Secure Remote Password Demystified

Landon | Sep 16, 2021

Secure Remote Password (SRP) is a protocol by which a user in a system is able to log in to that system without the system ever knowing or storing the user’s password. Consider this description of the SRP protocol from cryptopals challenge 36: Replace A and B with C and S (client & server) C […]

Timing leaks and multi-threading

Landon | Aug 24, 2021

What if the server that verified MACs took longer to verify a correct mac than an incorrect one? Or, perhaps put differently, what if you could tell the difference between a more correct guess than an obviously wrong one? If you can, you can break MAC authentication schemes, and that’s what the cryptopals authors are […]

SHA1 and MD4 Length Extension Attacks Explained

Landon | Jul 13, 2021

Continuing my series on the cryptopals challenges… In section four, two of the challenges require you to get past a checksum test by spoofing a hash associated with a forged message. The idea is that if you can manage to pass a query string to an application (say a web application) that has been toyed […]

I’m doing cryptopals

Landon | May 21, 2021

Cryptography fascinates me. It’s amazing how critical cryptography is to the internet and the digital economy. Even more amazing to me is how simple it is to crack if it’s insecure. I don’t have a computer science degree; I took some courses on algorithmic design in college, but felt so totally lost and overwhelmed that […]