Super fun fact: Blizzard's (ie World of Warcraft's) safe prime was 256 bits which was known to be broken at the time, but no one really knew this until they got hacked and their database got leaked. Super-duper fun…
> Apparently, it's based on "aPAKE" which stands for "Asymmetric PAKE" It is an "aPAKE" which stands for "augmented PAKE". An aPAKE is client-server vs peer-to-peer. The original PAKE was peer-to-peer then augmented to…
I was team SPAKE2 based PAKEs, but I now know that SPEKE based PAKEs are better. P.S. SPAKE2 is a balanced PAKE vs augmented PAKE (or unbalanced PAKE) like OPAQUE and SPAKE2+ (and SPAKE2+EE).
OPAQUE was chosen because it was new and had the new "no precomputation" property. Which can be added to better PAKEs by adding an OPRF vs just sending the salt. OPRFs can be added without adding an extra trips to the…
This was recently broken then fixed. I heard about it because of that then looked at it and broke it again. I only checked one thing and it was wrong. I would not trust this. Also SPEKE based PAKEs are better.
PAKEs are secure over insecure channels. Also I'm pretty sure for RFC2289 the server stores a password equivalent. If you neither care about creating an encrypted session nor being secure over an insecure channel, then…
I forgot to add a TL;DR. I posted one on Twitter though: "TL;DR: do https://gist.github.com/Sc00bz/ec1f5fcfd18533bf0d6bf31d1211d... instead of SRP." The context was someone implementing SRP6a because they didn't have…
Related but you should be doing this regardless. Ctrl+Shift+Del and clear everything since forever ago. I do "Ctrl+Shift+Del, Enter" several times a day and use 2 browsers: stuff I'm logged into and everything else.…
Yes, I think this counts as proof: https://twitter.com/Sc00bzT/status/731243916951994368 My win was legit, but there's no way for me to prove that. Well if this was a PR stunt then I should of @defcon or at least…
That is awesome :)
> Isn't this trivially possible in Cryptocat for anyone who controls the server? Yes this is a known bug since August 2013. When I found it and reported it. This was "patched" but if Mallory controls the server it is…
Super fun fact: Blizzard's (ie World of Warcraft's) safe prime was 256 bits which was known to be broken at the time, but no one really knew this until they got hacked and their database got leaked. Super-duper fun…
> Apparently, it's based on "aPAKE" which stands for "Asymmetric PAKE" It is an "aPAKE" which stands for "augmented PAKE". An aPAKE is client-server vs peer-to-peer. The original PAKE was peer-to-peer then augmented to…
I was team SPAKE2 based PAKEs, but I now know that SPEKE based PAKEs are better. P.S. SPAKE2 is a balanced PAKE vs augmented PAKE (or unbalanced PAKE) like OPAQUE and SPAKE2+ (and SPAKE2+EE).
OPAQUE was chosen because it was new and had the new "no precomputation" property. Which can be added to better PAKEs by adding an OPRF vs just sending the salt. OPRFs can be added without adding an extra trips to the…
This was recently broken then fixed. I heard about it because of that then looked at it and broke it again. I only checked one thing and it was wrong. I would not trust this. Also SPEKE based PAKEs are better.
PAKEs are secure over insecure channels. Also I'm pretty sure for RFC2289 the server stores a password equivalent. If you neither care about creating an encrypted session nor being secure over an insecure channel, then…
I forgot to add a TL;DR. I posted one on Twitter though: "TL;DR: do https://gist.github.com/Sc00bz/ec1f5fcfd18533bf0d6bf31d1211d... instead of SRP." The context was someone implementing SRP6a because they didn't have…
Related but you should be doing this regardless. Ctrl+Shift+Del and clear everything since forever ago. I do "Ctrl+Shift+Del, Enter" several times a day and use 2 browsers: stuff I'm logged into and everything else.…
Yes, I think this counts as proof: https://twitter.com/Sc00bzT/status/731243916951994368 My win was legit, but there's no way for me to prove that. Well if this was a PR stunt then I should of @defcon or at least…
That is awesome :)
> Isn't this trivially possible in Cryptocat for anyone who controls the server? Yes this is a known bug since August 2013. When I found it and reported it. This was "patched" but if Mallory controls the server it is…