Cryptography

Mon
31
Aug

The Easiest Way to get Around SSL 2

Contributed by Roberto Larcher

This paper explains how it is often possible, with the simple substitution of a string, to get around a "secure" implementation based on an incorrect use of SSL. Please note that this document does not contain any information about weaknesses of the SSL protocol; it simply shows the easiest way to get around the correct functioning of the SSL protocol.

This document is in PDF format. To view it click here.

Fri
21
Aug

Flaws and Solutions: Disk Encryption

Contributed by Rob Hornbuckle

Providers of encryption software do not protect against side channel attacks, leaving organizations vulnerable to exploitation. For those companies who have a business justification to employ methods to virtually eliminate the weaknesses within encryption, several options are available. Of note, are methods used by Trevisor, Cryptkeeper, and TPM. Also note that to completely remove the vulnerabilities inherent with Cryptkeeper, it needs to be developed further using concepts from Trevisor. These solutions in their current form are cost prohibitive from an implementation standpoint for most companies.

This document is in PDF format. To view it click here.

Wed
19
Aug

Advanced Encryption Standard by Example

Contributed by Adam Berent

The following document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is to give developers with little or no knowledge of cryptography the ability to implement AES.

This document is in PDF format. To view it click here.

Wed
08
Jul

Combinational Stream & Block Ciphering Using Double Encryption Algorithms

Cryptography

Contributed by Ashish Anand and restored from the old Infosecwriters archives.

“If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism – and you still can’t open the safe and read the letter – that’s security!”

This document is in PDF format. To view it click here.

Mon
22
Jun

Elliptic Curve Cryptography

Contributed by Anoop M.S.

The paper gives an introduction to elliptic curve cryptography (ECC) and how it is used in the implementation of digital signature (ECDSA) and key agreement (ECDH) Algorithms. The paper discusses the implementation of ECC on two finite fields, prime field and binary field. It also gives an overview of ECC implementation on different coordinate systems called the projective coordinate systems. The paper also discusses the basics of prime and binary field arithmetic.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Cryptography