KeyChest Blog

Massive MS Windows bug - by NSA - how it works (maybe)

Jan 14, 2020 10:33:36 PM / by Dan posted in https, attack

0 Comments

I have just skimmed a looong discussion at Hacker News - https://news.ycombinator.com/item?id=22047573 - about a vulnerability so big that NSA was happy to be accredited. (I only wonder whether they spotted someone else using it.)

Read More

Minerva Attack and Humble Beginnings

Nov 22, 2019 8:03:53 AM / by Dan posted in key management, attack

0 Comments

Do you remember ROCA attack - the most devastating attack in 2017 that extracted secret keys from 25% of TPM module? It has a kind of a sibling - Minerva. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.

Read More

What could be done if all current Encryption could be broken and cracked?

Jun 14, 2019 1:58:18 PM / by Dan posted in quora, incident response, attack

0 Comments

If all current encryption were suddenly broken, that would be the end of it for encryption as we know it. With one exception - one-time pad. One-time pad is a provably secure encryption that can’t be broken, but it has practical difficulties - it requires keys as long as the data.

Read More

What is certificate pinning

Jun 7, 2019 8:53:19 AM / by Dan posted in certificate, phishing, attack

0 Comments

Some people argue that certificate pinning is a must to protect against sophisticated attacks. Some will say that it is a pain in the bottom. But what is it actually?

Read More

I always get SSL errors on a WiFi. What's the reason behind this?

May 19, 2019 9:28:23 PM / by Dan posted in certificate, quora, attack

0 Comments

WiFi routers should pass any traffic transparently unless its configuration is really messed up.

Read More

ROCA - vulnerability in Infineon RSA key generation

Oct 31, 2017 11:16:00 PM / by Dan posted in security, key management, attack

0 Comments

Quantum cryptography is still some years away from being anything but an interesting research area. But if you want to see what it is to suddenly have all your keys broken, look the ROCA vulnerability.

Read More