Talk about AES-GCM documented and largely unknown limitations. We won’t get into the cryptographic details of the algorithm, so no need to worry about that. I’ll propose some workarounds to the limitations too. There is some basic math involved :)
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
DES was developed as a standard for communications and data protection by an IBM research team in response to a request from the National Bureau of Standards (now called NIST). DES uses the techniques of confusion and diffusion achieved through numerous permutations and the XOR operation. The basic DES process encrypts a 64-bit block using a 56-bit key over 16 complex rounds consisting of permutations and key-dependent calculations. Triple DES was developed as a more secure version of DES.
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
The document discusses encryption and decryption techniques including symmetric and asymmetric cryptosystems. It describes the goals of cryptography including confidentiality, integrity, authentication, and non-repudiation. The document outlines the RSA cryptosystem including key generation, encryption, and digital signatures. It also discusses hashing, the discrete logarithm problem, and how elliptic curves can be used in cryptography.
RC5 is a symmetric block cipher algorithm developed by Ronald Rivest. It can encrypt digital images by dividing the image into blocks and encrypting each block using the RC5 algorithm. RC5 is suitable for image encryption because it uses data-dependent rotations, which helps prevent attacks. When encrypting images with RC5, the image is treated as a stream of bits that are encrypted in blocks using the RC5 algorithm and an expanded key. The encrypted image is evaluated based on factors like visual inspection, pixel value deviation, entropy, correlation and avalanche effect to determine the security and effectiveness of the encryption. Evaluation shows RC5 encryption produces images that look random and have high security.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
DES was developed as a standard for communications and data protection by an IBM research team in response to a request from the National Bureau of Standards (now called NIST). DES uses the techniques of confusion and diffusion achieved through numerous permutations and the XOR operation. The basic DES process encrypts a 64-bit block using a 56-bit key over 16 complex rounds consisting of permutations and key-dependent calculations. Triple DES was developed as a more secure version of DES.
For a college class in Ethical Hacking and Network Defense at CCSF, by Sam Bowne. More info at https://samsclass.info/123/123_F17.shtml
Based on this book
Hands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610
The document discusses encryption and decryption techniques including symmetric and asymmetric cryptosystems. It describes the goals of cryptography including confidentiality, integrity, authentication, and non-repudiation. The document outlines the RSA cryptosystem including key generation, encryption, and digital signatures. It also discusses hashing, the discrete logarithm problem, and how elliptic curves can be used in cryptography.
RC5 is a symmetric block cipher algorithm developed by Ronald Rivest. It can encrypt digital images by dividing the image into blocks and encrypting each block using the RC5 algorithm. RC5 is suitable for image encryption because it uses data-dependent rotations, which helps prevent attacks. When encrypting images with RC5, the image is treated as a stream of bits that are encrypted in blocks using the RC5 algorithm and an expanded key. The encrypted image is evaluated based on factors like visual inspection, pixel value deviation, entropy, correlation and avalanche effect to determine the security and effectiveness of the encryption. Evaluation shows RC5 encryption produces images that look random and have high security.
The document provides an overview of the Advanced Encryption Standard (AES) algorithm. It defines key terms like block, state, and XOR used in AES. It then describes the AES algorithm which works by repeating rounds that include byte substitution, shifting rows, mixing columns, and adding a round key. The number of rounds depends on the key size, being 10 for a 16-byte key and 14 for a 32-byte key. Encryption and decryption are similar processes performed in reverse order.
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
This document discusses abusing Microsoft Kerberos authentication. It provides an overview of how Kerberos authentication works, obtaining users' Kerberos keys from Active Directory or client memory, and using those keys to authenticate as the user without their password through techniques like Pass-the-Hash and Overpass-the-Hash. It also demonstrates these techniques live using mimikatz to dump keys and authenticate with captured keys.
The Unintended Risks of Trusting Active DirectoryWill Schroeder
This presentation was given at Sp4rkCon 2018. It covers the combination of Active Directory and host-based security descriptor backdooring and the associated security implications.
Grokking Techtalk #37: Data intensive problemGrokking VN
At some point in your software engineer career, you will have to deal with data and your success depends on how big the data that your software can deal with. From a simple problem that requires processing a large amount of data, this talk will present to you how to approach this kind of issue and how to design and choose an efficient solution.
