Posted in Security World

First SHA-1 collision, birthday paradox, should you rehash your will?

One of the most important properties of a cryptographic hash function is that of “Strong collision-resistance“, that is, it should be “computationally infeasible” to find distinct inputs x, x’ such that hash(x) = hash(x’).

For the SHA-1 hash function, which generates a 160 bit hash, to have strong collision resistance, only ... read more

Continue Reading...
Posted in haskell Software

LTE Crypto — safe, stateful computations in purely functional language Haskell

Snow3G is one of the two algorithms (the other being AES) algorithms used in LTE (4G) mobile network. The specifications for LTE come from the standards body called 3GPP and include the specification and reference implementation in C for the Snow 3G algorithm. There is an algorithm for confidentiality (encryption/decryption), and an algorithm for ... read more

Continue Reading...
Posted in Security Software

Elliptic Curve Cryptography: computing shared key

Elliptic Curve Cryptography: computing shared key

If Alice and Bob want to exchange encrypted messages, they need to first agree on a Key. This shared key (also known as symmetric key) will be used to by both parties to encrypt messages. There are many ways of arriving at the shared key (including the old fashioned ... read more

Continue Reading...
Posted in Security Software

Perils of Unreachable Code — was it deliberate?

There is no substitute for detailed code reviews, more so if the code is related to security. Any changes to such code, however minor, should be reviewed. However, in addition, it also helps if the compiler, tools etc can help in flagging potential errors.

Take the case of the very serious security error in ... read more

Continue Reading...