Ah, the 90s: a time when
#cryptography was just a twinkle in MSDOS's eye and "key derivation" meant losing your car keys. 🚗🔑 Fast forward to 2023, and we're still pretending reverse engineering those ancient binaries is some kind of Indiana Jones adventure. 🕵️♂️💾 Bravo!
https://www.botanica.software/post/decoding-the-90s #90snostalgia #keyderivation #reverseengineering #techhumor #IndianaJones #HackerNews #ngated
Decoding the 90s: A Journey into Reverse Engineering and Cryptography in Early Software Development
• Intro • Getting started - QText • Reversing MS-DOS binaries • PKZip • int 3f - MS-DOS Overlays • Key expansion function • Tracing through passcode flow • Key derivation function • Reversing the key derivation • Reversing the first stage - 4 bytes to 4 printable characters • Reversing the second stage - 16 bytes to 𝟦×𝟦 byte string • Putting it all togetherIntroIn August 2020, we were commissioned by a client with a cache of locked QText documents from the mid 90s - to whic
[2/2] 🔋 **Efficiency Gains:**
✅ Reduced computation➡️reduced energy consumption.
✅ Highly beneficial for low-powered hardware such as IoTs and WSNs.
Skye is accepted at ACM ASIACCS 2024. Discover how Skye transforms secure communication! 🌐🔑 (ePrint - https://ia.cr/2023/781)
#Cybersecurity #Cryptography #KeyDerivation #SignalProtocol #IoT
$\mathsf{Skye}$: An Expanding PRF based Fast KDF and its Applications
A Key Derivation Function (KDF) generates a uniform and highly random key-stream from weakly random key material. KDFs are broadly used in various security protocols such as digital signatures and key exchange protocols. HKDF, the most deployed KDF in practice, is based on the extract-then-expand paradigm. It is presently used, among others, in the Signal Protocol for end-to-end encrypted messaging.
HKDF is a generic KDF for general input sources and thus is not optimized for source-specific use cases such as key derivation from Diffie-Hellman (DH) sources (i.e. DH shared secrets as key material). Furthermore, the sequential HKDF design is unnecessarily slow on some general-purpose platforms that can benefit from parallelization.
In this work, we propose a novel, efficient and secure KDF called $\mathsf{Skye}$. $\mathsf{Skye}$ follows the extract-then-expand paradigm and consists of two algorithms: efficient deterministic randomness extractor and expansion functions. Instantiating our extractor for dedicated source-specific (e.g. DH sources) inputs leads to a significant efficiency gain over HKDF while maintaining the security level. We provide concrete security analysis of $\mathsf{Skye}$ and both its algorithms in the standard model.
We provide a software performance comparison of $\mathsf{Skye}$ with the AES-based expanding PRF $\mathsf{ButterKnife}$ and HKDF with SHA-256 (as used in practice). Our results show that in isolation $\mathsf{Skye}$ performs from $4\text{x}$ to $47\text{x}$ faster than HKDF, depending on the availability of AES or SHA instruction support. We further demonstrate that with such a performance gain, when $\mathsf{Skye}$ is integrated within the current Signal implementation, we can achieve significant overall improvements ranging from $38\%$ to $64\%$ relative speedup in unidirectional messaging. Even in bidirectional messaging, that includes DH computation with dominating computational cost, $\mathsf{Skye}$ still contributes to $12$-$36\%$ relative speedup when just $10$ messages are sent and received at once.
What is the impact of leaving a salt used in HKDF open to attacker control?
RFC 5869 for HKDF says "an application needs to make sure that salt values are not chosen or manipulated by an attacker".1 Soatok also discusses some nuances in choosing salts for HKDF.2 ...
Is there a hash function that's more expensive for an attacker than for the server?
Say a server wants to hash a password $p$. It would use a secure hash function $H$ and a unique salt $s$ to hash the password as $H(p,s)$. If one has access to the salt, each password candidate req...
For password-based authenticated encryption is it OK to derive the auth key from the crypt key with 1 iteration?
That is, in the case where the iterations value is a large number, since iterations are costly is there a difference in security of doing something like this, where two separate derivations are per...
Does combining multiple PBKDF2 keys result higher iteration count when using same password but different salts?
I did some experimenting with web subtle crypto.
I derived a key using PBKDF2 with SHA-512 and 100 000 iterations and timed it.
Doing same with 200 000 rounds doubled the time as expected.
Then I did
Why does SHA-256 have any to do with scrypt?
I was reading the Wikipedia page for scrypt because I wanted to learn more about it and I came across their pseudocode for the algorithm. What confused me was the following line:
I don't understan...
Benefit of salt in KDF like Argon2
I don't understand why I need a salt for Argon2 if Argon2 is only needed as a KDF for a password which is then called AES. At the end neither the password nor a password hash is stored. Only the data
N-gated Hacker News
CosicBe
OPSEC Cybersecurity News Live