About speaker:
Hồ is Senior Software Engineer at AXON where he helps design and develops complex distributed systems, including image and video encoding, distributed file conversion system. Besides coding, Ho likes to read manga and meet friends in his free time.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Monero is a cryptocurrency that uses ring signatures to obscure the origin of transactions. It uses twisted Edwards curves to implement elliptic curve cryptography. Ring signatures allow multiple people to sign a transaction at once, making it difficult to determine the true signer. Monero implements ring signatures and uses the Ed25519 elliptic curve for its digital signatures.
This document provides an overview of keyed hashing and message authentication codes (MACs). It discusses using cryptographic hash functions and block ciphers to build MACs, as well as dedicated MAC designs like Poly1305 and SipHash. It also covers potential issues like timing attacks on MAC verification and side-channel attacks that can leak the internal state of sponge-based MACs.
This document discusses data encryption methods. It defines encryption as hiding information so it can only be accessed by those with the key. There are two main types: symmetric encryption uses one key, while asymmetric encryption uses two different but related keys. Encryption works by scrambling data using techniques like transposition, which rearranges the order, and substitution, which replaces parts with other values. The document specifically describes the Data Encryption Standard (DES) algorithm and the public key cryptosystem, which introduced the innovative approach of using different keys for encryption and decryption.
Cryptographic hashing functions are used to map data of arbitrary size to fixed-size values to facilitate data storage and transmission. They have properties such as preimage and collision resistance to make them unpredictable and secure. Popular cryptographic hashing algorithms include MD5, SHA-1, and SHA-2. Hashing functions are used for applications like digital signatures, password security, and message authentication. Techniques like salting hashes make them more resistant to brute force and pre-computed rainbow table attacks.
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
In cryptography, a one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random ...
Asymmetric key cryptography uses two keys - a public key that can be shared publicly and a private key that is kept secret. This allows two parties who have never shared secrets before, like Alice and Bob, to communicate securely by encrypting messages with each other's public keys. Common asymmetric algorithms discussed are RSA, which uses prime number factorization, and ECC, which is based on elliptic curve discrete logarithms. A public key infrastructure (PKI) with certificate authorities (CAs) is required to authenticate users and manage public keys.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
Security is an ever more important topic for system designers. As our world becomes digital, today’s safely-hidden back office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool and time on their hands. So the days of hoping that security is someone else’s problem are over.
The security community has developed a well understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers, assuming that it’s only relevant to security specialists.
In this talk, we will briefly discuss why security needs to be addressed as part of architecture work and then introduce a set of proven principles for the architecture of secure systems, explaining each in the context of mainstream system design, rather than in the specialised language of security engineering.
This version of the talk was presented at GOTO London in October 2016.
Grokking Techtalk #39: Gossip protocol and applicationsGrokking VN
Gossip là một giao thức trao đổi thông tin phổ biến trong các hệ thống phân tán giúp cho các máy chủ duy trì trạng thái đồng nhất với nhau cũng như thực hiện các nhiệm vụ có chủ đích. Điểm mạnh của nó là khả năng phát tán thông tin ở tốc độ cao cũng như không hề có single point of failure. Trong bài talk này, Anh Nguyễn Anh Tú, thành viên của Grokking sẽ chia sẻ một số thông tin về giao thức Gossip cũng như điểm qua một vài ứng dụng thực tiễn của nó.
- Về diễn giả: Anh Nguyễn Anh Tú hiện đang là Staff Software Engineer tại Axon Vietnam, đồng thời là thành viên của Grokking Vietnam.
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...DynamicInfraDays
Slides from Jeff Mitchell's talk "Hiding in Plain Sight: Managing Secrets in a Container Environment" at ContainerDays Boston 2016: http://dynamicinfradays.org/events/2016-boston/programme.html#secrets
The document provides an overview of the Advanced Encryption Standard (AES) algorithm. It defines key terms like block, state, and XOR used in AES. It then describes the AES algorithm which works by repeating rounds that include byte substitution, shifting rows, mixing columns, and adding a round key. The number of rounds depends on the key size, being 10 for a 16-byte key and 14 for a 32-byte key. Encryption and decryption are similar processes performed in reverse order.
