- On Ashton Kutcher and Secure Multi-Party Computation
- PRFs, PRPs and other fantastic things
- Book Review: Red Team Blues
- Remarks on “Chat Control”
- Why encrypted backup is so important
- One-Time Programs
- In defense of crypto(currency)
- An extremely casual code review of MetaMask’s crypto
- Thinking about “traceability”
- A case against security nihilism
- Why the FBI can’t get your browsing history from Apple iCloud (and other scary stories)
- Ok Google: please publish your DKIM secret keys
- Attack of the week: Voice calls in LTE
- Why is Signal asking users to set a PIN, or “A few thoughts on Secure Value Recovery”
- Does Zoom use end-to-end encryption?
- EARN IT is a direct attack on end-to-end encryption
- What is the random oracle model and why should you care? (Part 5)
- Can end-to-end encrypted systems detect child sexual abuse imagery?
- How safe is Apple’s Safe Browsing?
- Looking back at the Snowden revelations
- How does Apple (privately) find your offline devices?
- Attack of the week: searchable encryption and the ever-expanding leakage function
- On Ghost Users and Messaging Backdoors
- Let’s talk about PAKE
- Why I’m done with Chrome
- Friday Dachshund Blogging
- Wonk post: chosen ciphertext security in public-key encryption (Part 2)
- Was the Efail disclosure horribly screwed up?
- A few thoughts on Ray Ozzie’s “Clear” Proposal
- Wonk post: chosen ciphertext security in public-key encryption (Part 1)
- Hash-based Signatures: An illustrated Primer
- A few notes on Medsec and St. Jude Medical
- Apple in China: who holds the keys?
- Attack of the Week: Group Messaging in WhatsApp and Signal
- The strange story of “Extended Random”
- A few thoughts on CSRankings.org
- Attack of the week: DUHK
- Falling through the KRACKs
- Patching is hard; so what?
- Beyond public key encryption
- Secure computing for journalists
- The future of Ransomware
- Zero Knowledge Proofs: An illustrated primer, Part 2
- The limitations of Android N Encryption
- Attack of the week: 64-bit ciphers in TLS
- Is Apple’s Cloud Key Vault a crypto backdoor?
- Statement on DMCA lawsuit
- What is Differential Privacy?
- Attack of the Week: Apple iMessage
- Attack of the week: DROWN
- On the Juniper backdoor
- Why the Tor attack matters
- A riddle wrapped in a curve
- Let’s talk about iMessage (again)
- The network is hostile
- A history of backdoors
- Attack of the week: Logjam
- How do we build encryption backdoors?
- Truecrypt report
- Attack of the week: FREAK (or ‘factoring the NSA for fun and profit’)
- How to paint yourself into a corner (Lenovo edition)
- Another update on the Truecrypt audit
- How do we pay for privacy?
- Hopefully the last post I’ll ever write on Dual EC DRBG
- On the new Snowden documents
- Zero Knowledge Proofs: An illustrated primer
- Attack of the Week: Unpicking PLAID
- Attack of the week: POODLE
- Why can’t Apple decrypt your iPhone?
- Slate piece
- What’s the matter with PGP?
- Noodling about IM protocols
- Attack of the Week: Triple Handshakes (3Shake)
- Attack of the week: OpenSSL Heartbleed
- How do you know if an RNG is working?
- Cryptographic obfuscation and ‘unhackable’ software
- A letter from US security researchers
- A few more notes on NSA random number generators
- Can hackers decrypt Target’s PIN data?
- An update on Truecrypt
- How does the NSA break SSL?
- Let’s audit Truecrypt!
- RSA warns developers not to use RSA products
- The Many Flaws of Dual_EC_DRBG
- A note on the NSA, the future and fixing mistakes
- On the NSA
- Is the cryptopocalypse nigh?
- TweetNaCl
- Can Apple read your iMessages?
- How to ‘backdoor’ an encryption app
- On cellular encryption
- Zerocoin: making Bitcoin anonymous
- The Ideal Cipher Model (wonky)
- Attack of the week: RC4 is kind of broken in TLS
- Here come the encryption apps!
