Keegan Ryan

How many SSH servers were vulnerable to the xz backdoor? According to our measurements, there were thousands. More here: @keeganryan/112249674862415112" target="_blank" rel="nofollow noopener">infosec.exchange/@keeganryan/11…

If you want to revisit the "recent" attacks on Mega E2E encryption (mega-awry.io) and play the role of a malicious Mega server, I wrote a set of challenges which was released yesterday on cryptohack.org, alongside some great new challenges!have fun 🙂

I was relying on this app to publicize that I am defending in April! And looking for 2023 jobs! Guess I'll used...LinkedIn...now? TL;DR If you want to understand/improve security processes using data and research science methods, shoot me a note. I'll post more later if I can

If you have not updated your MEGA app or browser extension since 22 June, please do so now: New UCSD research [eprint.iacr.org/2022/914] lowers the minimum number of logins required to exploit older versions from 512 to just six. Additional information at blog.mega.io/mega-security-…

Our improved attack on MEGA's cryptography means that a substantial fraction of users were at higher risk than previously believed. The patches released last month for the original attack are effective here, so make sure you're updated!

So @Mark_Schultz wrote a whole series of posts explaining LWE (the PQC crypto constructions) from the ground up, with simplified but sane models in Python, and it’s great. mark-schultz.github.io/nist-standard-…

@thome_emmanuel @hanno The same message is still present in that modulus, but the bit pattern is at a different offset, so it doesn't appear in the Base64 encoding. Since the correct-offset certificate was generated two minutes later, perhaps this is an artifact of testing the vanity key generator.

Cryptography-Twitter, here's a riddle (I don't know the answer): What happened to this modulus and can you factor it? crt.sh/?id=822860928

@hanno So why was this certificate created in the first place? I don't know. But the inclusion of the hidden message and the choice to make p small enough to be factored with ECM makes me think that whoever created this RSA key ultimately intended for it to be found.

@hanno Emmanuel threw 640 cores at the problem, and within 10 minutes he had found the small factor. 38 decimal digits long, and short enough to fit into a single tweet: 35318511852727664658439679548374625169

Join me on August 15, 2021 for the 4th IACR Workshop on Attacks on Cryptography (WAC4): crypto.iacr.org/2021/wac.php Lots of exciting talks by @ic0nz1 @faulst @vanhoefm #JuliaLen @elie @lucawilkeUzL @PPessl @OmerShlomovits @victorlomne @IACR_News #CryptoNews