Abusing Microsoft Kerberos - Sorry you guys don't get itBenjamin Delpy
This document discusses abusing Microsoft Kerberos authentication. It provides an overview of how Kerberos authentication works, obtaining users' Kerberos keys from Active Directory or client memory, and using those keys to authenticate as the user without their password through techniques like Pass-the-Hash and Overpass-the-Hash. It also demonstrates these techniques live using mimikatz to dump keys and authenticate with captured keys.
The Unintended Risks of Trusting Active DirectoryWill Schroeder
This presentation was given at Sp4rkCon 2018. It covers the combination of Active Directory and host-based security descriptor backdooring and the associated security implications.
Grokking Techtalk #37: Data intensive problemGrokking VN
At some point in your software engineer career, you will have to deal with data and your success depends on how big the data that your software can deal with. From a simple problem that requires processing a large amount of data, this talk will present to you how to approach this kind of issue and how to design and choose an efficient solution.
About speaker:
Hồ is Senior Software Engineer at AXON where he helps design and develops complex distributed systems, including image and video encoding, distributed file conversion system. Besides coding, Ho likes to read manga and meet friends in his free time.
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Monero is a cryptocurrency that uses ring signatures to obscure the origin of transactions. It uses twisted Edwards curves to implement elliptic curve cryptography. Ring signatures allow multiple people to sign a transaction at once, making it difficult to determine the true signer. Monero implements ring signatures and uses the Ed25519 elliptic curve for its digital signatures.
This document provides an overview of keyed hashing and message authentication codes (MACs). It discusses using cryptographic hash functions and block ciphers to build MACs, as well as dedicated MAC designs like Poly1305 and SipHash. It also covers potential issues like timing attacks on MAC verification and side-channel attacks that can leak the internal state of sponge-based MACs.
This document discusses data encryption methods. It defines encryption as hiding information so it can only be accessed by those with the key. There are two main types: symmetric encryption uses one key, while asymmetric encryption uses two different but related keys. Encryption works by scrambling data using techniques like transposition, which rearranges the order, and substitution, which replaces parts with other values. The document specifically describes the Data Encryption Standard (DES) algorithm and the public key cryptosystem, which introduced the innovative approach of using different keys for encryption and decryption.
Cryptographic hashing functions are used to map data of arbitrary size to fixed-size values to facilitate data storage and transmission. They have properties such as preimage and collision resistance to make them unpredictable and secure. Popular cryptographic hashing algorithms include MD5, SHA-1, and SHA-2. Hashing functions are used for applications like digital signatures, password security, and message authentication. Techniques like salting hashes make them more resistant to brute force and pre-computed rainbow table attacks.
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
In cryptography, a one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random ...
Asymmetric key cryptography uses two keys - a public key that can be shared publicly and a private key that is kept secret. This allows two parties who have never shared secrets before, like Alice and Bob, to communicate securely by encrypting messages with each other's public keys. Common asymmetric algorithms discussed are RSA, which uses prime number factorization, and ECC, which is based on elliptic curve discrete logarithms. A public key infrastructure (PKI) with certificate authorities (CAs) is required to authenticate users and manage public keys.
Slides for a college cryptography course at CCSF. Instructor: Sam Bowne
Based on: Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000 ASIN: B014P9I39Q
See https://samsclass.info/141/141_F17.shtml
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
Security is an ever more important topic for system designers. As our world becomes digital, today’s safely-hidden back office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool and time on their hands. So the days of hoping that security is someone else’s problem are over.
The security community has developed a well understood set of principles used to build systems that are secure (or at least securable) by design, but this topic often isn’t included in the training of software developers, assuming that it’s only relevant to security specialists.
In this talk, we will briefly discuss why security needs to be addressed as part of architecture work and then introduce a set of proven principles for the architecture of secure systems, explaining each in the context of mainstream system design, rather than in the specialised language of security engineering.
This version of the talk was presented at GOTO London in October 2016.
Grokking Techtalk #39: Gossip protocol and applicationsGrokking VN
Gossip là một giao thức trao đổi thông tin phổ biến trong các hệ thống phân tán giúp cho các máy chủ duy trì trạng thái đồng nhất với nhau cũng như thực hiện các nhiệm vụ có chủ đích. Điểm mạnh của nó là khả năng phát tán thông tin ở tốc độ cao cũng như không hề có single point of failure. Trong bài talk này, Anh Nguyễn Anh Tú, thành viên của Grokking sẽ chia sẻ một số thông tin về giao thức Gossip cũng như điểm qua một vài ứng dụng thực tiễn của nó.
