I have the Widex SmartRIC 220, and would buy them again. They are comfortable, have musical audio quality (Widex works with musicians), very low latency (reducing comb filter effect), and in general look and feel very…
Actually, with currently common key sizes, ECC up to 384 bits will fall to QC before RSA with 1024 bits, because fewer bits means fewer qubits needed. The main disadvantage of RSA is the structure of finite fields,…
For the attack all 60 signatures need a nonce that is special in this way. If for example only one out of the 60 is short, the attack fails in the lattice reduction step. The reason is that in the attack, all 60 short…
Caution here. If your modulus is too close to the maximum truncated value, there can be a bias in the upper bits, too. For example, if you reduce a number between 0 and 15 by the modulus 13, the values 0, 1 and 2 will…
If the hosts are under your control, and never connect to untrusted hosts, then you are ok. The user authentication is encrypted, so the signatures are not visible to a man in the middle.
We found it by investigating the security of SSH as part of a larger research program focussing on SSH, which also resulted in our publication of the Terrapin vulnerability. This particular bug basically fell into our…
No, because there may be other messages that are ignored, i.e. don't trigger a response message. Any such message can be used for injection. The details are implementation specific, though. The new strict-kex disallows…
Depends a bit on the MAC. CTR-EtM is technically vulnerable (i.e. cryptographically broken), but due to key stream desynchronization the attack will quickly lead to application errors, defeating the attacker. See Sect.…
ChaPoly was added in 2013, but the weird KEX is even older, dating back all the way to 1998 in SSHv2. And surprisingly, the attack only works with the "better" symmetric ciphers that do INT-CTXT instead of INT-PTXT.
Thanks! <3 Also for the kind words.
It's prefix truncation, though.
NeoPG uses Botan, which is a crypto library written in C++. I recommend reading its source code and comparing it with, for example, libgcrypt.
This is true. But it is a necessary first step and some refactoring has already been done. It's a long way. Many comments here are missing the main inspiration of using C++, which is the Botan crypto library.
Yes, I should document that. GPGME only exposes a high-level API, and application developers often want more control. For example, you can't inspect key material before importing it, but importing a key is not a…
You might want to check out https://sequoia-pgp.org - a new OpenPGP implementation written from scratch in Rust within the PEP project.
Hi, I'm "this guy". Thanks for pointing out -fpermissive, which was needed during the conversion for the legacy code. Since then I fixed all the warnings, so I can remove the flag…
I have the Widex SmartRIC 220, and would buy them again. They are comfortable, have musical audio quality (Widex works with musicians), very low latency (reducing comb filter effect), and in general look and feel very…
Actually, with currently common key sizes, ECC up to 384 bits will fall to QC before RSA with 1024 bits, because fewer bits means fewer qubits needed. The main disadvantage of RSA is the structure of finite fields,…
For the attack all 60 signatures need a nonce that is special in this way. If for example only one out of the 60 is short, the attack fails in the lattice reduction step. The reason is that in the attack, all 60 short…
Caution here. If your modulus is too close to the maximum truncated value, there can be a bias in the upper bits, too. For example, if you reduce a number between 0 and 15 by the modulus 13, the values 0, 1 and 2 will…
If the hosts are under your control, and never connect to untrusted hosts, then you are ok. The user authentication is encrypted, so the signatures are not visible to a man in the middle.
We found it by investigating the security of SSH as part of a larger research program focussing on SSH, which also resulted in our publication of the Terrapin vulnerability. This particular bug basically fell into our…
No, because there may be other messages that are ignored, i.e. don't trigger a response message. Any such message can be used for injection. The details are implementation specific, though. The new strict-kex disallows…
Depends a bit on the MAC. CTR-EtM is technically vulnerable (i.e. cryptographically broken), but due to key stream desynchronization the attack will quickly lead to application errors, defeating the attacker. See Sect.…
ChaPoly was added in 2013, but the weird KEX is even older, dating back all the way to 1998 in SSHv2. And surprisingly, the attack only works with the "better" symmetric ciphers that do INT-CTXT instead of INT-PTXT.
Thanks! <3 Also for the kind words.
It's prefix truncation, though.
NeoPG uses Botan, which is a crypto library written in C++. I recommend reading its source code and comparing it with, for example, libgcrypt.
This is true. But it is a necessary first step and some refactoring has already been done. It's a long way. Many comments here are missing the main inspiration of using C++, which is the Botan crypto library.
Yes, I should document that. GPGME only exposes a high-level API, and application developers often want more control. For example, you can't inspect key material before importing it, but importing a key is not a…
You might want to check out https://sequoia-pgp.org - a new OpenPGP implementation written from scratch in Rust within the PEP project.
Hi, I'm "this guy". Thanks for pointing out -fpermissive, which was needed during the conversion for the legacy code. Since then I fixed all the warnings, so I can remove the flag…