JP Aumasson @veorq Twitter profile

Pinned Tweet

JP Aumasson

2 months

Changes on EVERY page, new chapter "Cryptocurrency cryptography" inc. PoW, algebraic hashing & Poseidon, multi-signatures, threshold signatures, zero-knowledge proofs, and more. NEW: section about Ed25519; the new Linux PRNG; NIST's PQC standards

11

94

354

Last Seen Profiles

@senshu_univ_ao

@nashhot

@nya_LOVE_0013

@David65090994

@gaurgopald

@abatur43

@LeftLost4

@mentallyillgus

@tbrady14

@SelkeDesir

@Ramol1900

@Rodmxc

@k_10_i

@padreonix

@no_eyJ000

@LClvsJK

@thanazing_zing

@dailydot

@sparkomat

@hijabcol

@joaopaulonvs

@Punished_Steve

@saoletoile

@AnyAlsn69976

@Yorimel2

@MotlaleKeletso

@PervezKhattakPK

@El_Capeetano

@doremifaso64

@v4mpdoll

@jaywillo99

@GraemeRichards

@SHbayby

@shouttmyname

@stw_pdg

@KevinDeBruyne

JP Aumasson

@veorq

2 years

something good about Python

86

1K

11K

JP Aumasson

@veorq

5 years

"CONFIDENTIAL"

102

270

989

JP Aumasson

@veorq

5 years

beware the 2020 length-extension time-travel attack: if you write a date as 01/02/20, someone could edit it to 01/02/2010 etc. the attack is practical and requires negligible memory

17

282

873

JP Aumasson

@veorq

5 years

it's out will present it at @RealWorldCrypto the paper I'm the proudest of thanks to @sevenps

34

293

861

JP Aumasson

@veorq

2 years

on a call explaining to someone that cryptography is not just about blockchain and even existed before blockchain send help

23

56

584

JP Aumasson

@veorq

7 years

we've got a BS bingo winner

15

304

569

JP Aumasson

@veorq

5 years

🤘👏 @dguido

44

74

536

JP Aumasson

@veorq

5 years

"if you see fraud and don't say fraud you're fraud"

8

43

451

JP Aumasson

@veorq

4 years

Hope you’ll like it 😊 This week we’re putting the final touches and checking all the equations, so excited! Shipping in February 2021 🎉 Thanks @billpollock and all the @nostarch team 💙📚 Thanks to all who helped and supported this project 🤗🙏

44

108

450

JP Aumasson

@veorq

2 years

@vixentael less than a year ago I had a great city guide

6

5

425

JP Aumasson

@veorq

8 years

3

328

420

JP Aumasson

@veorq

7 years

email of the day

20

103

388

JP Aumasson

@veorq

4 years

excellent crypto book by Mike Rosulek, more formal than Serious Crypto and less than Katz/Lindell, and it's free!

2

151

391

JP Aumasson

@veorq

7 years

now with a subtitle

21

78

366

JP Aumasson

@veorq

2 years

Murphy's Laws of Cryptography💣 Cryptography turns a security problem into a key management problem. New cryptography generates new attacks. If it's provably secure, it's probably not. Any large enough system will include broken cryptography. Others?

36

105

345

JP Aumasson

@veorq

8 years

best course desc ever

2

284

312

JP Aumasson

@veorq

7 years

Shamir's 15 predictions for next 15 years

8

340

317

JP Aumasson

@veorq

4 years

DEFCON quals had a crypto challenge involving anomalous trace-1 curves and their weakness But Python is even weaker than weak curves:

6

83

310

JP Aumasson

@veorq

6 years

we audited @InputOutputHK 's Ethereum Classic wallet (Mantis), the report is now available

11

98

270

JP Aumasson

@veorq

4 years

real-world cryptanalysis

4

74

282

JP Aumasson

@veorq

9 years

slides of my #shmoocon talk "Crypto, Quantum, Post-Quantum" TL;DR below

9

257

265

JP Aumasson

@veorq

4 years

BLAKE WON THE SHA-3 COMPETITION!

13

26

260

JP Aumasson

@veorq

4 years

"Lots of people working in cryptography have no deep concern with real application issues. They are trying to discover things clever enough to write papers about." —Whit Diffie

6

54

252

JP Aumasson

@veorq

5 years

in other news: Serious Cryptography sold 10,000 copies in about a year, thanks @billpollock and all the @nostarch team for making this happen!