- Về diễn giả: Anh Nguyễn Anh Tú hiện đang là Staff Software Engineer tại Axon Vietnam, đồng thời là thành viên của Grokking Vietnam.
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...DynamicInfraDays
Slides from Jeff Mitchell's talk "Hiding in Plain Sight: Managing Secrets in a Container Environment" at ContainerDays Boston 2016: http://dynamicinfradays.org/events/2016-boston/programme.html#secrets
This document discusses post-quantum cryptography and code-based cryptography as a potential solution. It provides an overview of cryptography, both symmetric and asymmetric, and explains how quantum computers could break many current systems by solving mathematical problems efficiently. Code-based cryptography is introduced as an alternative that does not rely on these vulnerable problems. The McEliece cryptosystem and Staircase code-based schemes are described. The document then outlines a project to implement a random split of Staircase codes to thwart information set decoding attacks, including researching the topic, developing implementations, validating the approach works as intended, and verifying the results against benchmarks. It emphasizes that development should begin now to have solutions ready when needed.
This document discusses hash functions and their uses in cryptography. It covers secure hash functions like SHA-1, SHA-2, SHA-3/Keccak, and BLAKE2. It describes how hash functions work, including properties like preimage and collision resistance. It also discusses attacks on hash functions like MD5 and SHA-1. Finally, it covers issues like length extension attacks and how hash functions can be misused or vulnerabilities exploited.
Using Approximate Data for Small, Insightful Analytics (Ben Kornmeier, Protec...DataStax
Running a Cassandra cluster in AWS that can store petabytes worth of data can be costly. This talk will detail the novel approach of using approximate data structures to keep costs low, yet retain insightful, and up to date query results. The talk will explore a number of real world examples from our environment to demonstrate the power of approximate data. It will cover: determining how many IP addresses are on a network, ranking IPs by traffic, and finally determining approximate min, max, and averages on values. The talk will also cover how this data is laid out in Cassandra, so that a query always returns up to date data, without burdening the compactor.
About the Speaker
Ben Kornmeier Engineer, ProtectWise
Ben is a Staff Engineer at ProtectWise. When he is not building realtime processing pipelines, he enjoys hiking, biking, and keeping his dog out of trouble.
The document summarizes key points about cryptography for software developers from a presentation given by Raine Nieminen. It discusses symmetric and asymmetric ciphers, cryptographic hash functions, multi-party computation, and practical aspects of using cryptography like when to use it, algorithms and libraries, key management, key size, key generation, and key storage. The main messages are to use existing cryptographic libraries and implementations, understand the basics of how cryptography works, and that key management is critical for security.
This document provides an overview of asymmetric cryptography, including its history and key concepts. It discusses how asymmetric cryptography uses key pairs, with one key kept private and one shared publicly. Common asymmetric algorithms are described such as RSA, Diffie-Hellman, El Gamal, and Elliptic Curve Cryptography. The document also covers hashing, message authentication codes, digital signatures, and key management considerations.
Proof-of-Stake & Its Improvements (San Francisco Bitcoin Devs Hackathon)Alex Chepurnoy
This document discusses improvements to proof-of-stake consensus algorithms for cryptocurrencies. It begins with an introduction to the author and their areas of research interest. It then provides an overview of consensus algorithms, problems in distributed systems, and the history of Byzantine agreement and Bitcoin's consensus protocol. The majority of the document focuses on improvements to proof-of-stake protocols, including the use of multiple branching forging to improve security and the development of formal models and simulation tools to analyze consensus algorithms. It concludes by discussing the author's work on experimental cryptocurrency implementations using proof-of-stake variants.
Cryptography For The Average Developer - Sunshine PHPAnthony Ferrara
This document provides an overview of cryptography concepts for PHP developers. It discusses keeping data secure from viewing, tampering and forgery without cryptography being a "silver bullet" solution. The document covers random number generation, symmetric and asymmetric encryption, hashing, common ciphers and modes, authentication, and password storage best practices like hashing passwords instead of encrypting them. The key messages are that cryptography is very difficult to implement securely and developers should rely on expert libraries or hire an expert instead of rolling their own solutions.
