Raw decode of the cert that has been blacklisted. http://pastebin.com/4wJXTsR4 Let the speculation begins.
He is probably using some encryption technique which requires multiple keys to unlock, perhaps similar to https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
"Decryption" would be my guess. I don't buy the explanation WaPo offers for "Protocol Exploitation" because the name itself is so suggestive...
It gives you the ability to modify the app without changing its cryptographic signature. If such problem would exist in standard PC world, it would essentially give you the ability to modify the binary without changing…
https://github.com/ioerror/duraconf might answer some questions...
Yes you are wrong :D If NSA is not actively man-in-the-middling you, Perfect forward secrecy still works. ECDHE has been in Openssl since version 1.0.0 so its out there just not used. Btw. Is there any addon for Firefox…
It has been discussed over and over on hackernews recently so just tldr version. Let’s consider two scenarios. 1) NSA forces CA to issues a certificate for google.com and decide to man-in-the-middle you. In that case…
Not by default on every account. I have recently changed settings on couple of my friends account to force SSL.
I am not sure if such system existed in the past or if I read about it in some sci-fi book, but it worked as follows: You generated your key pair. In (almost) every country in almost every city there were “key signers”…
Probably not gonna happened, but it would solve so many problems with public key crypto. Key distribution? No problem, tie your public key to your gmail account. Need to communicate with someone? Just send them your…
Raw decode of the cert that has been blacklisted. http://pastebin.com/4wJXTsR4 Let the speculation begins.
He is probably using some encryption technique which requires multiple keys to unlock, perhaps similar to https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing
"Decryption" would be my guess. I don't buy the explanation WaPo offers for "Protocol Exploitation" because the name itself is so suggestive...
It gives you the ability to modify the app without changing its cryptographic signature. If such problem would exist in standard PC world, it would essentially give you the ability to modify the binary without changing…
https://github.com/ioerror/duraconf might answer some questions...
Yes you are wrong :D If NSA is not actively man-in-the-middling you, Perfect forward secrecy still works. ECDHE has been in Openssl since version 1.0.0 so its out there just not used. Btw. Is there any addon for Firefox…
It has been discussed over and over on hackernews recently so just tldr version. Let’s consider two scenarios. 1) NSA forces CA to issues a certificate for google.com and decide to man-in-the-middle you. In that case…
Not by default on every account. I have recently changed settings on couple of my friends account to force SSL.
I am not sure if such system existed in the past or if I read about it in some sci-fi book, but it worked as follows: You generated your key pair. In (almost) every country in almost every city there were “key signers”…
Probably not gonna happened, but it would solve so many problems with public key crypto. Key distribution? No problem, tie your public key to your gmail account. Need to communicate with someone? Just send them your…