16

23

248

JP Aumasson

@veorq

6 years

8

133

234

JP Aumasson

@veorq

7 years

"Mathematics and Computation", free draft of a book by Avi Wigderson, it looks excellent

2

107

236

JP Aumasson

@veorq

4 years

You know Enigma but did you know the Barbie encryption machine (with a Swiss 4-bit microcontroller from EMM) "hidden built-in cryptographic capability (...) mono alphabet substitution cipher, also known as MASC, with 4 different keys"

7

81

228

JP Aumasson

@veorq

5 years

my Linux system is much faster now! all I had to do was to copy this script in my ~/.bashrc file! thanks @cynicalsecurity for the tip!

evil.sh/evil.sh at master · mathiasbynens/evil.sh

:speak_no_evil: Subtle and not-so-subtle shell tweaks that will slowly drive people insane. - mathiasbynens/evil.sh

github.com

14

77

230

JP Aumasson

@veorq

5 years

He can do quantum operations and entanglement on a classical computer (also, speed of light is variable)

17

9

221

JP Aumasson

@veorq

8 years

also applies to bugs disclosure

1

244

216

JP Aumasson

@veorq

5 years

"a math constant is not a fixed value"

9

17

212

JP Aumasson

@veorq

5 years

Swiss multilingualism: - Swiss-German person calls me, makes an effort to speak Hochdeutsch rather than dialect - I understand but am more comfortable responding in English, so we switch to English - They write me a follow-up email in French - I respond to said email in German

12

21

218

JP Aumasson

@veorq

6 years

IKEA crypto

4

110

217

JP Aumasson

@veorq

7 years

Now in early access!

19

106

213

JP Aumasson

@veorq

2 months

Proof review time, we're almost there! 🦜

8

23

210

JP Aumasson

@veorq

5 years

economists are notoriously bad at predictions about the economy

10

80

202

JP Aumasson

@veorq

1 year

if something as trivial as a hash function has bugs that take years to be discovered (one in the BLAKE ref code took 7 years), think of ZK proofs systems protocols' and code's complexity

JP Aumasson

@veorq

1 year

> The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (..) making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

4

41

120

14

50

205

JP Aumasson

@veorq

9 years

New car hacking trick discovered, hundreds of models affected! http://t.co/QEPDjOLLGY

9

212

194

JP Aumasson

@veorq

3 years

you're in Switzerland, you like IT security, are familiar with corporate IT challenges, don't mind client-facing work, and want to work with a cool team? contact me :)

14

55

200

JP Aumasson

@veorq

5 years

the "crypto coding rules" are back at originally started this in 2013, haven't touched it in years, just did some cleanup and update but still lot of work needed! PRs welcome :)

GitHub - veorq/cryptocoding: Guidelines for low-level cryptography software

Guidelines for low-level cryptography software. Contribute to veorq/cryptocoding development by creating an account on GitHub.

github.com

4

90

196

JP Aumasson

@veorq

2 years

typical infosec people reasoning: "it's not perfect ergo it's useless"

13

21

188

JP Aumasson

@veorq

7 years

* create a silly shitcoin and ICO in 30min: hundreds of RT's, comments, likes, etc. * publish , the most advanced hash-based crypto scheme ever, submission to NIST's post-quantum contest.. *crickets*

GitHub - gravity-postquantum/gravity-sphincs: Signature scheme submitted to NIST's Post-Quantum...

Signature scheme submitted to NIST's Post-Quantum Cryptography Project - gravity-postquantum/gravity-sphincs

github.com

14

83

190

JP Aumasson

@veorq

2 years

one of the most interesting projects I've seen lately "zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture."

GitHub - risc0/risc0: RISC Zero is a zero-knowledge verifiable general computing platform based on...

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. - risc0/risc0

github.com

6

44

191

JP Aumasson

@veorq

5 years

Just learnt that Diffie-Hellman and "all encryption" is based on factorization

3

5

178

JP Aumasson

@veorq

8 years

I typed "password"

15

101

184

JP Aumasson

@veorq

6 years

Proud to announce @teserakt_io 's first product: MQTT end-to-end encryption & key management @ Our tagline is "serious cryptography, secure software, no BS" – and no blockchain :-)

11

74

179

JP Aumasson

@veorq

3 years

Looks very good

An intensive introduction to cryptography

Lecture notes on Cryptography by Boaz Barak

intensecrypto.org

0

53

175

JP Aumasson

@veorq

5 years

If you found Serious Crypto too technical (and even if you didn't), Crypto 101 is a great reference too, with lot of material not covered in my book and often more accessible explanations

