Dean Charlton’s Post

MetaCTF was great. We were given 5 tasks. These are: Cryptography Forensics Reverse Engineering Web Exploitation Binary Exploitation We spent only half an hour to work 4 tasks. But for the remaining 1.5 hours, we completed the last task, which was "Binary Exploitation"!

Secure cryptographic protocols are notoriously difficult to model. I run into evaluating code written for cryptography and check if the implementation is correct.  Those developers that make "ProVerif" in my thinking really know what they are doing. Though it's unimaginably complicated, I feel it's the price to pay to use quality. 

Remember those RSA tags? I will never forget those ever-changing 6-digit passcodes used to login to work laptops from remote locations. Starting this year and spanning the next decade, every RSA encryption point across the world of software will begin to be replaced by Post-Quantum Cryptography (PQC), the new algorithm designed to counter quantum computing's potential to crack RSA-quality encryptions. This rip and replace implementation is going to be nutty and crazy - I can imagine CIOs and CTOs already thinking about taking inventory of the software every organization uses, and within it where RSA is coded - bet in all sorts of unexpected places! https://lnkd.in/eAkWFTfD

My tip for an ECR (Early Career Researcher) is to never dismiss any method - just because it is not used that much at the current time. There are usually new use cases that can become relevant. RSA has survived over four decades and is still going strong. But, there have been other methods for public key encryption that have not quite scaled the levels of RSA. And, so, in 1997, David Naccache and Jacques Stern produced a knapsack method for public key encryption, and which has still to be broken. In this case, we will use Bouncy Castle and C#, and process with key sizes of 256 bits, 512 bits or 1,024 bits (note that we would need larger key sizes than this for security): https://lnkd.in/evV8bKvk

Complex security systems pose a challenge to the #telco industry in implementing #cryptoagility. Sandwich simplifies this process by bridging the gap between networking developers and cryptographers, enabling telecommunications software engineers to focus on what they excel at. https://bit.ly/3uDvvsg

hello connections ☺️ This post is about article of Understanding Security Keys in Bluetooth Low Energy Learn the roles of the three security keys in Bluetooth LE—Long Term Key (LTK), Connection Signature Resolving Key (CSRK), and Identity Resolving Key (IRK). Before diving into the specifics of how Bluetooth Low Energy (LE) technology uses security keys , let's take a step back and lay the groundwork by understanding what a security key is, especially for those just venturing into the intriguing world of cryptography. Cryptography, in the simplest terms, is the practice and study of techniques used to secure communication in the presence of adversaries. The goal is to ensure that the intended information is accessible only to those who are meant to have access to it. One of the fundamental tools used in cryptography to achieve this goal is a "security key." All About Circuits TECHNICAL ARTICLE Understanding Security Keys in Bluetooth Low Energy 5 days ago by Nthatisi Hlapisi Learn the roles of the three security keys in Bluetooth LE—Long Term Key (LTK), Connection Signature Resolving Key (CSRK), and Identity Resolving Key (IRK). Before diving into the specifics of how Bluetooth Low Energy (LE) technology uses security keys (Figure 1), let's take a step back and lay the groundwork by understanding what a security key is, especially for those just venturing into the intriguing world of cryptography. Cryptography, in the simplest terms, is the practice and study of techniques used to secure communication in the presence of adversaries. The goal is to ensure that the intended information is accessible only to those who are meant to have access to it. One of the fundamental tools used in cryptography to achieve this goal is a "security key." #snsdesignthinking #snsdesignthinkers #snsinstitutions

https://lnkd.in/epXuKJwG I am now studying about asymmetric (public key) encryption method. As I mentioned thousands times, I am nothing but a multi scale “mechanical”modeling researcher who has some new ideas about “mechanical” devices. (Of course I have some new ideas about electrical devices and fluid dynamical devices, too. ^.^) I definitely have had no reason to learn the cryptography until yesterday. However, I now want to for my very new idea. 😅

Post Quantum Cryptography (PQC) with Bouncy Castle and C# Since 2017, cybersecurity experts have probed and analysed the replacements for our public key encryption methods. Some, such as Rainbow and SIDH, crumbled due to new attacks. But, now, a brave new world of standards exists, and there are few barriers for companies to start the migration process in 2024. While these new methods are likely to ween us off our fixation with RSA and ECC, we can look to a hybrid approach and then an eventual switchover in the coming years. The "key" (sorry for pun!) contenders for key exchange are: Kyber. The only method that is fully drafted as a key exchange method, and which uses lattice methods. HQC. A beaten finalist in 3rd round and code-based approach, and is progressing for further assessment (in the 4th round). Bike. A beaten finalist in 3rd round and code-based approach, and is progressing for further assessment (in the 4th round). Mcellice. A beaten finalist in 3rd round and code-based approach, and is progressing for further assessment (in the 4th round). For digital signatures: Dilithium. A lattice approach that is progressing to a standard. FALCON. A lattice approach that is progressing to a standard. SPHINCS+. A hash-based approach that is progressing to a standard. New additional signature: These are just being assessed here: https://lnkd.in/dGFRtPga Read more: https://lnkd.in/eckvDsAz

A team of academic researchers from universities in California and Massachusetts demonstrated that it’s possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts. SSH is a cryptographic network protocol for secure communication, widely employed in remote system access, file transfers, and system administration tasks. RSA is a public-key cryptosystem used in SSH for user authentication. It uses a private, secret key to decrypt communication that is encrypted with a public, shareable key. https://lnkd.in/dUyataPn