- Cryptography is a systems problem (video)
- Why I hate CBC-MAC
- Attack of the week: TLS timing oracles
- In defense of Provable Security
- Surveillance works! Let’s have more of it.
- The anatomy of a bad idea
- Let’s talk about ZRTP
- Attack of the week: Cross-VM side-channel attacks
- The crypto dream
- So you want to use an alternative cipher…
- SHA3 is over. Long live SHA3!
- On the (provable) security of TLS: Part 2
- On the (provable) security of TLS: Part 1
- Hey Amazon: Banning Security Researchers Isn’t Making Us Safer
- Reposted: A cryptanalysis of HDCP v2.1
- Dear Apple: Please set iMessage free
- On Gauss
- A missing post (updated)
- Four theories on the cryptography of Star Trek
- Indifferentiability
- A bad couple of years for the cryptographic token industry
- Flame, certificates, collisions. Oh my.
- Posts so far
- TACK
- If wishes were horses then beggars would ride… a Pwnie!
- How to choose an Authenticated Encryption mode
- A tale of two patches
- The future of electronic currency
- An update on the TLS MITM situation
- Wonk post: Circular security
- So long False Start, we hardly knew ye
- It’s the end of the world as we know it (and I feel fine)
- iCloud: Who holds the key?
- Poker is hard, especially for cryptographers
- Why Antisec matters
- How do Interception Proxies fail?
- Surviving a bad RNG
- A brief update
- The Internet is broken: could we please fix it?
- Random number generation: An illustrated primer
- RSA keys: no insight whatsoever
- SSL MITM Update
- Trustwave announces name change: henceforth will simply be ‘Wave’
- Satellite phone encryption is terrible. Anyone surprised?
- Multiple encryption
- Bad movie cryptography, ‘Swordfish’ edition
- Tor and the Great Firewall of China
- In memoriam: Tim Hartnell
- EAX’, Knight Rider, and an admission of defeat
- Useful cryptography resources
- Attack of the week: Datagram TLS
- A very casual introduction to Fully Homomorphic Encryption
- OpenSSL and NSS are FIPS 140 certified. Is the Internet safe now?
- 2011 Redux
- What’s TLS Snap Start?
- A brief note on end-of-year giving
- A question for you
- What’s the deal with RC4?
- Programming note
- Paul Kocher
- Liveblogging WWII: December 12, 1941
- Is there an Enigma bubble?
- Matt Green smackdown watch (Are AEAD modes more vulnerable to side-channel attacks?)
- How (not) to use symmetric encryption
- Academic vs. commercial cryptographers
- Human error is something to be engineered around, not lamented
- Non-governmental crypto attacks
- Bram Cohen corrects me?
- Digital Fortress: I read it so you don’t have to
- Neat research ideas that went nowhere: Preventing offline dictionary attacks with CAPTCHAs
- An update on our contest
- The first rule of vulnerability acknowledgement is: there is no vulnerability acknowledgement
- Format Preserving Encryption, or, how to encrypt a credit card number with AES
- How not to redact a document: NHTSA and Toyota edition
- In defense of Applied Cryptography
- On symbol signs, the adversary, and announcing a contest
- What is the Random Oracle Model and why should you care? (Part 4)
- Attack of the week: XML Encryption
- What is the Random Oracle Model and why should you care? (Part 3)
- Oh my…
- DESFire
- What is the Random Oracle Model and why should you care? (Part 2)
- How standards go wrong: constructive advice edition
- Should I use a non-standard encryption scheme?
- Bram Cohen Corrected
- What is the Random Oracle Model and why should you care? (Part 1)
- Oldtimers vs. whippersnappers (code optimization edition)
- Where Things Fall Apart: Protocols (Part 2 of 2)
- Where Things Fall Apart: Protocols (Part 1 of 2)
- A diversion: BEAST Attack on TLS/SSL Encryption
- Where Things Fall Apart: Primitives
- Introduction
-
Follow
Following
Already have a WordPress.com account? Log in now.
A Few Thoughts on Cryptographic Engineering 