Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Cryptography demystified - An introduction without maths
This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.
⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-10627-cryptography_demystified
#video #CCC #36c3 #cryptography
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
This talk will explain the basic building blocks of cryptography in a manner that will (hopefully) be understandable by everyone. The talk will not require any understanding of maths or computer science.
In particular, the talk will explain encryption, what it is and what it does, what it is not and what it doesn't do, and what other tools cryptography can offer.
⚠️ This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them. Please look for "audio tracks" in your desktop video player.
https://media.ccc.de/v/36c3-10627-cryptography_demystified
#video #CCC #36c3 #cryptography
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Academics find crypto bugs in 306 popular Android apps, none get patched
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.
A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.
Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.
Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.
The top three most broken rules were:
‼️ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
‼️ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
‼️ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)
These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.
👀 👉🏼 https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched
#cryptography #bugs #android #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.
A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.
Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.
Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.
The top three most broken rules were:
‼️ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
‼️ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
‼️ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)
These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.
👀 👉🏼 https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched
#cryptography #bugs #android #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
ZDNet
Academics find crypto bugs in 306 popular Android apps, none get patched
Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.
Forwarded from 0•Bytes•1
Enjoy your tea, my Alices in Wonderland! 🎀
Many people have heard of onion routing in Tor and have a rough idea of how it works. However, fewer people know about garlic routing.
That's why I decided to write a short note about what it is and how it works in I2P🚥
How is a message sent? ✉️
In I2P, your message travels through a tunnel—a chain of randomly picked computers (nodes) on the network. Each node only knows where to send the data next, not the message content, thanks to garlic encryption🧄.
Your message is first encrypted for the recipient using end-to-end encryption. Asymmetric encryption🔐 uses a public key to encrypt and a private key to decrypt.
How are encryption layers created?🔒
Now the process of wrapping the message in layers begins.
Imagine that you have a tunnel with three nodes: A, B, C.
The encrypted message (already protected for the recipient) must be passed through these nodes so that each one knows only the next step. To do this, I2P creates encryption layers one for each node.
Each layer is additional encryption with instructions for a specific node, such as “forward to node B” or “send to recipient.”
It works like this: you encrypt the message with the public key of node C, adding the instruction “forward to node B.” You encrypt this packet again with the public key of node B with the instruction “forward to node A.” Then the entire packet is encrypted with the public key of node A with the instruction “send to recipient.”
When you send the packet, it goes to node A. Node A opens its layer with its secret key, sees the instruction “forward to node B” and forwards the data. The data remains encrypted for other nodes. Node B opens its layer, sees the instruction “forward to node C” and forwards it. Node C opens the last layer, sees that it needs to be sent to the recipient, and does so.
Each node only knows its own step and does not see the content of the message, its sender, or its recipient.
Why is encryption called garlic?🧄
Now, let's talk about “garlic” encryption in detail. In I2P, your message is packed with others into one encrypted packet🗂, called garlic. This packet may include your message, others’ messages, and network data like tunnel commands⚙️
All these messages are encrypted together, and each layer of encryption (for nodes A, B, C) covers the entire large packet, not each message individually.
When node A opens its layer, it sees the instruction for the entire packet, such as “forward to node B,” and sends it on. It does not know how many messages are inside, whose they are, or where they are going. Node B does the same, opening its layer and forwarding the packet to node C. Node C, opening the last layer, can send the entire packet or parts of it (depending on the instruction) to the recipients, but it does not know how many messages are inside and to whom they are addressed. This makes it impossible to determine whose message is where, even when observing the network.
Each message in the packet is protected by individual encryption for its recipient🔑 so that no one but the intended person can open it.
The messages inside the packet are not explicitly separated they are sort of stuck together into one continuous encrypted piece of data. I2P can also add “garbage” data🗑 fake messages that masquerade as real ones but mean nothing.
In addition, I2P mixes♻️ your packet with other data on the network and can add random delays during transmission. This makes it difficult to analyze traffic. Tunnels change every 10 minutes, and the nodes in them are selected again, so it is impossible to track the path.
How does garlic encryption differ onion encryption?🧅
In onion encryption, each message is encrypted separately and transmitted through its own chain of nodes. Garlic encryption not only wraps your message in layers of encryption, but also combines it with other messages and fake data into a single encrypted packet.
#i2p #cryptography #garlic_encryption #anonymity #tor
Many people have heard of onion routing in Tor and have a rough idea of how it works. However, fewer people know about garlic routing.
That's why I decided to write a short note about what it is and how it works in I2P🚥
How is a message sent? ✉️
In I2P, your message travels through a tunnel—a chain of randomly picked computers (nodes) on the network. Each node only knows where to send the data next, not the message content, thanks to garlic encryption🧄.
