📬 McEliece-Messaging: Smoke Crypto Chat – The first mobile McEliece messenger published as a stable prototype worldwide
#Datenschutz #English #ITSicherheit #DoubleRatchetprocedure #ECDSA #fdroid #fiascoforwarding #McElieceMessaging #POPTASTIC #SmokeCryptoChat #SmokeStackServer https://tarnkappe.info/artikel/english/mceliece-messaging-smoke-crypto-chat-the-first-mobile-mceliece-messenger-published-as-a-stable-prototype-worldwide-279847.html

🔖 Você deveria parar de usar certificados #SSL do tipo #RSA

Os #certificados SSL protegem a conexão entre seu usuário e seu site, mas um dos mais usados hoje em dia são do tipo RSA. Eles são pesados e vulneráveis, mas ainda estão aí por uma falsa crença sobre compatibilidade.

Se você puder mudar seus certificados para #ECC (#ECDSA), seu site demandará menos recursos, estará protegido e contará com um algoritmo bem menos vulnerável.

Nem precisa usar a configuração chamada "dual-stack", oferecendo certificados RSA e ECC ao mesmo tempo para os navegadores dos usuários.

Veja a compatibilidade dos certificados ECC:

🖥️ Sistemas operacionais:
▫️ Apple OS X: OS X 10.6
▫️ Microsoft Windows: Windows Vista
▫️ Red Hat Enterprise Linux 6.5
▫️ iOS: iOS 7.x
▫️ Android OS: 3.x
▫️ Microsoft Windows Phone: 7.x

🌐 Navegadores:
▫️ Apple Safari: 4
▫️ Google Chrome: 1.0
▫️ Microsoft Internet Explorer: 7
▫️ Mozilla Firefox: 2.0

Então a menos que você receba visitas de pessoas com sistemas operacionais muito antigos, não faz sentido o gasto computacional e vulnerabilidades dos certificados SSL do seu site.

Considere na próxima renovação passar a gerar certificados ECC.

🔗 Para saber mais: https://alto.win/V2TPa

#️⃣ #MastoAdmin

Full #RSA and #ECDsa support is now available in https://github.com/heaths/azcrypto for #Azure #KeyVault. I'm consider AES support, but still researching AES in #golang. The APIs I'm familiar with in #csharp are significantly different so it may be a while, and AES is limited to #ManagedHSM anyway.

Since the #AzureSDK for #golang's philosophy is thin, mostly generated clients - which I don't disagree with - I built a #cryptography client atop it much like I helped drive in our other SDK languages and wrote for the #Azure #KeyVault SDK for .NET: https://github.com/heaths/azcrypto

It's very early in development right now - supporting only #ECDsa sign and verify - but is an MVP enough to get some feedback from my team or anyone else who may be interested.

Asymmetric Commitments
https://soatok.blog/2023/04/03/asymmetric-cryptographic-commitments/

#crypto #cryptography #rsa #ecdsa #encryption #signatures

Among the choices: #ECDSA or #Ed25519? The later is not mandated by the RFCs.

#DNSSEC

#GitHub changed their RSA SSH host key which can be the reason why any secure Git operations suddenly starting to fail.

Remove current key:
ssh-keygen -R github.com

Get new key:
ssh -T git@github.com
Confirm with yes after verifying the fingerprint with https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints.

Might be a good opportunity to switch to #ECDSA or #Ed25519 keys.

Official announcement: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

#InfoSec #Cryptography
> #Polynonce: A Tale of a Novel #ECDSA Attack and #Bitcoin Tears
> So, since we aren’t sipping Mojitos on a beach in some exotic location, you can tell we didn’t gain access to #Satoshi’s wallet, but we recovered the private key of some #Bitcoin wallets showing that the attack works. We only scratched the surface by looking at #Bitcoin, #Ethereum, and some #TLS connections.
https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/
https://www.grc.com/sn/sn-914-notes.pdf

Bitcoin in Gefahr? Was hat es mit der neuen ECDSA „Schwachstelle“ auf sich? https://www.blocktrainer.de/was-hat-es-mit-der-neuen-ecdsa-schwachstelle-auf-sich/ #Sicherheit #Blogpost #Signatur #Bitcoin #ECDSA #News