1

79

177

JP Aumasson

@veorq

4 years

NEW BOOK delivered to @nostarch 🔥📚🔥 touches many more topics than Serious Crypto but not a sequel to Serious Crypto better for total beginners better for experts and PhDs thanks to COVID19, @cryptopathe , @vixentael , @luca_defeo , @claucece , and others who helped pic = hint

10

46

172

JP Aumasson

@veorq

7 years

dear blockchain/$crypto companies: I don't want to join all your Slacks and I won't report bugs on your bitcointalk thread, please use this new thing called EMAIL, and even better, have a security contact and publish a PGP key

3

40

166

JP Aumasson

@veorq

2 years

10

37

166

JP Aumasson

@veorq

5 years

Serious Crypto is one of the recommended textbooks in MIT's Computer and Network Security class (by Ron Rivest et al.)

9

23

168

JP Aumasson

@veorq

4 years

Brexit-level crypto, from the Brexit deal document (p921 in ): SHA-1 1024-bit RSA Netscame Communicator 4.x

13

55

166

JP Aumasson

@veorq

4 years

Crypto history: this is the first specification of ChaCha20 by @hashbreaker on the eSTREAM forum; no LaTeX, no peer review, just a good idea, and now the most used stream cipher in the universe (TLS, SSH, WireGuard, etc.)

6

56

164

JP Aumasson

@veorq

1 year

guess we'll stick to the English term

22

24

163

JP Aumasson

@veorq

7 years

hey NIST, before deploying post-quantum crypto, please fix your HTTPS ;-)

2

56

156

JP Aumasson

@veorq

3 years

13

57

161

JP Aumasson

@veorq

1 year

TIL OpenSSL can generate RSA keys with more than 2 primes, and of course like all weird OpenSSL features it's a bit broken

7

27

152

JP Aumasson

@veorq

5 years

"what we found is that phi is where light emerges from darkness"

6

5

149

JP Aumasson

@veorq

4 years

if you want to understand how Shor's quantum algorithm can break RSA by factoring its modulus after finding a function's period using a quantum Fourier transform, then this may be the best explanation you'll find

4

42

156

JP Aumasson

@veorq

7 years

just got a DHL delivery from @nostarch

9

11

150

JP Aumasson

@veorq

5 years

I started by telling the guy that DH and AES aren't based on factorization, then Thomas Pornin reminded him of the prior art (Eratosthene sieve), then Dan brilliantly finished him 🔥💪

Dan Guido

@dguido

5 years

I yelled at the Time AI guy. It’s ok to get angry at someone trying to harm people. I was shocked that more people haven’t done the same.

46

96

500

7

27

152

JP Aumasson

@veorq

5 years

Pretty sure he found applications to astrology and to prove that the Earth is flat

21

9

147

JP Aumasson

@veorq

6 years

in Vegas for @defcon and want a signed copy of my book? easy! 1. buy a copy of Serious Cryptography at @nostarch 's booth 2. fly to Switzerland and meet me there (skipping the LV infosec circus this year!)

4

10

147

JP Aumasson

@veorq

5 years

He just said that publishing on arxiv is being "peer-reviewed"

6

3

141

JP Aumasson

@veorq

6 years

IOTA hired good symmetric cryptographers to design its new hash function "Troika", an AES-ish sponge. A cryptanalysis competition will award up to 200k€, see IOTA's announcement () , and contest rules

7

52

144

JP Aumasson

@veorq

2 years

"an attacker can create a malicious ELF file as a smart contract, which can trigger the integer overflow. After that, every validator would run the target ELF file and the rBPF would get panic with “add with overflow”"

2

47

147

JP Aumasson

@veorq

7 years

total password fail by Air France (found by @SecuringApps ): between 4 and 6 chars, should *not* contain special chars /cc @thorsheim

18

120

141

JP Aumasson

@veorq

3 years

think you need to be a math genius to be a decent cryptographer? these are comments from my high-school math and physics teachers, which can be translated as "you suck" I was even worse at university and doubled my 3rd bachelor year and these were far from elite places

11

15

141

JP Aumasson

@veorq

4 years

🎉

3

39

135

JP Aumasson

@veorq

7 years

post where I explain how to find collisions for SHA-2 or SHA-3 using anthropic computing (also, post-quantum stuff)

5

90

136

JP Aumasson

@veorq

3 years

the vuln: srandom(seed + cur_time + (unsigned)getpid());