The document provides an overview of cryptocurrencies and digital currencies. It discusses why crypto is important for information security, IP protection, and protection against ransomware. It then outlines a plan to cover Bitcoin and its history, characters, mechanisms, blockchain, symmetric and asymmetric crypto algorithms, breaking crypto difficulties, and comparisons to other digital currencies like Litecoin. Practical exercises on wallets, transfers, and exchanges are also mentioned. Additional advanced topics like SegWit, zero-knowledge proofs, and homomorphic encryption are included as bonuses.
For a college course -- CNIT 141: Cryptography for Computer Networks, at City College San Francisco
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
This document discusses a new symmetric key encryption standard using 1024-bit encryption. It begins by discussing some limitations of traditional symmetric key encryption approaches, such as slowness and compatibility issues. It then introduces a new innovation - a patented 1024-bit symmetric key encryption method. This new approach aims to address weaknesses by making the relationship between plaintext and ciphertext complex, encrypting 1024-bit blocks, and using the key directly in the encryption algorithm. Performance tests show the new approach is fast, secure, easy to use, and compatible with many systems. It concludes by encouraging reconsidering current encryption technologies.
For a college course -- CNIT 140: "Cryptography for Computer Networks" at City College San Francisco
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_S19.shtml
Based on "Serious Cryptography: A Practical Introduction to Modern Encryption", by Jean-Philippe Aumasson, No Starch Press (November 6, 2017), ISBN-10: 1593278268 ISBN-13: 978-1593278267
This document discusses cryptographic security. It defines informational and computational security, and explains how security is quantified in bits based on the difficulty of cracking a cipher. The document also covers achieving security through provable security via mathematical proofs or heuristic evidence from failed attacks. Additionally, it discusses generating keys randomly or from passwords, and protecting keys through wrapping or hardware tokens. Potential issues like incorrect security proofs, legacy support with short keys, and implementation flaws are also noted.
Encrypting and decrypting, choosing a random number, signing and verifying -- it all seems so logical. But the road to hell is paved with good intentions and a copy of "Applied Cryptography".
This talk will cover recent crypto vulnerabilities in widely-deployed systems and how the smallest oversight resulted in catastrophe. You'll learn why public key crypto is like a Ford Pinto in a demolition derby, the meaning of "PBKDF2", and how Web 2.0 reinvented 1970's-style password hashing, badly. And maybe, just maybe, you'll leave with a newfound respect for the utter brittleness of even the simplest crypto.
Nate Lawson is the founder of Root Labs, which specializes in the design and analysis of embedded security and cryptography. Previously, he worked at Cryptography Research, analyzing cryptographic products and co-designing the Blu-ray content protection layer known as BD+.
This document provides an overview of cryptography concepts for PHP developers. It discusses keeping data secure from viewing, tampering and forgery through encryption but notes cryptography is not a silver bullet and vulnerabilities still exist. The document covers random number generation, symmetric and asymmetric encryption, hashing, common ciphers and modes, and securely storing passwords through hashing rather than encryption. It strongly recommends using existing libraries rather than implementing cryptography directly due to the complexity and risk of bugs.
Best practices to build secure smart contractsGautam Anand
- Quick update in blockchain tech space
- Comparision between tech
- Security in Blockchain (Focusing on ETH Solidity attack vectors)
- Design patterns
- 2 Popular hacks (Case study)
Similar to AES-GCM common pitfalls and how to work around them.pptx (20)
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
2. Who am I
● Working in CyberSecurity since 2008
● Working at Twilio since 2015
○ 6 years as Authy / Account Security Security Officer
○ Now Staff Product Security Engineer
● Not a cryptographer, an enthusiast!
3. Why this talk?
● Organizations need to implement encryption.
● “someone” creates a library for specific use* when needed and
many years later everyone still uses the same.
● * usually when the use case is very simple and undemanding.
● Most companies can’t afford cryptography experts.
● Security professionals are not always into cryptography either.
● So many/most small to large companies wing it.
4. ● You need to store some sensitive data in a database.
○ API Keys, PII, Credit card, etc.
