Simon Willison’s Weblog

Subscribe
Atom feed for cryptography

22 items tagged “cryptography”

2024

Encryption At Rest: Whose Threat Model Is It Anyway? (via) Security engineer Scott Arciszewski talks through the challenges of building a useful encryption-at-rest system for hosted software. Encryption at rest on a hard drive protects against physical access to the powered-down disk and little else. To implement encryption at rest in a multi-tenant SaaS system - such that even individuals with insider access (like access to the underlying database) are unable to read other user's data, is a whole lot more complicated.

Consider an attacker, Bob, with database access:

Here’s the stupid simple attack that works in far too many cases: Bob copies Alice’s encrypted data, and overwrites his records in the database, then accesses the insurance provider’s web app [using his own account].

The fix for this is to "use the AAD mechanism (part of the standard AEAD interface) to bind a ciphertext to its context." Python's cryptography package covers Authenticated Encryption with Associated Data as part of its "hazardous materials" advanced modules.

# 4th June 2024, 1:17 pm / encryption, security, cryptography, python

2023

And the notion that security updates, for every user in the world, would need the approval of the U.K. Home Office just to make sure the patches weren’t closing vulnerabilities that the government itself is exploiting — it boggles the mind. Even if the U.K. were the only country in the world to pass such a law, it would be madness, but what happens when other countries follow?

John Gruber

# 24th August 2023, 6:16 am / uklaw, cryptography, uk, john-gruber

2022

Over-engineering Secret Santa with Python cryptography and Datasette

We’re doing a family Secret Santa this year, and we needed a way to randomly assign people to each other without anyone knowing who was assigned to who.

[... 2,044 words]

2020

Ok Google: please publish your DKIM secret keys (via) The DKIM standard allows email providers such as Gmail to include cryptographic headers that protect against spoofing, proving that an email was sent by a specific host and has not been tampered with. But it has an unintended side effect: if someone’s email is leaked (as happened to John Podesta in 2016) DKIM headers can be used to prove the validity of the leaked emails. This makes DKIM an enabling factor for blackmail and other security breach related crimes.

Matthew Green proposes a neat solution: providers like Gmail should rotate their DKIM keys frequently and publish the PRIVATE key after rotation. By enabling spoofing of past email headers they would provide deniability for victims of leaks, fixing this unintended consequence of the DKIM standard.

# 16th November 2020, 10:02 pm / security, cryptography, email

2019

Looking back at the Snowden revelations (via) Six years on from the Snowden revelations, crypto researcher Matthew Green reviews their impact and reminds us what we learned. Really interesting.

# 25th September 2019, 5:48 am / security, cryptography

2017

Verified cryptography for Firefox 57 (via) Mozilla just became the first browser vendor to ship a formally verified crypto implementation.

# 16th November 2017, 2:26 pm / cryptography, firefox, mozilla

2010

doc/beatings.txt (via) Rubberhose is a disk encryption system developed by the founder of Wikileaks that implements deniable cryptography—different keys reveal different parts of the encrypted data, and it is impossible to prove that all of the keys have been divulged. Here, Julian Assange explains how this works with a scenario involving Alice and the Rubber-hose-squad.

# 24th May 2010, 2:17 pm / coercion, cryptography, julian-assange, rubberhose, wikileaks, recovered

Don’t Hash Secrets. A well written explanation from 2008 of why you must use hmac instead of raw SHA-1 when hashing against a secret.

# 24th January 2010, 1:30 pm / hmac, signing, sha1, cryptography, security

Timing attack in Google Keyczar library. An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why I want an audited signing module in Django rather than leaving developers to figure it out on their own.

# 4th January 2010, 3:23 pm / django, signing, cryptography, keyczar, security, timing-attack, python

Design and code review requested for Django string signing / signed cookies. Do you know your way around web app security and cryptography (in particular signing things using hmac and sha1)? We’d appreciate your help reviewing the usage of these concepts in Django’s proposed string signing and signed cookie implementations.

# 4th January 2010, 1:24 pm / django, python, security, hashing, sha1, hmac, cryptography, codereview

2009

Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography.

# 24th December 2009, 9:26 pm / bruce-schneier, security, cryptography, nsa, drones, military

Notes from the No Lone Zone. A computer scientist with a background in cryptography visits a Titan II ICBM launch complex.

# 16th December 2009, 10:02 am / security, cryptography, icbm, coldwar, history

openstreetmap genuine advantage. The OpenStreetMap data model (points, ways and relations, all allowing arbitrary key/value tags) is a real thing of beauty—simple to understand but almost infinitely extensible. Mike Migurski’s latest project adds PGP signing to OpenStreetMap, allowing organisations (such as local government) to add a signature to a way (a sequence of points) and a subset of its tags, then write that signature in to a new tag on the object.

# 29th September 2009, 9:49 am / michal-migurski, openstreetmap, pgp, cryptography, mapping, gis

Django ponies: Proposals for Django 1.2

I’ve decided to step up my involvement in Django development in the run-up to Django 1.2, so I’m currently going through several years worth of accumulated pony requests figuring out which ones are worth advocating for. I’m also ensuring I have the code to back them up—my innocent AutoEscaping proposal a few years ago resulted in an enormous amount of work by Malcolm and I don’t think he’d appreciate a repeat performance.

[... 1,674 words]

Adding signing (and signed cookies) to Django core. I’ve been increasing my participation in Django recently—here’s my proposal for adding signing and signed cookies to Django, which I’d personally like to see ship as part of Django 1.2.

# 24th September 2009, 7:31 pm / django, cookies, signing, cryptography, security, signedcookies

NaCl: Networking and Cryptography library. A new high level cryptography library. “NaCl advances the state of the art by improving security, by improving usability and by improving speed.” Ambitious claims, but DJB is one of the core maintainers.

# 16th July 2009, 8:24 pm / nacl, cryptography, djb, security

Cryptographic Right Answers. Best practise recommendations for cryptography: “While some people argue that you should never use cryptographic primitives directly and that trying to teach people cryptography just makes them more likely to shoot themselves in their proverbial feet, I come from a proud academic background and am sufficiently optimistic about humankind that I think it’s a good idea to spread some knowledge around.”

# 11th June 2009, 10:16 pm / cryptography, colinpercival, security, aes, hashing

2008

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters.

# 27th August 2008, 10:18 pm / django-snippets, django, python, hashes, sha1, base65, cryptography, security, cookies, signedcookies, urls

2007

I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

Bruce Schneier

# 16th November 2007, 10:25 am / nsa, cryptography, security, dualecdrbg, randomnumbers, bruce-schneier

The Beauty Of The Diffie-Hellman Protocol. Some useful explanations here. Diffie-Hellman is used by OpenID to establish a shared secret between the provider and the consumer.

# 1st March 2007, 10:08 pm / openid, diffiehellman, reddit, cryptography

James Randi owes me a million dollars (via) Interesting case study in cryptographic bit commitment protocols, which allow something to be published that can later prove the authenticity of a revealed secret.

# 30th January 2007, 1:10 am / cryptography

2003

Easy Python Cryptography

Via Garth Kidd’s Python cryptography roundup, ezPyCrypto is a cryptography API so simple even I can use it. Unfortunately the example code is only available in the download archive (not on the web site) but here’s an overview of how it works:

[... 205 words]