Martijn Lammerts
My own digital place with a little of everything

Evidence for the Security of PKCS #1 Digital Signatures

25 September 2018
This is interesting research: "On the Security of the PKCS#1 v1.5 Signature Scheme": Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA. Despite the...
Continue reading...

New Variants of Cold-Boot Attack

24 September 2018
If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation. The protection works by creating a simple check between an...
Continue reading...

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

21 September 2018
Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring large composite numbers that are...
Continue reading...

AES Resulted in a $250 Billion Economic Benefit

21 September 2018
NIST has released a new study concluding that the AES encryption standard has resulted in a $250 billion world-wide economic benefit over the past twenty years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I do like the pretty block...
Continue reading...

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

20 September 2018
Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't think the security through, and the result is a voter-verifiable paper audit trail that doesn't provide the security...
Continue reading...

Pegasus Spyware Used in 45 Countries

19 September 2018
Citizen Lab has published a new report about the Pegasus spyware. From a ZDNet article: The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years -- when it was first detailed in a report over the summer of 2016. The malware can operate on both Android...
Continue reading...