Nakamoto Family Foundation

Over what now approaches a decade since Satoshi first published the Bitcoin white paper there has been continued speculation of who might be Satoshi. Over time, various people—myself included—have been imagined to be Satoshi for various reasons. Certain would-be Satoshis have made attempts to claim that they are Satoshi. Unfortunately some have even been so persistent in their claims that they have been able to confuse newcomers to the distributed [...]

REcon 2012

I’ve just recently returned from REcon 2012 and while I heard a couple people express that they had “heard” that some people were more disappointed with this year’s conference compared to prior ones, I personally really enjoyed it and felt it was the best one yet.  I saw and enjoyed more of the lectures this year than I have in the past and seemed to have better interactions with the [...]

MD5? Really?

First let me say that this article is not meant to diminish the work that Alexander Sotirov et. all have been doing for the past 6 months.  It’s good work, has brought about some awesome results, and has demonstrated what was once a theoretical attack on PKI certificates based on MD5 hash collisions.  What I’m amazed at is that it had the impact that it actually did. […]

Configuring DNSSEC in BIND

DNSSEC, which I mentioned in my previous post about mitigation for Kaminsky’s recent DNS cache poisoning flaw, are the SECurity extensions for the Domain Name System (DNS). It essentially adds cryptography to DNS, allowing authoritative nameservers to cryptographically sign their zones and resource records, which in turn allows caching/recursive nameservers to verify them. This prevents attacks against the recent cache poisoning flaw by allowing the nameserver under attack to verify [...]

The Information Security Industry is like the War on Drugs

After reading this article regarding the state of the IDS/IPS market and how IDS systems still and will likely have their niche, I was reminded of the common problem that plagues both Information Security and the War on Drugs; the majority of the focus is on detection and policing rather than on prevention and treatment, the former of which is usually an expensive, time-consuming, and futile battle. […]

By |2007-08-27T13:33:00+00:00August 27th, 2007|cryptography, economics, opinion, security|0 Comments

Crack crack crack, all day long…

The other day while migrating data from my old Linux workstation to my new one, I came across a file that had my login credentials for both my personal account and the CAU team account over at Distributed.net. If you’re not familiar with Distributed.net, it’s a massively multi-player (heh) encryption-cracking effort. By sheer force of numbers, they have in the past cracked crypto challenges for the RSA’s DES II-1 and [...]

By |2007-02-07T22:21:36+00:00February 7th, 2007|CAU, cryptography, stats|0 Comments

Vulnerability Disclosure, Cryptography Research, and Open Source

Today, Bruce Schneier posted an essay to his blog arguing the case for full disclosure of software vulnerabilities, which I am also in favor of. It’s apparently a side-bar to an article in CSOOnline entitled “The Chilling Effect” which is about some of the growing issues surrounding vulnerability research in web software. There’s also two other side-bars arguing the case for keeping vulnerability information secret or only telling the software [...]

By |2007-01-23T02:25:16+00:00January 23rd, 2007|cryptography, security, software|0 Comments