+dileepvr Thats one thing about Defcon, there is way too much fluff, which while probably is nice on the sweaty convention floor, is terrible watching at home.
And its a shitty talk too...bad key size suggestions, not talk of MODES, which are the crux of many crypto attacks. Hell, I just check the source code and it is not using mode. This is a terrible library and a terrible talk. No one should take this guy's advice on programming crypto
On the same note as the story at the beginning. If someone gets trapped by a large piece of metal in an MRI scanner, the scanner can be quenched. This will destroy the scanner, and potentially save the patient. However, MRI machines are expensive, so it is almost always more cost efficient to just let the person die, and pay out the wrongful death lawsuit.
Oh no no no no - his 3 lines of code is insecure. He doesn't set the mode and I gaddamn guarantee it defaults to ECB, making his 128 bit AES open to all kinds of attacks...sigh, even when you think its a good presso, it turns out its not and teaches devs to do shit the wrong way. Maybe stop pimping your project, party and course and start concentrating on actual fucking security
Interesting talk. However if a TLA is monitoring both correspondent's internet connections (as they have capability to monitor all internet traffic via undersea cable taps), your app makes a connection to various URLs to fetch the entropy. Problem is your app will have a unique signature (meta data) in the bytes it sends over the wire to fetch the entropy. So that will be picked up and stored by their systems that you and your correspondent both downloaded the same files from the same URLs with this program. Now they know your entropy. Then they just need to try out different orders of the files and different combinations of the algorithms, iterations etc which is much easier than if they didn't know the entropy at all and likely completed on their computing clusters in no time at all. Also you and your correspondent must pre-agree all the algorithms, iterations etc to be in the same group. So how do you communicate all these details with them? Not over the same insecure, monitored channels like the internet or your mobile phone, right. It would be best done in person. Then if you're going to do all that in person you may as well just give them all the entropy files and details on a USB drive with the information. Then if you're going to do that, you could just exchange a random pad and communicate with perfect secrecy until the pad runs out.
+Chris "Now they know your entropy. Then they just need to try out different orders of the files and different combinations of the algorithms" I am no crypto expert by any means, but I'm thinking you misunderstood Diffie-Hellman key exchange. In addition to the things on your list, both you and your buddy also have your own respective *secret* numbers. These are never transmitted, but feed into the clever key generation equation. Look at *tylerl*'s answer on stack exchange: security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english
+BizzareC Don't think DefCon recorded the workshop videos. The workshop materials are here: www.demonsaw.com/download/defcon23/crypto_for_hackers.zip You can download the slides here: media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Eijah-Crypto-for-Hackers-Workshop.pdf I'll also post the admin slides (with answers, etc) if you're interested. Cheers.
The part about The ceaser cipher was true I have a book with a chapter about it saying how Ceaser was able to encrypt messages by just shifting the letters
I like his idea, really appreciate this is free but I'm still cautious of "free" but being free that keeps him from knowing who, what, where, and when demonsaw is used has anyone used this.
Leader we are still removing them but there are still getting plenty so leader now we don't know what will still happen today. But we no that you will still receive alert today. Don't worry we sent a file to James to send to you. As alert imitator So Wish us the best of luck to complete BUHARI AND BELLO are the one So.. My boy should not off his system we will call him around 8:00pm. The best. SDM
Technical talk starts at 18:20.
+dileepvr Thats one thing about Defcon, there is way too much fluff, which while probably is nice on the sweaty convention floor, is terrible watching at home.
thanks.
thanks
And its a shitty talk too...bad key size suggestions, not talk of MODES, which are the crux of many crypto attacks. Hell, I just check the source code and it is not using mode. This is a terrible library and a terrible talk. No one should take this guy's advice on programming crypto
@vctjkhme you are just a little piece of shit
"Lack of time here" Well cut the crap at the beginning, gives you ten more minutes.
