Profile cover photo
Profile photo
Jacob Santos
322 followers -
Overweight, Programmer, Awesome
Overweight, Programmer, Awesome

322 followers
About
Jacob's posts

Post has attachment

Post has attachment

Post has shared content
Too many people using the same prime number for Diffie-Hellman: concentrate of cracking particular primes and you can decode some traffic. Paper (PDF) at [ https://weakdh.org/imperfect-forward-secrecy.pdf ]. "There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.

However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.

The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.

For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime."

I have a lot of projects. Some of them are continuous and never ending. Or at least with one developer.

I'm starting to think that perhaps it is not possible to accomplish what I want on my own.

It is part of the reason why most of my current projects are ports and reimaginings of existing projects. It is good to grow as a programmer to learn from others. There is just so much that I don't know, will never know.

I'm not sure if it is a good idea to even attempt to try. I won't be an expert in anything.

I do think that it isn't about that. I think that the point I'm trying to get across is that hopefully by starting the project, someone will come along and help or do it better with a new group.

Part of the reason I'm doing it is to learn and the other reason is that there is no solution available.

The end goal is still to allow code generation across languages, but that is a really long term goal. I'm going to say that I hope to get to it by 2020. I hope to finish some projects this year. Maybe finish the testing suite tools by the end of next year.

Post has shared content

Post has shared content
Reference layer when needed
Formula chart, this might come in handy
Photo

Post has shared content
Lol. I always suspected as much.

Post has shared content
That some shit. Surprised cat didn't go after human too.
Dog attacked kittens ... Mama Cat came to protect ... Stupid human just stood there like an idiot.
Animated Photo

Post has shared content
Oh snap!
Wait while more posts are being loaded