Articles on Encryption

Last updated: 2022/10/31

Top deep-dives on Encryption

The Subtle Hazards of Real-World Cryptography

As a developer, you usually have to make the sacrifice of not fully understanding how something you use works. Be it a library, algorithm, or some other technique like cryptography. In this enlightening article written by the furry Soatok, we get to see an example of how not fully understanding the encryption used for securing passwords in a PHP system could allow a malicious user to login as any user.

An extremely casual code review of MetaMask’s crypto

Matthew Green takes a casual dive into the encryption underlying the popular crypto browser wallet, Meta Mask.

Plan B for UUIDs: double AES-128

Paul Khuong ponders a method and the performance of encrypting structured internal keys to be random externally.

Looking into convergent encryption

In regards to tech, privacy has taken center stage as one of the main issues in the past couple of years. Encryption is often times touted as a great solution for keeping user information private, but how does that work with services that might have to store unimaginable amounts of data, where a 5% decreases in size could save millions of dollars? Ayende Rahien's article looks at how convergent encryption produces the same result with different encryption keys, in the aim of deduplicating data storage.

One-Time Programs

Matthew Green discusses a new paper on One-Time Programs (OTP), a cryptographic primitive that allows for secure, unhackable software to be sent to and run on any untrusted computer. OTPs are a powerful tool with many potential applications, but they have a fundamental problem in that they require strong model-breaking assumptions to build, which limits their practicality.
Some highlights:

  • The executing computer can only run a OTP once
  • Many realizations of OTPs require the program author to deliver some kind of secure hardware to the person who runs the program
  • OTPs can be used to build devastating ransomware and malware

Attacking Very Weak RC4-Like Ciphers the Hard Way

Ben Herzog discusses the encryption algorithm RC4 and how it is broken in various situations. Ben also demonstrates several approaches for attacks on the algorithm.

Ed25519 Deep Dive Addendum

Cendyne elaborates on a previous post they made on the Ed25519 algorithm, specifically looking at the different validation criteria across implementations, researches "exclusive ownership", reviews a technical specification, discusses deterministic signatures, and finally how Ed25519's reference implementation promotes a misuse vulnerability widely promoted this year.

Want to see more in-depth content?

subscribe to my newsletter!

Other Articles