On the same note as the story at the beginning. If someone gets trapped by a large piece of metal in an MRI scanner, the scanner can be quenched. This will destroy the scanner, and potentially save the patient. However, MRI machines are expensive, so it is almost always more cost efficient to just let the person die, and pay out the wrongful death lawsuit.
wow man, save yourself the hassle and skip the first 15 minutes. Or in fact.. just skip this video
Oh no no no no - his 3 lines of code is insecure. He doesn't set the mode and I gaddamn guarantee it defaults to ECB, making his 128 bit AES open to all kinds of attacks...sigh, even when you think its a good presso, it turns out its not and teaches devs to do shit the wrong way. Maybe stop pimping your project, party and course and start concentrating on actual fucking security
"All Hail Eijah!" - Jay Zeus
This guy seems unnecessarily full of himself. Makes sense he would be friends with John McAfee.
Interesting talk. However if a TLA is monitoring both correspondent's internet connections (as they have capability to monitor all internet traffic via undersea cable taps), your app makes a connection to various URLs to fetch the entropy. Problem is your app will have a unique signature (meta data) in the bytes it sends over the wire to fetch the entropy. So that will be picked up and stored by their systems that you and your correspondent both downloaded the same files from the same URLs with this program. Now they know your entropy. Then they just need to try out different orders of the files and different combinations of the algorithms, iterations etc which is much easier than if they didn't know the entropy at all and likely completed on their computing clusters in no time at all. Also you and your correspondent must pre-agree all the algorithms, iterations etc to be in the same group. So how do you communicate all these details with them? Not over the same insecure, monitored channels like the internet or your mobile phone, right. It would be best done in person. Then if you're going to do all that in person you may as well just give them all the entropy files and details on a USB drive with the information. Then if you're going to do that, you could just exchange a random pad and communicate with perfect secrecy until the pad runs out.
+Chris "Now they know your entropy. Then they just need to try out different orders of the files and different combinations of the algorithms"
I am no crypto expert by any means, but I'm thinking you misunderstood Diffie-Hellman key exchange. In addition to the things on your list, both you and your buddy also have your own respective *secret* numbers. These are never transmitted, but feed into the clever key generation equation.
Look at *tylerl*'s answer on stack exchange: security.stackexchange.com/questions/45963/diffie-hellman-key-exchange-in-plain-english
lynx48k Thanks, I may have skipped parts of the talk.
Napoleon, not Caesar wrote his wife saying not to bathe
Where can i find crypto for hackers workshop videos, i'd like to watch those, thanks.
+BizzareC Don't think DefCon recorded the workshop videos. The workshop materials are here: www.demonsaw.com/download/defcon23/crypto_for_hackers.zip You can download the slides here: media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Eijah-Crypto-for-Hackers-Workshop.pdf I'll also post the admin slides (with answers, etc) if you're interested. Cheers.
That would be cool, cheers !
+Eijah Demonsaw Are the workshop files still available? The link just 404ed me :(
We just updated our site. Sorry about that... I forget to add the links to the new download page. Will fix tonight.
+Eijah Demonsaw don't suppose I can grab a copy of the admin slides and answers please?
Scrawny Henry Rollins speaks like a PR agent
Holy fuck. I see it - i see the BLACK FLAG!!
The part about The ceaser cipher was true I have a book with a chapter about it saying how Ceaser was able to encrypt messages by just shifting the letters
I hope this is a joke ^^
How old are you?
Great Introduction !!!
That look @6:06 (warning turn your speakers down for mic feedback).
Eijah is he the man who broke the blue ray protection?
Yep. Just listened to his story on Darknet Diaries.
love the talk! super cool idea
I like his idea, really appreciate this is free but I'm still cautious of "free" but being free that keeps him from knowing who, what, where, and when demonsaw is used has anyone used this.
Pretty cool idea. If you don't trust him you can write something like this from the code he wrote. Pretty nice.
Leader we are still removing them but there are still getting plenty so leader now we don't know what will still happen today.
But we no that you will still receive alert today.
Don't worry we sent a file to James to send to you.
As alert imitator
So
Wish us the best of luck to complete
BUHARI AND BELLO
are the one
So..
My boy should not off his system we will call him around 8:00pm.
The best.
SDM
Amazing talk.
V.Intelligent Person...