Your message is first encrypted for the recipient using end-to-end encryption. Asymmetric encryption🔐 uses a public key to encrypt and a private key to decrypt.
How are encryption layers created?🔒
Now the process of wrapping the message in layers begins.
Imagine that you have a tunnel with three nodes: A, B, C.
The encrypted message (already protected for the recipient) must be passed through these nodes so that each one knows only the next step. To do this, I2P creates encryption layers one for each node.
Each layer is additional encryption with instructions for a specific node, such as “forward to node B” or “send to recipient.”
It works like this: you encrypt the message with the public key of node C, adding the instruction “forward to node B.” You encrypt this packet again with the public key of node B with the instruction “forward to node A.” Then the entire packet is encrypted with the public key of node A with the instruction “send to recipient.”
When you send the packet, it goes to node A. Node A opens its layer with its secret key, sees the instruction “forward to node B” and forwards the data. The data remains encrypted for other nodes. Node B opens its layer, sees the instruction “forward to node C” and forwards it. Node C opens the last layer, sees that it needs to be sent to the recipient, and does so.
Each node only knows its own step and does not see the content of the message, its sender, or its recipient.
Why is encryption called garlic?🧄
Now, let's talk about “garlic” encryption in detail. In I2P, your message is packed with others into one encrypted packet🗂, called garlic. This packet may include your message, others’ messages, and network data like tunnel commands⚙️
All these messages are encrypted together, and each layer of encryption (for nodes A, B, C) covers the entire large packet, not each message individually.
When node A opens its layer, it sees the instruction for the entire packet, such as “forward to node B,” and sends it on. It does not know how many messages are inside, whose they are, or where they are going. Node B does the same, opening its layer and forwarding the packet to node C. Node C, opening the last layer, can send the entire packet or parts of it (depending on the instruction) to the recipients, but it does not know how many messages are inside and to whom they are addressed. This makes it impossible to determine whose message is where, even when observing the network.
Each message in the packet is protected by individual encryption for its recipient🔑 so that no one but the intended person can open it.
The messages inside the packet are not explicitly separated they are sort of stuck together into one continuous encrypted piece of data. I2P can also add “garbage” data🗑 fake messages that masquerade as real ones but mean nothing.
In addition, I2P mixes♻️ your packet with other data on the network and can add random delays during transmission. This makes it difficult to analyze traffic. Tunnels change every 10 minutes, and the nodes in them are selected again, so it is impossible to track the path.
How does garlic encryption differ onion encryption?🧅
In onion encryption, each message is encrypted separately and transmitted through its own chain of nodes. Garlic encryption not only wraps your message in layers of encryption, but also combines it with other messages and fake data into a single encrypted packet.
#i2p #cryptography #garlic_encryption #anonymity #tor
Please open Telegram to view this post
VIEW IN TELEGRAM
0•Bytes•1
monero_en.pdf
Hello, my Mad Hatter friends! 🎩
Let me ask you a question: have you ever wondered how Monero's security works and whether it is as reliable as they say?🪙
In my new article, I figured this out and also explained how to further protect yourself so that your transactions remain invisible even to the most curious eyes.🛡
I describe in detail how Monero works, how resistant it is to attacks, and what measures will help you maintain your anonymity. 🔑
The article covers attacks ranging from Black Marble Flooding to Eclipse Attacks, and I also share practical tips on how to run your own node and configure Tor to increase your privacy.
I hope you will find it interesting to delve into this topic. 🧩 At the end of the article, there are links to additional materials so that you can explore this topic in more depth if you wish. ⚙️
Enjoy your tea! ☕️🩷
English version:
#Monero #XMR #cryptography #privacy #blockchain #ring_signatures #stealth_addresses #RingCT #Tor #I2P #crypto_wallet #security #anonymity #decentralization #Kovri #FCMP #crypto_protection
Let me ask you a question: have you ever wondered how Monero's security works and whether it is as reliable as they say?🪙
In my new article, I figured this out and also explained how to further protect yourself so that your transactions remain invisible even to the most curious eyes.🛡
I describe in detail how Monero works, how resistant it is to attacks, and what measures will help you maintain your anonymity. 🔑
The article covers attacks ranging from Black Marble Flooding to Eclipse Attacks, and I also share practical tips on how to run your own node and configure Tor to increase your privacy.
I hope you will find it interesting to delve into this topic. 🧩 At the end of the article, there are links to additional materials so that you can explore this topic in more depth if you wish. ⚙️
Enjoy your tea! ☕️🩷
English version:
#Monero #XMR #cryptography #privacy #blockchain #ring_signatures #stealth_addresses #RingCT #Tor #I2P #crypto_wallet #security #anonymity #decentralization #Kovri #FCMP #crypto_protection