I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me with the brilliance of their inventors. But there’s also another class of vulnerabilities: these are the ones that can’t possibly exist in important production software, … Continue reading Kerberoasting →
#passwords
3 posts
10 Sept 2025
19 Oct 2018
The first rule of PAKE is: nobody ever wants to talk about PAKE. The second rule of PAKE is that this is a shame, because PAKE — which stands for Password Authenticated Key Exchange — is actually one of the most useful technologies that (almost) never gets used. It should be deployed everywhere, and yet it isn’t. … Continue reading…
13 Aug 2016
TL;DR: No, it isn’t. If that’s all you wanted to know, you can stop reading. Has anybody noticed that Apple just gave a talk about how they secured a master key that would allow en-masse brute-forcing of device PINs — Pwn All The Things (@pwnallthethings) August 9, 2016 Still crazy how Apple went to BlackHat, … Continue reading Is Apple’s…