HackerTrans
トップ新着トレンドコメント過去質問紹介求人

yasenn

no profile record

投稿

Once: Deduplicate Stories (RSS, Hacker News, Lobsters or Reddit)

github.com
2 ポイント·投稿者 yasenn·4 年前·0 コメント

Paranoid project by Google Security Team checks for cryptography weaknesses

github.com
3 ポイント·投稿者 yasenn·4 年前·1 コメント

コメント

yasenn
·3 年前·議論
Is there some mobile browser with the same macro feature for address bar?

https://hn.algolia.com/?q=firefox%20address%20bar
yasenn
·3 年前·議論
There is `chubin/awesome-console-services`[0]

Btw, Igor Chubin is the author of great CLI services such as: cheat.sh[1], late.nz[2], QRenco.de[3],rate.sx[4]

[0] https://github.com/chubin/awesome-console-services

[1] https://github.com/chubin/cheat.sh

[2] https://github.com/chubin/late.nz

[3] https://github.com/chubin/qrenco.de

[4] https://github.com/chubin/rate.sx
yasenn
·4 年前·議論
Would you remember the link?
yasenn
·4 年前·議論
There is strapdown: https://github.com/chaitin/strapdown-zeta/blob/master/README...

``` <!DOCTYPE html> <html> <title>Hello, Strapdown</title> <meta charset="utf-8"> <xmp theme="cerulean" style="display:none;"> # title your awesome markdown content goes here... </xmp> <script src="http://cdn.ztx.io/strapdown/strapdown.min.js"></script> </html> ```
yasenn
·4 年前·議論
Paranoid project checks for well known weaknesses on cryptographic artifacts such as public keys, digital signatures and general pseudorandom numbers. This library contains implementations and optimizations of existing work found in the literature. The existing work showed that the generation of these artifacts was flawed in some cases. The following are some examples of publications the library is based on.

The goal is to increase the confidence in cryptography use cases inside and outside Google.

When dealing with asymmetric encryption, crypto artifacts usually are:

* Generated by one of our own tools (e.g., at Google we use for example boringssl or tink); or, * Generated by third party tools that we have access to (so these tools can be, for example, checked for vulnerabilities using wycheproof); or, * Generated by third party tools and/or hardware or software black boxes that we do not have access to.

With Paranoid, any cryptographic artifact can be tested, but its primary motivation is to detect the usage of weak third party hardware or software black boxes. Hence, Paranoid can be used even if we are not able to inspect the source code (situation 3. listed above).

The project aims to detect known vulnerabilities as well as unknown ones. E.g., it tries to identify vulnerabilities caused by programming errors or the use of weak proprietary random number generators. Detecting new vulnerabilities is of course much more difficult than detecting known ones. Such detections may require large sets of artifacts or find weak ones only with a low probability.