Exposing Crypto Bugs through reverse engineering
- Type
- Slides
- Tags
- cryptography, reverse engineering
- Authors
- Philippe Oechslin
- Event
- Chaos Communication Congress 26th (26C3) 2009
- Indexed on
- Mar 25, 2013
- URL
- http://events.ccc.de/congress/2009/Fahrplan/attachments/1462_26c3_oechslin_crypto_bugs.pdf
- File name
- 1462_26c3_oechslin_crypto_bugs.pdf
- File size
- 2.6 MB
- MD5
- ef639f0359236eacd15f03d124e5bb5d
- SHA1
- 79bbd4d5e4775cc1c3373f34c69e337e5cb4a280
Breaking good crypto is hard. It takes a genius to find a flaw in AES or Blowfish. On the other hand, it is also difficult to program cryptography correctly. Thus the simpler way of breaking a cryptographic software is often to reverse engineer it and find the crypto errors that were made by the programmers. In this talk the simple errors will be demonstrated that were discovered when reverse engineering three products for evaluation or forensic purposes. In each case, a simple error gave access to information that was supposed to be protected by the best crypto algorithms. The demos will be the following: * the FIPS 142-3 level 2 certified MXI stealth USB key (before it got patched) * a version of the E-capsule private safe from EISST * Data Beckers now defunct Private Safe software
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
