(plz hire me) in a totally unsurprising turn of events, working on software for my onlykey is forcing me to learn lots of details about pgp/gpg, ssh, their agents, and all the fido2/ctap stuff
it's cool though
Recent searches
Search options
#cryptography
22 posts20 participants1 post today
Flawed phone apps could risk enterprise data Analysis of over 17,000 enterprise-used mobile apps ...
https://betanews.com/2025/04/16/flawed-phone-apps-could-risk-enterprise-data/
#Article #Android #cryptography #cybersecurity #Enterprise #Mobile #apps
Event Attributes
https://betanews.com/2025/04/16/flawed-phone-apps-could-risk-enterprise-data/
#Article #Android #cryptography #cybersecurity #Enterprise #Mobile #apps
Event Attributes
BetaNews · Flawed phone apps could risk enterprise dataAnalysis of over 17,000 enterprise-used mobile apps by Zimperium zLabs finds that 92 percent of all apps and 56 percent of the top 100 apps use flawed cryptographic methods that could be putting organizations at risk.
Hey cryptographers,
this application is using the same symmetric secret to encrypt cookie values using AES-CBC: https://github.com/transloadit/uppy/issues/5705
This will eventually wear-out the secret.
I suggested deriving a different encryption key from the "secret" for every distinct document (i.e. a cookie value).
Would it be "safe" to derive the key using the IV as the "info" parameter in HKDF?
In "pseudocode", this would read like:
```
aes_key = hkdf(salt=[0]*32, ikm=secret, info=iv, length=32)
encrypt(aes_key, iv, plaintext)
```
The idea of using the IV is to not add anything new to the cookie value. My understanding is that the info parameter is not supposed to be confidential, but how secure is it if it is attacker controlled? I don't see any attacks, but I am no specialist either...
If you lose your private key, you lose, and get to start over.
6 day certificate expiration is security theatre. Why not 6 minutes?
If you want to do this, use ECC, not RSA. Well, you should be using 25519 anyway.
m.slashdot.orgSlashdot
Cryptojacking Goes Open Source: Hijacked Python Packages Fuel Hidden Cryptocurrency Mining It’s...
https://www.rivitmedia.com/technews/cryptojacking-goes-open-source-hijacked-python-packages-fuel-hidden-cryptocurrency-mining/
#Tech #News #code #injection #malware #crypto #malware #cryptography #malware #cryptojacking #cybersecurity
Event Attributes
https://www.rivitmedia.com/technews/cryptojacking-goes-open-source-hijacked-python-packages-fuel-hidden-cryptocurrency-mining/
#Tech #News #code #injection #malware #crypto #malware #cryptography #malware #cryptojacking #cybersecurity
Event Attributes
Rivitmedia · Cryptojacking Goes Open Source: Hijacked Python Packages Fuel Hidden Cryptocurrency Mining - www.rivitmedia.comIt’s the oldest trick in the hacker playbook: hide your crime in plain sight. But now, that tactic has reached new levels of stealth as cybercriminals infect open-source Python packages with cryptojacking malware—quietly siphoning computing power from developers worldwide to mine cryptocurrency.ContentsThe Malware MasqueradeWhy Developers Are the Perfect VictimsIndustry Response and Countermeasures Security firm Fortinet recently uncovered […]
Quantencomputer und die Zukunft der Verschlüsselung: Warum wir jetzt handeln müssen.
https://europa.blog/de/quantencomputer-und-die-zukunft-der-verschluesselung-warum-wir-jetzt-handeln-muessen/
#digitalisierung #cryptography #emails @klute @juergenklute
Europa Blog · Quantencomputer und die Zukunft der Verschlüsselung: Warum wir jetzt handeln müssen - Europa Blog96
Wie PKI in vier Schritten bereit für das Quantenzeitalter wird
#Cryptography @Keyfactor #PKI #PostQuantumCryptography #PQC #PublicKeyInfrastructure #Quantencomputer #Verschlüsselung
https://netzpalaver.de/2025/04/14/wie-pki-in-vier-schritten-bereit-fuer-das-quantenzeitalter-wird/
Netzpalaver | #AI #CloudComputing #Datacenter #Cybersecurity #Telekommunkation #Infrastruktur · Wie PKI in vier Schritten bereit für das Quantenzeitalter wirdDas Quantenzeitalter ist nahe. In wenigen Jahren schon werden Angreifern die ersten Quantencomputer mit solch hoher Rechenleistung zur Verfügung stehen,
NIST Announces New Quantum-Resistant Cryptography Standards What are the Quantum-Resistant Crypto...
https://kudelskisecurity.com/modern-ciso-blog/nist-announces-new-quantum-resistant-cryptography-standards/
#Cryptography #Quantum
Event Attributes
https://kudelskisecurity.com/modern-ciso-blog/nist-announces-new-quantum-resistant-cryptography-standards/
#Cryptography #Quantum
Event Attributes
Kudelski Security · NIST Announces New Quantum-Resistant Cryptography Standards | Kudelski SecurityContentsWhat are the Quantum-Resistant Cryptography Standards of NIST?Why Organizations Must Prepare for Quantum-Safe TechnologyExpert Insights: Preparing for the Transition to...
