Blog Thom Wiggers' blog


Latincrypt paper!

Written by Thom Wiggers on 24 Aug 2017

I’m going to Cuba as my submission to Latincrypt 2017 was accepted! The paper is called Energy-efficient ARM64 Cluster with Cryptanalytic Applications: 80 cores that do not cost you an ARM and a leg. Visit the accompanying page to view the software. I’ll upload the paper once I’m done editing.


Securing OpenSSH

Written by Thom Wiggers on 29 Jan 2016

You can set up SSH to prefer Elliptic Curve cryptography over RSA, and use modern key exchange algorithms without exposing yourself to Logjam-style attacks. It’s also good to get rid of SHA1 and MD5.

A good resource is the OpenSSH Guidelines page on the Mozilla wiki. You can basically copy the config.

Caveat: I found out that the version of Paramiko in Debian Jessie does not support SHA2 hashes or ECC in the key exchange. Paramiko was used in my case by duplicity. If you upgrade to the most recent version from pypi you can use diffie-hellman-exchange-group-sha256.


Prøst at Student Research Conference

Written by Thom Wiggers on 15 Nov 2015

In July, Peter Schwabe, who supervised my Bachelor’s thesis project, suggested to submit my work to the Student Research Conference. It then turned out that the deadline was the next day, so I had to work hard to convert 28 pages of thesis into a paper of 4 pages.

To my own suprise my paper was accepted for a poster presentation. It was very interesting and challenging to tell the people at the conference (which was at Tilburg University) about my research: I had a very technical story, and a lot of people in the humanities already are scared by the word “encryption”. Nevertheless it was a nice experience and I think I was able to get at least some things through to people.

I’ve updated my Prøst page with the published paper and the poster I presented.


Bitcoin private key qrcode scraper

Written by Thom Wiggers on 01 Nov 2015

Tegenlicht today had an episode about Bitcoin where they announced they were going to give away €100 in Bitcoin. They were going to put up a Bitcoin wallet private key as a QR-code on the screen.

It seemed to me like a fun project to try and grab that Bitcoin. I coded an app that takes a screenshot every couple seconds and then tries to detect all QR-codes in it. If any of the codes look like a private key, I then used the Blockcypher API to determine the balance and empty the account into my own wallet.

Unfortunately, the NPO stream was probably too slow and I was a couple moments too late. It still was a fun challenge to program though and I learnt a bit about how Bitcoin works.

The code is available on here on Github


Deprecating fields in MongoEngine Documents

Written by Thom Wiggers on 26 Jul 2015

I’ve had to rename some fields today with MongoEngine. Using the following approach, I was able to raise DeprecationWarnings when old version were used.

Create the following function. It returns a property that will access the new variable name.

def deprecated_field(new_name):
    """Wrapper for deprecated fields"""
    def getter(self):
        warnings.warn('This field is deprecated, use {}'.format(new_name),
                      DeprecationWarning,
                      stacklevel=2)
        return getattr(self, new_name)

    def setter(self, value):
        warnings.warn('This field is deprecated, use {}'.format(new_name),
                      DeprecationWarning,
                      stacklevel=2)
        return setattr(self, new_name, value)

    return property(getter, setter)

Now use this function whenever you need to deprecate something

class A:
    new_x = 'something'
    old_x = deprecated_field('new_x')

Trying to access A.old_x will now get the warning.

This will probably also work for regular Django Models, but I haven’t tested that.