● Someone says: let’s encrypt!
● AES-GCM is mentioned a lot on google searches!
● stackoverflow.com → copy/paste
Introduction
9. Key management: Key Life
Key Rotation
● Why?
○ Key compromised
○ Standards
○ Compliance (PCI)
● When?
○ Based on time
○ Amount of encryption
○ Total number of Bytes encrypted
11. CryptoPeriod
“NIST Special Publication 800-57 Part 1 - Revision 5”, named: “Recommendation
for Key Management: Part 1 – General”
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
“The time span during which a specific key is
authorized for use or in which the keys for a given
system or application may remain in effect.”
12. CryptoPeriod
“NIST Special Publication 800-57 Part 1 - Revision 5”, named: “Recommendation
for Key Management: Part 1 – General”
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf
13. Extending Key Life
● We will focus on extending Key life!
○ “7. Limitations for algorithm usage (e.g.,
the maximum number of invocations to
avoid nonce reuse)”
● Extending key life may or may not affect the
cryptoperiod.
14. CryptoPeriod vs Key life
● Cryptoperiod != maximum amount of encryptions you can perform
with one the key.
● Cryptoperiod: suggested/enforced through standards like NIST and
regulations like PCI.
16. ● Used interchangeable
● IV = initialization vector
● nonce = number used once
● 1 plain-texts → encrypted twice → 2 different ciphertexts
IV / Nonce
17. AES-GCM Wins popularity contest
● AES-GCM is recommended by many experts.
● It’s AEAD (authenticated + integrity built-in)
● Efficient and Performant
● Specially compared to CBC the mode it
replaced as most popular
21. AES-GCM: what’s wrong with it?
Encrypt
Nonce
1
E(N1) ⊕ PlainA = CipherA
Encrypt
Nonce
1
E(N1) ⊕ PlainB = CipherB
E(N1) ⊕ PlainA ⊕ E(N1) ⊕ PlainB
(PlainA ⊕ PlainB) ⊕ PlainA
● PlainA is known
● PlainB is unknown, CipherB is known.
⊕
22. AES-GCM: what’s wrong with it?
Encrypt
Nonce
1
E(N1) ⊕ PlainA = CipherA
Encrypt
Nonce
1
E(N1) ⊕ PlainB = CipherB
E(N1) ⊕ PlainA ⊕ E(N1) ⊕ PlainB
(PlainA ⊕ PlainB) ⊕ PlainA
● PlainA is known
● PlainB is unknown, CipherB is known.
⊕
23. AES-GCM: what’s wrong with it?
● It doesn’t end here!
● Different cipher texts, same nonce and key → auth key is
leaked
● Forge and tamper ciphertexts
24. AES-GCM: what’s wrong with it?
“Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS”
https://eprint.iacr.org/2016/475.pdf
“…This results in catastrophic failure of authenticity, even if a nonce is only re-used a
single time and enables us to carry out a practical forgery attack against HTTPS…”
… A single repeated nonce is usually enough to fully recover the connection’s
authentication key…”
https://csrc.nist.gov/csrc/media/projects/block-cipher-
techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf
…an adversary can recover the secret key of the keyed hash function underlying the
authentication, using a chosen IV attack. Once this secret key is known, the encryption
mode is no longer authenticated. As a consequence, all chosen ciphertext attacks
against the confidentiality become feasible. Moreover, since the encryption mode is a
counter mode, i.e. a stream cipher, the XOR malleability of the encrypted plaintext
becomes a major security issue.
25. GCM nonces
● OK, so I just won’t repeat nonces and I’m done.
Right?
● Distributed infrastructure makes counters almost
impossible.
● Random nonces
● GCM nonces are standardized to 96 bit long.
26. GCM nonces
● NIST SP 800-38D (Recommendation for Block Cipher Modes of
Operation: Galois/Counter Mode (GCM) and GMAC) specifies:
“...The IVs in GCM must fulfill the following “uniqueness” requirement:
The probability that the authenticated encryption function ever will be
invoked with the same IV and the same key on two (or more) distinct sets
of input data shall be no greater than 2-32...”
“...The total number of invocations of the authenticated encryption function
shall not exceed 232, including all IV lengths and all instances of the
authenticated encryption function with the given key...”
