Posts written by Landon

Bleichenbacher ’06 RSA Signature Forgery: What they assume you know

Landon | Dec 17, 2021

In 2006, Daniel Bleichenbacher shared a discovery in an evening session at a cryptography conference: Several implementations of RSA-based PKCS 1 v 1.5 cryptographic signature verification were fatally flawed and susceptible to signature forgery. It is as bad as it sounds. The sad part: The flaw in the signature verification algorithm is that the signature […]

RSA for those who aren’t number theorists

Landon | Oct 29, 2021

I just finished cryptopals challenge 39, in which I had to implement RSA. For me, it wasn’t enough for me to just implement the RSA algorithm. I sort of needed to understand a bit about the underlying number theory. I say that because I’ve faced instances in the past where a typo or error in […]

Secure Remote Password Demystified

Landon | Sep 16, 2021

Secure Remote Password (SRP) is a protocol by which a user in a system is able to log in to that system without the system ever knowing or storing the user’s password. Consider this description of the SRP protocol from cryptopals challenge 36: Replace A and B with C and S (client & server) C […]

Timing leaks and multi-threading

Landon | Aug 24, 2021

What if the server that verified MACs took longer to verify a correct mac than an incorrect one? Or, perhaps put differently, what if you could tell the difference between a more correct guess than an obviously wrong one? If you can, you can break MAC authentication schemes, and that’s what the cryptopals authors are […]

SHA1 and MD4 Length Extension Attacks Explained

Landon | Jul 13, 2021

Continuing my series on the cryptopals challenges… In section four, two of the challenges require you to get past a checksum test by spoofing a hash associated with a forged message. The idea is that if you can manage to pass a query string to an application (say a web application) that has been toyed […]

Breaking Counter Mode Encryption

Landon | Jun 04, 2021

The subject of today’s post is breaking counter mode encryption, which directly concerns three cryptopals challenges: challenge 19, challenge 20, and challenge 25. (And maybe more … I’m only as far as challenge 25 at this point.) What is counter mode encryption? Counter mode encryption is a method of encryption in which the content of […]

Cloning a Mersenne Twister Random Number Generator from its output

Landon | May 26, 2021

As was said in my last post, I’m doing cryptopals. Just last night I finished Challenge 23. I was able to successfully clone a 32-bit Mersenne Twister pseudorandom number generator (PRNG) from its output. You can see how I did this by checking out my solution in my github repo. If you’re like me when […]

I’m doing cryptopals

Landon | May 21, 2021

Cryptography fascinates me. It’s amazing how critical cryptography is to the internet and the digital economy. Even more amazing to me is how simple it is to crack if it’s insecure. I don’t have a computer science degree; I took some courses on algorithmic design in college, but felt so totally lost and overwhelmed that […]

Spring Batch Testing: Asserting file equality after running a single step

Landon | Jan 20, 2021

For some time at SoFi, we’ve worked with Spring Batch to provide a third-party integration with a service without a robust API, but that loves to work in terms of batch files. There are a number of ways to deal with that, and we’ve taken a few different approaches. One of them is to implement […]

Beware Hibernate’s caching when using database filters

Landon | Apr 30, 2019

The stack I work in every day uses Hibernate and Spring Data JPA for its object/relational mapping framework. My company is hardly alone in using these tools to map data from a database into Java objects. They’re quite commonly used, and also quite powerful. One of the nifty features of Hibernate is Filtering. You can […]

   Older posts »