The crooks needed at least two private keys, each stored in two parts... but they got them anyway.
...moreSummary
Total Articles Found: 5
Top sources:
Top Keywords:
- crypto: 5
- security: 3
- Cryptocurrency: 1
- Data loss: 1
- ether: 1
Top Authors
Top Articles:
- Major cryptography blunder in Java enables “psychic paper” forgeries
- GnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin
- Harmony blockchain loses nearly $100M due to hacked private keys
- Partitioning Oracle Attacks | USENIX
- OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys
Harmony blockchain loses nearly $100M due to hacked private keys
Published: 2022-06-27 18:14:53
Popularity: 13
Author: Paul Ducklin
Keywords:
Major cryptography blunder in Java enables “psychic paper” forgeries
Published: 2022-04-20 19:28:17
Popularity: 171
Author: Dan Goodin
Keywords:
A failure to sanity check signatures for division-by-zero flaws makes forgeries easy.
...morePartitioning Oracle Attacks | USENIX
Published: 2021-01-30 20:59:09
Popularity: 4
Author: eau@users.lobste.rs (eau)
Keywords:
🤖: "Database breach"
In this paper we introduce partitioning oracles, a new class of decryption error oracles which, conceptually, take a ciphertext as input and output whether the decryption key belongs to some known subset of keys. Partitioning oracles can arise when encryption schemes are not committing with respect to their keys. We detail adaptive chosen ciphertext attacks that exploit partitioning oracles to efficiently recover passwords and de-anonymize anonymous communications. The attacks utilize efficient key multi-collision algorithms—a cryptanalytic goal that we define—against widely used authenticated encryption with associated data (AEAD) schemes, including AES-GCM, XSalsa20/Poly1305, and ChaCha20/Poly1305. We build a practical partitioning oracle attack that quickly recovers passwords from Shadowsocks proxy servers. We also survey early implementations of the OPAQUE protocol for password-based key exchange, and show how many could be vulnerable to partitioning oracle attacks due to incorrectly using non-committing AEAD. Our results suggest that the community should standardize and make widely available key-committing AEAD to avoid such vulnerabilities. Comments
...moreGnuTLS patches huge security hole that hung around for two years – worse than Heartbleed, says Google cryptoboffin
Published: 2020-07-19 13:57:20
Popularity: 167
Author: josuah@users.lobste.rs (josuah)
Keywords:
https://nvd.nist.gov/vuln/detail/CVE-2020-13777 https://github.com/0xxon/cve-2020-13777 Comments
...moreOpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys
Published: 2020-04-24 18:18:26
Popularity: 4
Author: FiloSottile@users.lobste.rs (FiloSottile)
Keywords:
Comments
...more