Crypto

(This post uses x86-64 for illustration throughout. The fundamentals are similar for other platforms but will need some translation that I don’t cover here.) Despite compilers getting better over time, it’s still the case that hand-written assembly can be worthwhile for certain hot-spots. Sometimes there are special CPU instructions for…

Read More

This talk was given by Ben Kreuter and its focus was on the apparent disparity between what we research in academia versus what is required in the real world, specifically in the field of multi-party computation (MPC). MPC is the idea of allowing multiple parties to compute some function on…

Read More

This talk was given by Ben Kreuter and its focus was on the apparent disparity between what we research in academia versus what is required in the real world, specifically in the field of multi-party computation (MPC). MPC is the idea of allowing multiple parties to compute some function on…

Read More

Fresh back from an enlightening trip across the pond, I wanted to write about one of my favourite talks, all about password (in)security, from this year’s Real World Cryptography conference. As we know: Passwords protect everything. Passwords are terrible. But happily, Hugo Krawczyk from IBM Research spoke about some great…

Read More

One of my favourite talks from the Real World Crypto 2017 conference was given by Laurent Simon, on Erasing Secrets from RAM.In short, it was found that in practice, many non-malicious programs handling keys and other sensitive data do not erase the RAM correctly. This would allow an attacker (that…

Read More

RISC-V is a new, open instruction set. Fabrice Bellard wrote a Javascript emulator for it that boots Linux here (more info). I happen to have just gotten a physical chip that implements it too (one of these) and what’s cool is that you can get the source code to the…

Read More

Ridiculous password policies are a constant frustration to users and security professionals alike. They aren’t making us more secure and… Continue reading on XATO: SECURITY » Source: Xato – Passwords & Securi… @ December 21, 2016 at 06:28PM 0

Read More

In July my colleague, Matt Braithwaite, announced that Chrome and Google would be experimenting with a post-quantum key-agreement primitive in TLS. One should read the original announcement for details, but we had two goals for this experiment: Firstly we wanted to direct cryptoanalytic attention at the family of Ring Learning-with-Errors…

Read More