Articles on Encryption
Last updated: 2022/10/31
Top deep-dives on Encryption
As a developer, you usually have to make the sacrifice of not fully understanding how something you use works. Be it a library, algorithm, or some other technique like cryptography. In this enlightening article written by the furry Soatok, we get to see an example of how not fully understanding the encryption used for securing passwords in a PHP system could allow a malicious user to login as any user.
Matthew Green takes a casual dive into the encryption underlying the popular crypto browser wallet, Meta Mask.
Paul Khuong ponders a method and the performance of encrypting structured internal keys to be random externally.
In regards to tech, privacy has taken center stage as one of the main issues in the past couple of years. Encryption is often times touted as a great solution for keeping user information private, but how does that work with services that might have to store unimaginable amounts of data, where a 5% decreases in size could save millions of dollars? Ayende Rahien's article looks at how convergent encryption produces the same result with different encryption keys, in the aim of deduplicating data storage.
Matthew Green discusses a new paper on One-Time Programs (OTP), a cryptographic primitive that allows for secure, unhackable software to be sent to and run on any untrusted computer. OTPs are a powerful tool with many potential applications, but they have a fundamental problem in that they require strong model-breaking assumptions to build, which limits their practicality.
- The executing computer can only run a OTP once
- Many realizations of OTPs require the program author to deliver some kind of secure hardware to the person who runs the program
- OTPs can be used to build devastating ransomware and malware
Ben Herzog discusses the encryption algorithm RC4 and how it is broken in various situations. Ben also demonstrates several approaches for attacks on the algorithm.
Cendyne elaborates on a previous post they made on the Ed25519 algorithm, specifically looking at the different validation criteria across implementations, researches "exclusive ownership", reviews a technical specification, discusses deterministic signatures, and finally how Ed25519's reference implementation promotes a misuse vulnerability widely promoted this year.