zkintro.com/articles/programming-zkps-from-zero-to-hero
@DevMisc
#cryptography #zkp #misc
The sorry state of OpenSSL usability
https://jameshfisher.com/2017/12/02/the-sorry-state-of-openssl-usability/
@DevMisc
#cryptography #openssl #learn
OpenSSL is a widely used but poorly documented software, making it difficult for users to figure out how to use basic functionality like generating an RSA key. The documentation is scattered across multiple websites, often contradictory, and assumes a level of cryptographic knowledge that many users lack. Even simple tasks like determining the key format can be challenging due to the lack of clear guidance. The author highlights several usability issues with OpenSSL, such as the default use of a weak 512-bit RSA key, and the lack of warnings or guidance when using deprecated interfaces. The author argues that improving OpenSSL's usability through better documentation, user testing, and avoiding unnecessary forks could go a long way in making this critical piece of software more accessible to a wider audience.
https://jameshfisher.com/2017/12/02/the-sorry-state-of-openssl-usability/
@DevMisc
#cryptography #openssl #learn
👍1
So you want to deploy mTLS
https://otterize.com/blog/so-you-want-to-deploy-mtls
@DevMisc
#cryptography #security #tls #learn
mTLS is just like TLS, but with one extra consideration. In mTLS, both the client and server are authenticated, whereas in standard TLS only the server is authenticated. That’s where the m comes from: mutual.
https://otterize.com/blog/so-you-want-to-deploy-mtls
@DevMisc
#cryptography #security #tls #learn
👍1