david wong

Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Quick access to articles on this page:

more on the next page...

One example of a crypto backdoor: NSA's backdoor in Lotus-Notes posted January 2015

Excellent finding from Adam Back.

If I understand the article correctly, when exporting encrypted content with Lotus-Notes, 24 bits of the 64 bits key would be encrypted under one of the NSA's public key and then appended to the encrypted content (I guess). This would allow NSA to decrypt those 24 bits of key with their corresponding private key and they would then have to brute force only 40 bits instead of 64 bits.

This shouldn't allow any bad attacker to get any advantage if they don't know the NSA's private key to decrypt those bits. And if they do acquire it, and they do decrypt 24bits of key, they would still have to have the computing power to brute force 40 bits of key. I have no idea what I'm talking about but I have the feeling the NSA might be the most powerful computing power when it comes to brute forcing ciphers.

comment on this story

How facebook hash its passwords posted January 2015

$cur  = 'plaintext'
$cur  = md5($cur)
$salt = randbytes(20)
$cur  = hmac_sha1($cur, $salt)
$cur  = cryptoservice::hmac($cur)
        [= hmac_sha256($cur, $secret)]
$cur  = scrypt($cur, $salt)
$cur  = hmac_sha256($cur, $salt)

the explanation is here

tl;dr: the md5 is here for legacy purpose, cryptoservice::hmac is to add a secret salt, scrypt (which is a kdf not a hash) is for slowing brute force attempts and the sha256 is here for shortening the output.

comment on this story

Morse code in a pop song posted January 2015

Amazing article on the verge about how the army created a song hiding a message ("19 people rescued. You’re next. Don’t lose hope") so that hostages of the FARC could hear it on the radio.

This is a genius idea for concealing a message! Not really crypto, but kinda cool none the less. I knew about Stenography and I also posted about transforming your message into spam as a way of hiding your message, but this is cool on a different level. Even the song is catchy ^_^

There was this disturbing video of a captive soldier in a North Vietnamese prison who when forced to do a fake interview, blinked the Morse Code 'T-O-R-T-U-R-E'.

comment on this story

Faster Python posted December 2014

Zokis wrote some tests on python, showing that a difference in declarations and simple syntax do have implications in the size of the program and the rapidity of execution.

For example writing a, b = 0, 1 seems faster than doing a = 0 then b = 1 Using chained conditions like a < b < 0 seems faster than doing a < b and b < 0 etc... you can find all the tests here

The differences seem negligible though. dis and timeit were used to quantify the tests.

Also here are two useful python arguments:

python -c cmd : program passed in as string (terminates option list)

# python -c "print 'haha'"
haha

-i : inspect interactively after running script; forces a prompt even
if stdin does not appear to be a terminal; also PYTHONINSPECT=x

# python -i -c "a = 5"
>>> a
5
comment on this story

Did Korea hacked Sony? posted December 2014

According to the US government, yes they did:

the FBI now has enough information to conclude that the North Korean government is responsible for these actions

What do security experts think about that?

Here's a piece from Marc Roger called No, North Korea Didn’t Hack Sony. So you can guess what the director of security operations for DEFCON and principal security researcher of Cloudflare is thinking.

What about Schneier? Read about it here

I worry that this case echoes the "we have evidence -- trust us" story that the Bush administration told in the run-up to the Iraq invasion. Identifying the origin of a cyberattack is very difficult, and when it is possible, the process of attributing responsibility can take months.

What about Robert Graham? his article's title is as usual pretty straight forward: The FBI's North Korea evidence is nonsense

So there is some kind of consensus that the FBI's announcement is abrupt and shady...

To dig further... Nicholas Weaver posted an interesting article. Kurt Baumgartner as well.

comment on this story

Sécuday @ Lille on January 16th posted December 2014

secuday

SECURITY DAY will take place at the University of Lille 1, in France, on January 16th. People from Quarkslab (where I almost did my internship), ANSSI, Microsoft, ... will give talks. There is even one of my classmate Jonathan Salwan.

I'm trying to find a way to get there, so if you want to buy me a beer this might be the right place :D

comment on this story

OneRNG posted December 2014

I like how people make an extreme effort to create "sure" source of random numbers.

OneRNG has released a new usb source. Everything is opensource (open hardware, open software), you can even create your own by following instructions on their websites.

OneRNG collects entropy from an avalanche diode circuit, and from a channel-hopping RF receiver. It even has a “tinfoil hat” to prevent RF interference — you can remove the hat in order to visually verify the components being used.

Now I'm wondering who is using that and for what

comment on this story