📬 ECDSA-Bitcoin-Schwachstelle entdeckt: Bitcoin in Gefahr?
#Blockchain #Cyberangriffe #Krypto #Bitcoin #ECDSA #Kryptographie #KudelskiSecurity #LineareKongruenzgeneratoren #Nonce #PseudoRandomNumberGenerator https://tarnkappe.info/artikel/cyberangriff/ecdsa-bitcoin-schwachstelle-entdeckt-bitcoin-in-gefahr-266729.html

Nouvelle attaque contre #ECDSA applicable contre les réseaux #Bitcoin et #Ethereum

https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

Kas mulle tundub, või on meie uued id-kaardid, mis ECDSA allkirja kasutavad, suhteliselt lihtsasti lekkiva privaatvõtmega? St allkirjastamistarkvara poolt rünnatav, kui nonce on kontrollitav või väga halb. #idKaart #ecdsa

https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

sharing via https://infosec.exchange/@nhamiel

"In this blog post, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks. Although we didn’t recover Satoshi’s private key (we’d be throwing a party instead of writing this blog post), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can ensure they do not have this vulnerability in their systems.

How Bad Is It?
In simpler words, what our attack means is that every time an ECDSA signature is generated, the signature itself gives us a relation between the nonce and the private key. If the nonces are truly randomly generated, this should never be a problem because the chance that a number of nonces picked at random fit on a low-degree polynomial recurrence relation is negligibly small.

But there is a catch: nonces are usually output by a pseudorandom number generator (PRNG) rather than being really random, and PRNGs are deterministic algorithms with relatively low complexity. #encryption #ecdsa #ellipticcurve #algorithm #algorithms #bitcoin #ethereum

https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

Introducing #Polynonce, a novel attack against #ECDSA. Today we release the paper, a story of how we ran it against datasets like #Bitcoin, and code so you can run the attack yourself and verify your systems aren’t vulnerable. We only scratched the surface. Enjoy. https://research.kudelskisecurity.com/2023/03/06/polynonce-a-tale-of-a-novel-ecdsa-attack-and-bitcoin-tears/

We are dumping a bunch of research next week. I'm excited. New attack against #ECDSA as well as #AI stuff and some new vuln disclosures. Is Satoshi's wallet safe??? Well, obviously, since I’m posting this and not buying Lambos for my friends and family, you get the picture. 😜

Done with a 4am HKT talk
https://www.ndss-symposium.org/ndss-paper/real-threshold-ecdsa
#ndss #ndss23 #ecdsa #threshold #blockchain #cryptocurrency #dnssec

Fichtre il a réitéré le bougre !

https://journalducoin.com/bitcoin/satoshi-nakamoto-a-t-il-programme-la-mort-de-bitcoin-chapitre-iii-ecdsa-et-hash/

#crypto #rsa #ecdsa

https://l33t.codes/2023/02/22/Have-My-Salt-And-My-Iterations-Too/ An attempt to explain things with less lingo and with some examples.

#crypto #cryptography #ecdsa #pki #somethingsomethingsec

InfoSec people can punch me if you like.

Auch wenn #RSA noch nicht gebrochen ist: Wieder ein paar Zertifikate auf #ECDSA umgestellt. Der Support ist schon ziemlich ordentlich, nur eine reine Let's Encrypt-ECDSA-Chain könnte Probleme bereiten. Trust Stores werden viel zu selten aktualisiert.

Gleichzeitig von certbot auf lego umgestellt, womit viele DNS-Provider (bspw. für WIldcard-Zertifikate) unterstützt werden: https://go-acme.github.io/lego/installation/ Leider nur begrenzt als Paket verfügbar (und in Debian bspw. stark veraltet und beschränkt); andererseits kann ich mir dafür jetzt snapd auf einem System für certbot sparen.

Finally AWS ACM offers SSL certificates based on ECDSA, but I still do not understand why they support different key algorithms for ALB and Cloudfront. For example Cloudfront only supports ECDSA with 256-bit keys.

#AWS #ACM #Cloudfront #ECDSA