david wong

Hey! I'm David, the author of the Real-World Cryptography book. I'm a crypto engineer at O(1) Labs on the Mina cryptocurrency, previously I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Quick access to articles on this page:

more on the next page...

Manually making a transaction in bitcoins posted February 2014

Ken Shirriff has posted an amazing post on his blog on how he managed to manually make (meaning, he didn't use the official bitcoin application) a transaction in the bitcoin ecosystem.

I'm reading through it as I'm typing this, and it's really well explained, you get to see exactly what he does in Python and there are pictures!

you can read it here

comment on this story

How I Lost My $50,000 Twitter Username posted January 2014

So this guy owned @N on twitter and got extorted his account by a phishing attack. The story is well written and you should read it here : https://medium.com/p/24eb09e026dd

but for a tl;dr the attacker called his paypal account to ask them for his credit card's last 4 digits. Then he called godaddy to ask them to reset the password. They only asked him for the 2 first digits and the last 4s. The attacker just had to guess the 2 first digits (and he did it on the first try, he could have kept calling and trying otherwise).

Now that he had @N's domain's name, he could now see his emails. Took over @N's facebook account and started mailing him "threats".

It's pretty crazy how easy phishing is.

comment on this story

Initial Permutations in DES posted January 2014

I have to code a whitebox using DES encryption in a class. Which is pretty cool (I would have prefered doing it with AES but the other group got tails and we got heads).

Here is where the Stanford course I passed on Coursera shines. The explanation of DES on it is brilliant. I was wondering about the initial and final permutations that occurs in the algorithm though and Dan Boneh doesn't really talk about it besides saying it's not for cryptographic purposes.

I found a solution on a new sub-stackoverflow dedicated to Cryptography : http://crypto.stackexchange.com/questions/3/what-are-the-benefits-of-the-two-permutation-tables-in-des

5 comments

What is the best tool? posted December 2013

Constantly, when I start a new project, I try to look for better tools to do the job.

Lately I've been using CodeIgniter as a PHP MVC, jQuery as a javascript library, Bootstrap as a blueprint and TWIG as a template engine.

I've been noticing numerous people from the CodeIgniter community moving to Laravel, which seems to be pretty awesome. So I look at Laravel, and I think to myself "gosh this looks fun to learn, but I don't have time and I have a lot of projects in mind". And then as I read more and more about Laravel, I see people talking about how RoR is better. And then about how Django is better... This seems like a never ending search for a better technology.

I read somewhere that good coders code, great coders re-use. And more importantly, amazing coders ship. I have to ship code, I have to be productive, and I don't think I should be wasting too much time learning new technologies.

The difficult thing is to judge whether or not the time wasted in learning a new technology would be less than the time wasted coding with an outdated one.

So I want to learn, and I want to ship. And it's hard to do both.

comment on this story