Posts

  • Service discovery and authentication

    ZooKeeper is a popular choice for service discovery in distributed systems. It is a hierarchical key-value store with very strong consistency guarantees. What makes it a good choice for service discovery is its capability to create temporary tree nodes that disappear when the session that created it is disconnected. Another important feature is sequential nodes - nodes that have a consistent counter appended to their name. You can use these for implementing distributed locking for example. This post is about the authentication problems that appear as a result of introducting service discovery into a distributed system.

  • Why cyber deterrence is bullshit

    You may have heard of this brilliant idea. That’s right, “hack back” as foreign policy. It does not and will never work.

  • Rowhammering ElGamal

    I had this idea of combining a new hardware attack with an old cryptanalysis paper. Specifically, using Rowhammer to flip bits in an ElGamal private key. The usual approach is to target executable memory or the page table and hope for a change that makes the system exploitable. I’m guessing this is not going to be stable because you need a change in particular and other changes may crash things. But we’ll see when Google releases their Chrome sandbox escape/kernel mode code execution details. The attack described in Fault Cryptanalysis of ElGamal Signature Scheme results in key recovery for any change in the private key.

  • Secure Secure Shell

    You may have heard that the NSA can decrypt SSH at least some of the time. If you have not, then read the latest batch of Snowden documents now. All of it. This post will still be here when you finish. My goal with this post here is to make NSA analysts sad.

  • What have I done

    I did something no one should ever do: I invented my own key derivation function, BFKDF. It’s based on scrypt so it can’t be too bad. I tried to make sure it’s not worse than scrypt. There is also some brainfuck involved which might just make me the only person who ever unironically used the language.

subscribe via RSS