[email protected]

@0xdea

3 years

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent 🤨

3

160

460

4

44

136

JP Aumasson

@veorq

1 year

blog post

1

40

137

JP Aumasson

@veorq

7 years

the crypto testing tool we presented at Black Hat

GitHub - kudelskisecurity/cdf

Contribute to kudelskisecurity/cdf development by creating an account on GitHub.

github.com

1

68

135

JP Aumasson

@veorq

6 years

lol

4

81

130

JP Aumasson

@veorq

4 years

cryptographers: anything less than 128-bit security is broken! also cryptographers: run conference/preprint services using 6-digit passwords and unauthenticated database access

8

15

130

JP Aumasson

@veorq

8 years

Or why overconfident idiots have more influence than you in your organization

3

94

125

JP Aumasson

@veorq

10 years

alright: SHA-1 backdooring and exploitation, everything is already on http://t.co/0HFNooidN2 (full paper, slides, PoCs) feedback welcome!

5

180

126

JP Aumasson

@veorq

2 years

"Java’s implementation of ECDSA signature verification didn’t check if r or s were zero" they're not the only ECDSA code to have this bug

4

35

127

JP Aumasson

@veorq

7 years

meanwhile, not-a-blockchain IOTA with its ternary encoding and understudied symmetric-crypto-only construction enters the marketcap top-4... remind me to find some time to find flaws in there

11

34

125

JP Aumasson

@veorq

2 years

- MPC in the head - block cipher encryption - sponge function - Merkle hash tree

48

29

122

JP Aumasson

@veorq

9 years

"How to crack Ubuntu disk encryption and passwords", on eCryptfs' SHA-512-based password hash http://t.co/IlTkSdDmsC

2

121

126

JP Aumasson

@veorq

4 years

someone claims to have "cracked" RSA, should I tell him that Time AI already did?

17

11

125

JP Aumasson

@veorq

7 years

crypto in 2018: * @hashbreaker and his gang break more post-quantum submissions * side-channels in p-q schemes implementations: new attacks and defenses * CAESAR eventually ends * there's a new crypto competition * major vulnerabilities found in major blockchain systems

2

48

122

JP Aumasson

@veorq

5 years

Spoiler: Yes

8

14

117

JP Aumasson

@veorq

4 years

Contact-tracking: predictions: * Tons of papers about privacy-preserving schemes, security notions, proofs, quantum versions, formal verification, etc., maybe a conference - PRIVTRACON * Only basic schemes will be deployed, with too few users and too late to make a difference

12

38

122

JP Aumasson

@veorq

4 years

1

38

122

JP Aumasson

@veorq

1 year

> The vulnerability is a buffer overflow that allows attacker-controlled values to be eXclusive-ORed (XORed) into memory (..) making many standard protection measures against buffer overflows (e.g., canary values) completely ineffective.

4

41

120

JP Aumasson

@veorq

4 years

Common misunderstandings with crypto hardware security: * CC's EAL levels are about assurance quality, not security. * FIPS 140-2 L3 is not about resistance to physical attacks, but about their detection (which is better). * HSMs do not necessarily do crypto with hardware.

12

43

121

JP Aumasson

@veorq

7 years

An ICO in a single tweet! JPcoin! lets revolutionize the Crypto Industry! * ICO: get 1 JPcoin for 1000 satoshis! just look up the asset ID on the Waves exchange * Supply: 1000000 units * Airdrop: tweet me your address to get 10 JPcoins! * White paper!

63

34

118

JP Aumasson

@veorq

7 years

one of the most powerful cryptographic static analysis tools, in just 110 bytes

6

46

115

JP Aumasson

@veorq

7 years

Great YubiKey walkthrough by my colleagues

2

62

119

JP Aumasson

@veorq

8 years

GitHub issue of the day

1

74

114

JP Aumasson

@veorq

9 years

in my list of "papers that a cryptographer should reread every year": @hashbreaker 's "Understanding bruteforce" http://t.co/Mw3rIODQax

6

71

116

JP Aumasson

@veorq

7 years

wrote this today

7

85

112

JP Aumasson

@veorq

5 years

"this is how the universe organizes itself"

20

13

108

JP Aumasson

@veorq

7 years

"Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study"

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems...

arxiv.org

4

44

116

JP Aumasson

@veorq

5 years

"the wave theory of constants"

6

8

106

JP Aumasson

@veorq

5 years

eating fake crypto for breakfast

0

11

111