About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Many Ways that Crypto Can Fail- 109

Free Code CampPosted 6 Years Ago
  • Most of the time, the mathematics behind crypto is fine; the issues come from the implementation and the usage. This article talks about instances of bad implementation in cryptographic software.
  • Heartbleed (bad memcpy) in TLS lead to RCE/memory leaks.
  • Apple poorly written code that did NO certificate validation.
  • WD self-encrypting drives used a fixed salt and a fixed number of iterations. This made the implementation susceptible to pre-computed hash tables in order to find the key with brute forcing. Additionally, the random number generator itself was not cryptographically secure.
  • Misconfigurations, such as using SSLv2 on TLS configurations. Security is only as strong as its weakest link!
  • There are other articles in how crypto has failed us within this article; feel free to read more! :)

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed