Posts

The new TLS 1.3 standard [1] does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort [2], many KEMs are currently under consideration.

CONTINUE READING

I’m going to Cuba as my submission to Latincrypt 2017 was accepted! The paper is called Energy-efficient ARM64 Cluster with Cryptanalytic Applications: 80 cores that do not cost you an ARM and a leg. Visit the accompanying page to view the software. I’ll upload the paper once I’m done editing.

CONTINUE READING

You can set up SSH to prefer Elliptic Curve cryptography over RSA, and use modern key exchange algorithms without exposing yourself to Logjam-style attacks. It’s also good to get rid of SHA1 and MD5. A good resource is the OpenSSH Guidelines page on the Mozilla wiki. You can basically copy the config. Caveat: I found out that the version of Paramiko in Debian Jessie does not support SHA2 hashes or ECC in the key exchange.

CONTINUE READING

In July, Peter Schwabe, who supervised my Bachelor’s thesis project, suggested to submit my work to the Student Research Conference. It then turned out that the deadline was the next day, so I had to work hard to convert 28 pages of thesis into a paper of 4 pages. To my own suprise my paper was accepted for a poster presentation. It was very interesting and challenging to tell the people at the conference (which was at Tilburg University) about my research: I had a very technical story, and a lot of people in the humanities already are scared by the word “encryption”.

CONTINUE READING

Tegenlicht today had an episode about Bitcoin where they announced they were going to give away €100 in Bitcoin. They were going to put up a Bitcoin wallet private key as a QR-code on the screen. It seemed to me like a fun project to try and grab that Bitcoin. I coded an app that takes a screenshot every couple seconds and then tries to detect all QR-codes in it. If any of the codes look like a private key, I then used the Blockcypher API to determine the balance and empty the account into my own wallet.

CONTINUE READING

I’ve had to rename some fields today with MongoEngine. Using the following approach, I was able to raise DeprecationWarnings when old version were used.

Create the following function. It returns a property that will access the new variable name.

CONTINUE READING

Prøst is an authenticated encryption cipher and a contestant in the CAESAR competition for Authenticated Encryption. For my bachelor thesis research project, I’ve implemented Prøst on ARM11.

You can find more information about this project on this page.

CONTINUE READING

Today I’ve tried to globally install Powerline. That was a bit of a pain because it has no global config files.

Quick and dirty how-to:

  1. Add XDG_CONFIG_DIRS=/etc/xdg to /etc/environment if it isn’t already set,
  2. Copy the config to /etc/xdg/powerline,
  3. Customize config,
  4. Load powerline from /etc/bash.bashrc, ~/.zshrc, etc.

My config can be found at on Github

CONTINUE READING

Today, I enabled perfect forward secrecy on my nginx installation. I’m writing down the config so I can easily find it later.

CONTINUE READING

I recently read The Circle by Dave Eggers. It is a bit like the classic dystopian novel 1984 being brought up to date in the age of smartphones, apps and Google, Facebook and Twitter. Though it does not have very novel ideas, Eggers paints a picture of the tyranny of the masses and of the consequences of a society that only has a surface level.

CONTINUE READING