Best of CryptographyJuly 2024

  1. 1
    Article
    Avatar of hnHacker News·2y

    Reverse Engineering TicketMaster's Rotating Barcodes (SafeTix)

    The post explores TicketMaster's SafeTix rotating barcode system. It critiques the system's shortcomings, such as its reliance on internet connectivity and the potential for usability issues. The author reverse engineers the barcode mechanics, revealing how static bearer tokens and TOTP-based six-digit numbers are used to validate tickets. The motivations behind SafeTix's implementation, including reducing ticket fraud and promoting TicketMaster's app, are analyzed. The conclusion stresses the drawbacks of excluding people from events through tech barriers.

  2. 2
    Article
    Avatar of communityCommunity Picks·2y

    A complete guide to secure password storage

    The post provides a detailed guide on secure password storage, emphasizing the importance of hashing, salting, and using a pepper to protect passwords. It covers various hashing algorithms like Argon2id, Scrypt, BCrypt, and PBKDF2, and explains how to implement these techniques in practice, including handling existing applications. Additionally, it discusses the vulnerabilities of password storage, such as brute force attacks and rainbow tables, and offers methods to mitigate them.

  3. 3
    Article
    Avatar of hnHacker News·2y

    rustgo: calling Rust from Go with near-zero overhead

    This post describes an experiment to call Rust code from Go with near-zero overhead, aimed at replacing assembly code for cryptographic operations. It explains why Rust is chosen over assembly and cgo, details the linking process, and provides a working example that integrates Rust and Go. The post concludes with performance benchmarks showing that rustgo is significantly faster than cgo and almost as fast as a Go function call.

  4. 4
    Article
    Avatar of coinsbenchCoins Bench·2y

    Insecure Randomness in Smart Contracts

    Smart contracts on blockchain cannot achieve true randomness due to the deterministic nature of blockchains, pushing developers to use pseudo-random number generators (PRNGs). Methods relying on block properties or blockhashes are susceptible to miner tampering and predictability. External solutions like Chainlink VRF and onchain VRFs like Harmony VRF offer more secure random number generation but come with additional costs. The Signidice algorithm and the commit-reveal approach provide additional methodologies, each with their own sets of advantages and limitations. The choice of method depends on the specific requirements and incentives of the contract.

  5. 5
    Video
    Avatar of communityCommunity Picks·2y

    AES: How to Design Secure Encryption

    In 1997, Rijndael was selected as the Advanced Encryption Standard (AES) by the US National Institute of Standards and Technology. AES is widely used today in various applications including hard drive encryption and internet communication. At its core, AES operates as a block cipher using concepts of confusion and diffusion to ensure security. The process involves multiple rounds of byte substitution, row shifting, column mixing, and key addition, making it a robust encryption standard.

  6. 6
    Article
    Avatar of hnHacker News·2y

    Reverse Engineering the Verification QR Code on my Diploma

    On finishing his exams, the author received a PDF containing a QR code for verification via the CycladesVérif app. Intrigued by the potential for reverse engineering, the author disassembled the app to explore how the QR code's data is encrypted and decrypted using RSA. Despite challenges and inherent flaws in the RSA key usage by the app, the author determined that breaking the security is impractical due to computational limitations.

See all Cryptography archives