Introduction to TLS v1.2

computer web network tls cryptography

Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different ciphersuites on security, etc. It includes several diagrams and many references.

Read more…

Introduction to the Diffie-Hellman key exchange

computer network cryptography tls diffie-hellman

The Diffie-Hellman (DH) key exchange (and variants thereof) is widely used in many protocols (such as TLS, SSH, IKE (IPSec), Signal, etc.) to bootstrap some symmetric key material which may then be used to secure communication channel between two parties. This introduction focuses on the different ways the DH key exchange is used in practice in several protocols (especially TLS) and the impact of these different approaches on the security. This is intended as a prelude for the upcoming next episodes about how TLS works.

Read more…

What is in my COVID-19 vaccination certificate?

computer covid-19 cbor cwt cose hcert

Manually inspecting the content of a French COVID-19 vaccination certificate QR code. The main intent is to show with a concrete example which data is actually included in the certificate.

Read more…

Cross-origin/same-site request forgery to RCE in chromedriver

computer security web vulnerability webdriver csrf

I found a cross-origin/same-site request forgery vulnerability in chromedriver. It was rejected (won't fix) because it is only possible to trigger this from the cross-origin/same-site and not cross-site. In practice, it means it is really only possible to trigger this from another localhost-bound web application.

Read more…

DNS rebinding explained

computer security dns-rebinding dns

A quick summary about how DNS rebinding attacks work. The main motivation for this post is to have a diagram to show when explaining DNS-rebinding attacks.

Read more…

Page 1 of 7 | | Next page | JSON Feed | Atom Feed