Modem Cloning for Fun (but NOT for profit!) Recently, I stumbled upon an old cable modem sitting ...
https://yifan.lu/2017/04/02/modem-cloning-for-fun-but-not-for-profit/
#Devices #hacking #hardware #spi #cryptography #docsis #bpi #des #firmware #mips
Event Attributes
https://yifan.lu/2017/04/02/modem-cloning-for-fun-but-not-for-profit/
#Devices #hacking #hardware #spi #cryptography #docsis #bpi #des #firmware #mips
Event Attributes
Yifan Lu · Modem Cloning for Fun (but NOT for profit!)Recently, I stumbled upon an old cable modem sitting next to the dumpster. An neighbor just moved out and they threw away boxes of old junk. I was excited because the modem is much better than the one I currently use and has fancy features like built in 5GHz WiFi and DOCSIS 3.0 support. When I called my Internet service provider to activate it though, they told me that the modem was tied to another account likely because the neighbors did not deactivate the device before throwing it away. The technician doesn’t have access to their account so I would have to either wait for it to be inactive or somehow find them and somehow convince them to help me set up the modem they threw away.
Implementing end-to-end encryption for Dropbox teams Learn more about our implementation of end-t...
https://dropbox.tech/security/end-to-end-encryption-for-dropbox-teams
#usability #cryptography #encryption #Security #Teams #key #management #access #controls
Event Attributes
https://dropbox.tech/security/end-to-end-encryption-for-dropbox-teams
#usability #cryptography #encryption #Security #Teams #key #management #access #controls
Event Attributes
A #cybersecurity warrior always has more to learn. Especially about the wizardry of #cryptography. https://cromwell-intl.com/cybersecurity/crypto/reading.html?s=mc
Bob's Pages of Travel, Linux, Cybersecurity, and MoreJust Enough Cryptography — Further ReadingAn introduction to cryptography: Suggested further references.
A quick post on Chen’s algorithm Update (April 19): Yilei Chen announced the discovery of a bug...
https://blog.cryptographyengineering.com/2024/04/16/a-quick-post-on-chens-algorithm/
#academics #attacks #pqc #quantum #Cryptography #cybersecurity #innovation #quantum-computing #technology
Event Attributes
https://blog.cryptographyengineering.com/2024/04/16/a-quick-post-on-chens-algorithm/
#academics #attacks #pqc #quantum #Cryptography #cybersecurity #innovation #quantum-computing #technology
Event Attributes
Today is Herbert Yardley's birthday! #Cryptography has its own language https://cromwell-intl.com/cybersecurity/crypto/terminology.html?s=mb #cybersecurity
Bob's Pages of Travel, Linux, Cybersecurity, and MoreJust Enough Cryptography — TerminologyThe terminology used in cryptography: codes, ciphers, encryption, decryption, ciphers, algorithms, computational difficulty, and more.
Today is Herbert Yardley's birthday! Time to learn about #cryptography https://cromwell-intl.com/cybersecurity/crypto/?s=mb #cybersecurity
Bob's Pages of Travel, Linux, Cybersecurity, and MoreJust Enough CryptographyIntroduction to cryptography: codes and ciphers, symmetric and asymmetric cryptography, hash functions, digital signatures, and digital certificates
I love the fact that I am working in an industry where people write stuff like „If you’re using a standard AEAD mode in such a setup (wherein multiple keys are used), and you aren’t including key-commitment in your protocol design, you’re almost certainly prone to Invisible Salamanders.“
It sounds like we‘re magicians. „Be careful with your spells, apprentice! One wrong syllable and you might be afflicted with a plague of invisible salamanders until the next full moon.“
Security and cryptography algorithms: A guide These algorithms have been extensively studied by c...
https://opensource.net/security-cryptography-algorithms-python/
#Cybersecurity #Guides #algorithms #cryptography #Python #security
Event Attributes
https://opensource.net/security-cryptography-algorithms-python/
#Cybersecurity #Guides #algorithms #cryptography #Python #security
Event Attributes
