Copy protecting
From software, audio to video are being illegaly copied and everytime the major brands try to implement some kind of protection. They always claim their protection to be perfect, and yet it is always...
View ArticleClik here to view.
Safe web authentication
The major problem with security of web applications is that the client sends the login name and password in plain text if https isn’t available. A nasty person with access to the network could use ARP...
View ArticleLinux Mount Security
With the linux Set UID Attribute you can let the owner of the file be the one the execute it when another user executes the file. This feature has traditionaly be used for system tools in linux which...
View ArticleReversing CRC
Cyclic Redundancy Code CRC is a hash which is frequently used as a checksum for data in for instance archives. Who hasn’t had bad CRC errors once when opening corrupted zips. CRC is a very old...
View ArticleClik here to view.
Rainbow Tables: Coverage
A rainbow table is generated by creating (m) chains using randomly picked starting keys. The reduction functions result (or ought to result at least) in evenly distributed new keys. Their is only a...
View ArticleDDOS on Hash Tables (Self Balancing Hash Tables)
Hash Tables are widely used in server software. A malicious user can easily forge keys in the communication with the server that will result in hashes from the keys so that they will end up in the same...
View ArticleSimple Branch Prediction Analysis
This paper outlines simple branch prediction analysis attack against the RSA decryption algorithm. At the core of RSA decryption is a loop over all bits of the secret key number d. When the bit 1 there...
View Articlemd5(microtime())
Don’t use md5(microtime()). You might think it’s more secure than md5(rand()), but it isn’t. With a decent amount of tries and a method of syncing (like a clock on your website) one can predict the...
View Article“Nothing to hide”
In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the “nothing to hide” argument. When asked about government surveillance and data mining,...
View ArticleCaCert.org
CaCert is a Certification Authority that works with a web of trust: people meet and assure (similar to keysigning) eachother. If you’ve been assured by enough people you’ll be able to let your ssl...
View Article