Cryptography
- @lemmy.ml @crypto@infosec.pub
@cryptography@lemmy.ml @crypto@infosec.pub
Hexlish Alphabet for English, Constructed Languages and Cryptography: Automatic, Structural Compression with a Phonetic Hexadecimal Alphabet
DOI : https://doi.org/10.5281/zenodo.13139469
Hexlish is a legible, sixteen-letter alphabet for writing the English language and for encoding text as legible base 16 or compressed binary. Texts composed using the alphabet are automatically compressed by exactly fifty percent when converted from Hexlish characters into binary characters. Although technically lossy, this syntactic compression enables recovery of the correct English letters via syntactic reconstruction. The implementer can predict the size of the compressed binary file and the size of the text that will result from decompression. Generally it is intuitive to recognize English alphabet analogues to Hexlish words. This makes Hexlish a legible alternative to the standard hexadecimal alphabet.
\#Hexlish #Conlang #Alphabets #Encoding #Cryptography #Ciphers #Crypto
- Noch zu checken, ob die erwähnten Profile tatsächlich das zum Themenschwerpunkt haben, was der Name suggeriert …
Noch zu checken, ob die erwähnten Profile tatsächlich das zum Themenschwerpunkt haben, was der Name suggeriert …
@dutypo Ich wollte mal Typograph werden, in einem früheren Leben, als es das noch als Ausbildung und Studienschwerpunkt gab – als Übergang für ein paar Jahre, zwischen Offsetdruck und @hedgedoc und @cryptpad@fosstodon.org @cryptpad@peertube.xwiki.com @cryptpad\_design . Dass es nichts wurde, hat meiner Liebe zu @Gedrucktem, #Hörbüchern, #Literaturverfilmungen, #Sprache, typographisch guten elektronischen Veröffentlichungen, #DTP, @PDF, @openscience , @opendatabund , #Aufklärung , @crypto usw. übrigens keinen Abbruch getan. Unter Anderem freie #HedgeDoc- und #Cryptpad-Instanzen gibts hier: https://timo-osterkamp.eu/random-redirect.html
- Can RSA be used for web API authentication?
I need to
- encrypt JSON payload (not just sign)
- not share private key
- verify the payload is generated with the shared public key and RSA fitting all of these.
As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.
Do you think it can be used? Any other suggestions?
- Looking for real-world deployments of bilinear pairings
i remember pond used to have them. but pond is niche and dead. where else are bilinear parings used? i don't care about crapto deployments though...
- PSA: Upgrade your LUKS PBKDF to Argon2id !!
TIL the French government may have broken encryption on a LUKS-encrypted laptop with a "greater than 20 character" password in April 2023.
- https://nantes.indymedia.org/posts/87395/une-lettre-divan-enferme-a-la-prison-de-villepinte-perquisitions-et-disques-durs-dechiffres/
When upgrading TAILS today, I saw their announcement changing LUKS from PBKDF2 to Argon2id.
- https://tails.boum.org/security/argon2id/index.en.html
The release announcement above has some interesting back-of-the-envelope calculations for the wall-time required to crack a master key from a LUKS keyslot with PBKDF2 vs Argon2id.
And they also link to Matthew Garrett's article, which describes how to manually upgrade your (non-TAILS) LUKS header to Argon2id.
- https://mjg59.dreamwidth.org/66429.html
- Video-Based Cryptanalysis: Recovering secret keys from smart cards through power LED side channel with off-the-shelf cameras
Abstract
In this paper, we present video-based cryptanalysis, a new method used to recover secret keys from a device by analyzing video footage of a device’s power LED. We show that cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device’s power LED. Based on this observation, we show how attackers can exploit commercial video cameras (e.g., an iPhone 13’s camera or Internet-connected security camera) to recover secret keys from devices. This is done by obtaining video footage of a device’s power LED (in which the frame is filled with the power LED) and exploiting the video camera’s rolling shutter to increase the sampling rate by three orders of magnitude from the FPS rate (60 measurements per second) to the rolling shutter speed (60K measurements per second in the iPhone 13 Pro Max). The frames of the video footage of the device’s power LED are analyzed in the RGB space, and the associated RGB values are used to recover the secret key by inducing the power consumption of the device from the RGB values. We demonstrate the application of video-based cryptanalysis by performing two side-channel cryptanalytic timing attacks and recover: (1) a 256- bit ECDSA key from a smart card by analyzing video footage of the power LED of a smart card reader via a hijacked Internet-connected security camera located 16 meters away from the smart card reader, and (2) a 378-bit SIKE key from a Samsung Galaxy S8 by analyzing video footage of the power LED of Logitech Z120 USB speakers that were connected to the same USB hub (that was used to charge the Galaxy S8) via an iPhone 13 Pro Max. Finally, we discuss countermeasures, limitations, and the future of video-based cryptanalysis in light of the expected improvements in video cameras’ specifications.
- What's new and exciting in crypto on 13 June 2023?
Who wants to invite refugees from r/crypto and r/cryptography on Reddit, and from crypto.stackexchange.com?