27. GCM nonces
● P(collision) = 2-32 ≃ 10-10
● We can’t encrypt more than 232 times (with same key)
● Risk of random nonce repetition.
If you encrypt 500 records/second you will hit 232 after 100 days!
Days! Not years!
28. ● Why 96 bits? Why not 256 bits?
https://csrc.nist.rip/groups/ST/toolkit/BCM/documents/proposedmodes/
gcm/gcm-spec.pdf
“96-bit IV values can be processed more efficiently, so that length is
recommended for situations in which efficiency is critical.”
● Could be longer! but it’s not standardized.
GCM nonce length
29. ● Libraries expects the implementer to keep the number of encryptions
under 232.
● I checked LibSodium and Google Tink.
● Golang std library: “Never use more than 232 random nonces with a
given key because of the risk of a repeat.”
Cryptographic libraries solve this, right?
32. Why random numbers repeat?
● Birthday paradox!
● In cryptographic layman terms
○ If you don’t want any 2 random numbers to repeat, you must limit the amount
of random numbers you generate.
● If your numbers go from 1 to 10, it’s extremely likely that if you
generate 5 random numbers, 2 will repeat (~70%).
35. GCM nonce collision acceptance
● NIST: Acceptable probability of collision of around 2-32 ~ 10-10
● We will use the table from now on
○ So safe is <= 10-12
37. ● Use AES-GCM, with NO changes
● Keep it NIST compliance → FIPS 140-2* / FedRAMP
● Probability of collision <= 10-10
● At least 264 encryptions.
● No requirements for performance.
● No requirements for efficiency
Workaround requirements
* or FIPS 140-3
39. Workaround: Random Salt
● Derive Keys from a Master Key
○ “Synthetically emulate larger nonces”
● NO changes to how nonces are created
● NIST/FIPS 140-2 compliant
○ NOT changing the algorithm at all
● If a nonce were to repeat, it should happen with a different Key.
40. Workaround: Random Salt
● For AES with 256 bit keys:
○ Derived Key = HMAC-SHA256(Master Key, Salt)
● Salts are random → Figure out the required size.
● Master Key is never used to encrypt.
41. Workaround: Random Salt
● Let’s calculate Salt size!
● Salts are random too → Birthday paradox is applicable!
44. Workaround: Random Salt
● We need 192 bits random in TOTAL.
● We have 96 bits already from nonce
● So Salt → 96 bits (12 bytes)
45. Workaround: Random Salt
● Use SecureRandom
● Seeding should use fresh entropy when having many instances, to
avoid different instances having the same seed.
46. Workaround: Random Salt
Extra cost compared to plain AES-GCM:
● 96 bits SecureRandom
● 1 HMAC
● 12 extra bytes
It’s not that bad :)
● You can adapt salt size based on need.
https://github.com/kantos/go_encryption_library
48. Workaround: Time-based salts
● Derived Key = HMAC-SHA256(Master Key, Salt)
● Counters are good nonces!
● Hard to sync among instances.
● Let’s uses salts based on time!
● Time doesn’t repeat itself
○ It does repeat among different instances though.
○ Or on local time adjustments
49. Workaround: Time-based salts
● 32-bit Unix time → 4 bytes
● Birthday paradox doesn’t apply → 232 by 232 = 264 encryptions.
● As long as you don’t perform more than 232 encryptions in 1
second, you should be fine.
50. Workaround: Time-based salts
● No need to worry about time shifts between instances, they end
up cancelling each other.
● If clocks are not working at all, i.e. stuck, then you have to
worry.
51. Workaround: Time-based salts
Side effects:
● You are storing the time of
record encryption.
○ If you are for example encrypting
Bank account creation date, then
“salt” = “account creation date”
○ Useful for scheduling re-
encryptions (for key rotations)
52. Workaround: Time-based salts
Side effects:
● Unix 32 bits timestamps are “signed int”. Overflows in the year 2038.
○ Overflow won’t break the scheme → Useful until year 2106.
○ Prepare your Operating System for overflows.
○ You could end up finding every record to be old, even immediately after
encrypting.
55. AES-GCM-SIV
Pros
● Resistant to nonce repetition
● Less performant than plain AES-GCM, but still pretty good.
● Available in multiple programming languages.
