Exploiting an insecure cipher in the wild
Thu 6 July 2023
I found that the topology_hiding
module for OpenSIPS encodes data using an insecure
cipher, such that it can be decoded without knowing the key, leaking both the
plaintext and the key. Read more
YubiKey SSH authentication: the easy way
Fri 1 May 2020
I bought a YubiKey quite a while ago, with the intention
of using it for SSH authentication, but never got to
the point of actually using it because I found it too hard to set up.
Today I had another go
and managed to get it working using the "PIV" mode. Read more
The Wheatstone Cryptograph
Fri 15 February 2019
A few weeks ago I came up with an idea for a simple encryption device, then found that it had already been invented
by Sir Charles Wheatstone around the
1860s. I ended up designing and 3d printing a replica of Wheatstone's cryptograph. Read more
A visual demonstration of the perils of key reuse in a one-time pad
Sat 17 February 2018
I was playing with applying one-time pad encryption to images recently, and stumbled across some interesting visualisations
that I want to share. Read more
Hardbin: The World's Most Secure Encrypted Pastebin
Fri 19 May 2017
Over the past week I've been working on hardbin.
Hardbin is an encrypted pastebin, with the decryption key passed in the URL fragment,
and the code and data served securely with IPFS. (IPFS is a distributed content-addressable
storage system that is web-compatible; it's basically bittorrent for the web). Read more
Encrypted email is still a pain in 2017
Mon 13 February 2017
Today I sent an email to somebody who specified that he "prefers GPG mail". I didn't have any GPG set up, so I
just sent a normal email, which worked perfectly well. But it made me look in to GPG, and this is what I learnt... Read more