Resources đ
- Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
- Table of Contents pdf
- Chapter 1 - Overview of Cryptography pdf
- Chapter 2 - Mathematics Background pdf
- Chapter 3 - Number-Theoretic Reference Problems pdf
- Chapter 4 - Public-Key Parameters pdf
- Chapter 5 - Pseudorandom Bits and Sequences pdf
- Chapter 6 - Stream Ciphers pdf
- Chapter 7 - Block Ciphers pdf
- Chapter 8 - Public-Key Encryption pdf
- Chapter 9 - Hash Functions and Data Integrity pdf
- Chapter 10 - Identification and Entity Authentication pdf
- Chapter 11 - Digital Signatures pdf
- Chapter 12 - Key Establishment Protocols pdf
- Chapter 13 - Key Management Techniques pdf
- Chapter 14 - Efficient Implementation pdf
- Chapter 15 - Patents and Standards pdf
- Appendix - Bibliography of Papers from Selected Cryptographic Forums pdf
- References pdf
- Index pdf
- Cryptography 101: online courses on cryptography and related areas by Alfred Menezes
- The Mathematics of Lattice-Based Cryptography (SIS, LWE, lattices)
- Kyber and Dilithium (standardized lattice-based cryptosystems
- Crypto 101: Building Blocks (fundamental cryptographic primitives
- Crypto 101: Real-World Deployments (beginning in February 2025)
- Error-Correcting Codes (linear, Hamming, Golay, cyclic, BCH, Reed-Solomon codes)
- Cryptography 101 Playlists - Lectures by Alfred Menezes on applied cryptography and related areas
- The CTF Primer by Samuel Sabogal Pardo, Jeffery John, Luke Jones
- crackmes.one - a simple place where you can download crackmes to improve your reverse engineering skills
- OpenSSL - The OpenSSL software library is a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. It is developed under the OpenSSL Mission with support from the OpenSSL Foundation and OpenSSL Corporation.
- OpenSSL Cookbook: A short book that covers the most frequently used features and commands (Feisty Duck)
Articles
- Turning Google smart speakers into wiretaps for $100k
- How To Crack WEP and WPA Wireless Networks 2008-11-21 (updated: 2013-02-25) by Philip
- backdoor in US medical device calls out to chinese university
Concepts
- Public-key cryptography - Wikipedia
- DiffieâHellman key exchange - Wikipedia
- RSA (cryptosystem) - Wikipedia (RivestâShamirâAdleman)
- Advanced Encryption Standard - Wikipedia (AES)
Elliptic Curve Cryptography
- Elliptic Curve Cryptography a gentle introduction (link)
- HTML5/JavaScript visual tool for computing sums on elliptic curves - built by Andrea Corbellini
- Elliptic-curve cryptography - Wikipedia
- RSA vs ECC which one is better, and why? - Reddit thread, maybe spurious but still interesting
- Elliptic-curve DiffieâHellman - Wikipedia
- Elliptic Curve Digital Signature Algorithm - Wikipedia
Notes on Motivations for use of Elliptic Curve Cryptography from National Security AgencyCentral Security Service Web Site
The two noteworthy first generation public key algorithms used to secure the Internet today are known as RSA and Diffie-Hellman (DH). The security of the first is based on the difficulty of factoring the product of two large primes. The second is related to a problem known as the discrete logarithm problem for finite groups. Both are based on the use of elementary number theory. Interestingly, the security of the two schemes, though formulated differently, is closely related.
âŠelliptic curve cryptography has remained at its full strength since it was first presented in 1985âŠ
âŠThe length of a key, in bits, for a conventional encryption algorithm is a common measure of security. To attack an algorithm with a k-bit key it will generally require roughly 2k-1 operations. Hence, to secure a public key system one would generally want to use parameters that require at least 2k-1 operations to attack. The following table gives the key sizes recommended by the National Institute of Standards and Technology to protect keys used in conventional encryption algorithms like the (DES) and (AES) together with the key sizes for RSA, Diffie-Hellman and elliptic curves that are needed to provide equivalent security.
| Symmetric Key Size (bits) | RSA and Diffie-Hellman Key Size (bits) | Elliptic Curve Key Size (bits) |
|---|---|---|
| 80 | 1024 | 160 |
| 112 | 2048 | 224 |
| 128 | 3072 | 256 |
| 192 | 7680 | 384 |
| 256 | 15360 | 521 |
| Table 1: NIST Recommended Key Sizes |
To use RSA or Diffie-Hellman to protect 128-bit AES keys one should use 3072-bit parameters: three times the size in use throughout the Internet today. The equivalent key size for elliptic curves is only 256 bits.
One can see that as symmetric key sizes increase the required key sizes for RSA and Diffie-Hellman increase at a much faster rate than the required key sizes for elliptic curve cryptosystems.
Attack Types
Clickjacking
Clickjacking or formally UI Redressing: attacker âredressesâ the interface seen by the user with an invisible frame that tricks them into doing things they wouldnât ordinarily do
- Clickjacking Attacks How to Detect and Prevent Ping Identity
- Testing for Clickjacking
- X-Frame-Options - HTTP MDN - The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page in a
<frame>,<iframe>,<embed>or<object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
Password managers
- Google Password Manager vs. 1Password r1Password
- Password Managers. from Tavis Ormandy (vulnerability researcher at Google)
- Is Google Password Manager Safe in 2024 from the LastPass blog - didnât get much from this; doesnât identify clear failures/vulnerabilities of Google Password Manager (GPM); at one point say that if the Google account is compromised, passwords are too, but this is equally true of the LasPass account đ; comparison paragraph mentions cross-platform advantage of LastPass. In Google Password Manager vs. 1Password r1Password on Reddit thereâs a good point about LP being useful for family / industry setting for a team which needs joint access to passwords (inconvenient in GPM setting if tied to personal account)
Miscellaneous
- Crowdstrike failure in July 2024 write up Tavis Ormandy (vulnerability researcher at Google)
- Extracting Clear-Text Credentials Directly From Chromiumâs Memory
- memory chunk, the password is stored inside a memory section of type Private: Commit. One could think that data stored in such memory pages is not accessible to any other process. Surprisingly, such pages cannot be part of a âshared memory,â but other processes have no problem reading the data in them (via ReadProcessMemory API).
- Chromium.org stated they will not fix issues related to physical local attacks since âthere is no way for Chrome (or any application) to defend against a malicious user who has managed to log into your device as youâ (here). While this statement is probably true in general (especially if you assume the attacker can get administrator privileges), I believe it should not be so easy to steal sensitive credentials as it is today.
- Chromium Docs - Chrome Security FAQ - see Threat Model therein