Into the symmetry

See  also Part I and Part III   of this series tl;dr In the previous article of the same series we tried to predict the output of Micali-Schnorr Generator (MS-DRBG) knowing the factorization. In this blog post we continue the effort started in part I showing different strategies.  If you want to skip all my failures and go directly to the (in my humble opinion) most promising approach you can read directly the Solinas Prime and Generalized Mersenne Numbers section below. If you actually wonder what is MS-DRBG and why I am trying to do it I'd suggest to go back and read the first article . What I am NOT claiming in this post though is that there is a NSA's backdoor in the ANSI and ISO standards. Introduction and Failure #1 So let's start from were we actually finished the last post. We focused on an easier version of the problem directly extracted from the original Micali Schnorr paper from Efficient, perfect random number generators where the kn

tl;dr  I found a severe issue in the Slack 's SAML implementation that allowed me to bypass the authentication. This has now been solved by Slack. Introduction IMHO the rule #1 of any bug hunter (note I do not consider myself one of them since I do this really sporadically) is to have a good RSS feed list.  In the course of the last years I built a pretty decent one and I try to follow other security experts trying to "steal" some useful tricks. There are many experts in different fields of the security panorama and too many to quote them here (maybe another post). But one of the leading expert (that I follow) on SAML is by far Ioannis Kakavas . Indeed he was able in the last years to find serious vulnerability in the SAML implementation of Microsoft and Github . Usually I am more an "OAuth guy" but since both, SAML and OAuth, are nothing else that grandchildren of Kerberos learning SAML has been in my todo list for long time. The Github incident gave me

The article was modified since its publication. Last update was 09/10/2017  See  also Part II and Part III of this series tl;dr in this post we are going to describe how to try predict the output of Micali-Schnorr Generator (MS-DRBG)  knowing the factorization of the n  value. If this sounds like, "why the hell should I care?" , you might want to give a look at this great post from Matthew Green about the backdoor in Dual_EC_DRBG . But In a nutshell, quoting Matthew Green : Dual_EC_DRBG is not the only asymmetric random number generator in the ANSI and ISO standards (see at the bottom).   it’s not obvious from the public literature how one would attack the generator even if one knew the factorization of the n  values above. What I am NOT claiming in this post though is that there is a backdoor in one of this standard. Introduction The first time I heard about this problem is about couple of weeks ago via this Matthew's tweet: As a curiosity,

tl;dr Firefox and Java suffered from a moderate vulnerability affecting the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. Introduction Few months ago I was working on a vulnerability affecting the internet standard JWE (slides here ) and I got a stroke of luck . Yuppieeee  Basically I was constructing the malicious JWEs needed for the Demo Attack . When something weird happened :S You can try and share with me the surprise I had, the gist is here If you try to execute this class with Java 1.7 you basically have Exception in thread "main" java.lang.IllegalStateException     at sun.security.ec.ECDHKeyAgreement.deriveKey(Native Method)     at sun.security.ec.ECDHKeyAgreement.engineGenerateSecret(ECDHKeyAgreement.java:130)     at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)     at orig.EccJava.getAgreedKey(EccJava.java:53)     at orig.Ecc

Disclaimer Questo blog post e' scritto da evariste.gal0is ed Antonio Sanso . Entrambi gli autori non hanno nessuna affiliazione politica ed il post ha l'unico scopo di fornire un'analisi tecnica di parte dei dump relativa alle password. Riassunto delle puntate precedenti In data 2 agosto 2017 uno dei coautori di questo blog post  ( evariste.gal0is ) ha segnalato Il sito Rousseau del M5S è vulnerabile, voti e dati personali degli iscritti sono tutti a rischio #Hack5Stelle https://t.co/7KPcFsXFhe — evariste.gal0is (@evaristegal0is) August 2, 2017 una severa vulnerabilita' (del tipo SQL injection ) che affligeva la piattaforma del Movimento Cinque Stelle chiamata Rousseau : https://rousseau.movimento5stelle.it/ . La sua segnalazione riceve una notevole copertura mediatica e minacce di querela da parte del  Movimento Cinque Stelle * (cosa che spinge  evariste.gal0is a prendere temporaneamente una pausa). Nel frattempo un black hat hacker che si fa chiama