● Encrypt 264 messages of length 4KiB
56. AES-GCM-SIV
Cons
● Still not available in every programming language [1]
● Support is up to individual projects
● Not FIPS 140-2 (nor NIST approved. Submitted in 2019 [2])
[1] It’s getting better every year though.
[2] https://csrc.nist.gov/projects/block-cipher-techniques/bcm/modes-development
57. AES-GCM-SIV
● Repeating nonces still leaks that the plain text is the same.
● You can mix AES-GCM-SIV with the proposed solutions.
● AES-GCM-SIV is likely secure, but it’s too new.
59. Should we really worry about AES-GCM collisions?
● 248 encryptions → chance of a nonce collision is around 50%.
● An attacker needs to capture/retrieve and store, 15 petabytes* of
records to have 50% chance of success of collision.
○ If your plain-text records are 32 bytes, when encrypted (with tag and
nonce) they are 60 bytes long.
● This will only allow decrypting 1 record.
● And forging any new record.
* in average, you never know when a repetition will happen.
60. Should we really worry about this?
● You decide!
● Implementing these solutions it’s pretty easy, so why not do them.
● You never know how your system will be abused.
● You never know how your encryption library will be used by
engineers.
● Encryption libraries live for a long time in organizations.
61. Why use AES-GCM then?
● AES-GCM is FIPS 140-2* compliant
● Less error prone to AES-CBC
● FedRAMP requires FIPS 140-2*
● If you don’t need any of those (beware your org may change
their mind)
a. NaCl/libsodium
b. XChaCha20-Poly1305-IETF
c. AES-GCM-SIV
* / FIPS 140-3
We will focus on Key Life!
If a key has a life we need to consider and implement rotation.
Rethorical question: “What happens if I don’t?” → to intro that rotation is required by encryption algorithms
We can’t talk about key life without talking about cryptoperiod.
Nist defines it was the time span a key is authorized for us.
We will focus on 7
One clarification:
Key life is just one factor of cryptoperiod, but not the same.
Cryptoperiod <> maximum amount of encryptions you can perform without rotating the key.
Cryptoperiod: suggested/enforced through standards like NIST and regulations like PCI.
let’s sum it up to something random you add when encrypting so 2 plain texts have different cipher texts
GCM was designed for TLS to replace CBC.
it has authentication and integrity built-in compared to CBC.
It’s more efficient and performant than CBC + HMAC, what it replaced.
Plain_A could be for example an API key a service provides to us, and they stored encrypted.
Through SQL injection we find Cipher_B is using the same nonce they used with Plain_A
We do this operations.
Plain_A could be for example an API key a service provides to us, and they stored encrypted.
Through SQL injection we find Cipher_B is using the same nonce they used with Plain_A
We do this operations.
Papers that explain this vulnerability on GCM tag.
https://cryptologie.net/article/361/breaking-https-aes-gcm-or-a-part-of-it/
https://www.cryptologie.net/article/519/key-wrapping-and-nonce-misuse-resistance/#:~:text=As%20you%20probably%20know%2C%20a,and%20to%20forge%20more%20messages.
https://www.elttam.com/blog/key-recovery-attacks-on-gcm/#content
https://soatok.blog/2020/05/13/why-aes-gcm-sucks/
Random nonces is the common thing to do.
Probability of nonce collision should not exceed 2^-32
For that it recommends not to invoke more than 2^32 times the encrypt function.
Let’s talk why random numbers can repeat so easily.
Where does this NIST 2^32 comes from.
2^32 is around 10^9, the closest number in the table with 96 bits nonces is 4.0 x 10^8, erring on the safe side of course
equal or less than 10 to the power of minus twelve
No requirements for performance.
Thought for use cases of encryption of less 16KB of up to several thousands per second. not millions (like TLS). YMMV though.
No requirements for efficiency
Ok to store some additional bytes (4-12 bytes) per encrypted record
But it needs to be good enough for production use.
The table tells us we need 192 bits random. Since we have 96 random bits from the nonce then we need another 96 bits to get to 192.
The table tells us we need 192 bits random. Since we have 96 random bits from the nonce then we need another 96 bits to get to 192.
Standard random should in theory be OK too, I wouldn’t risk it though.
Same Derived Key scheme as before, what changes is nonce generation.