-
1Password - Full Trip from Unlock to Encryption
Nov 12, 2018 - 1900 Words |
Pulling the whole series together to demonstrate the 1Password vault system from unlock to item decryption
-
BSidesDE - A deep dive into 1Password Security
Nov 9, 2018 - 100 Words |
Slides from my BSidesDE talk, November 9, 2018. A detailed description of how 1Password client unlocking and shared vault encryption works.
-
1Password - Wrapping up with a few quick topics
Nov 9, 2018 - 1400 Words |
Finishing the Inside 1Password series with some miscellaneous topics
-
1Password - Local Vaults
Nov 9, 2018 - 2400 Words |
Looking at how Local Vaults are encrypted, and how that affects unlocking 1Password clients
-
1Password - Into the Vaults!
Nov 9, 2018 - 1500 Words |
How 1Password's shared vaults work
-
1Password - Unlocking Windows Clients
Nov 9, 2018 - 2100 Words |
How the Encrypted Master Key works to unlock the Windows 1Password client
-
1Password - MUKing about on the Mac
Nov 9, 2018 - 2000 Words |
The Master Unlock Key and unlocking 1Pass on macOS
-
How 1Password Works - Getting under the hood
Nov 9, 2018 - 800 Words |
Beginning of a deep dive into how 1password works
-
Encrypting for Apple's Secure Enclave
May 31, 2018 - 2200 Words |
How to properly encrypt EICES-format messages to be decrypted by the iOS and macOS Secure Enclave system
-
iPhone Secure Enclave Firmware Key Found
Aug 17, 2017 - 1700 Words |
The key to decrypt the firmware for the Secure Enclave Processor (SEP) on the iPhone 5S has been disclosed. It's actually potentially a good thing.
-
BSidesROC - A (not so quick) Primer on iOS Encryption
Apr 23, 2016 - 100 Words |
Slides from my BSidesROC talk, April 23, 2016. An overview of how iOS encryption works, with emphasis on passcoes and potential attacks.
-
Put away the tin-foil: The Apple unlock case is complicated enough
Feb 19, 2016 - 2100 Words |
A high-level summary of what we know, what we think we know, and what we know we don't know, as well as some words of caution.
-
Mobile App Authentication using TouchID and Tidas
Feb 10, 2016 - 1000 Words |
A first, rough look at a new mobile app authentication service from Trail of Bits
-
Salt as a Service: Interesting approach to hashing passwords
Apr 21, 2015 - 1100 Words |
A new service called Blind Hashing, that incorporates salts taken from petabyte-sized cloud databases, hopes to make password cracking obsolete.
-
Nails in the Crypt - White Paper
Mar 6, 2015 - 100 Words |
Nails in the Crypt - White Paper
-
NoVA Hackers - iOS Cryptography Slides
Oct 14, 2014 - 700 Words |
Slides from a quick NoVA Hackers talk I pulled together based on recent blog posts about Apple iOS encryption and privacy changes.
-
A (not so) quick primer on iOS encryption
Oct 6, 2014 - 3900 Words |
Making sense of how iOS encryption works, especially what's changed in iOS 8 and how Apple made it harder for law enforcement, can be difficult. I'll try to help.
-
More Fun with Apple TV Hacking (and Manual RSA Signature Validation)
Feb 21, 2014 - 1800 Words |
-
Apple, Forensics, Law Enforcement, and FUD
May 13, 2013 - 1400 Words |
-
Getting ready for ShmooCon
Feb 12, 2013 - 300 Words |
-
Apple Using Unsalted Hashes Too?
Jun 7, 2012 - 600 Words |
-
Verifying a Detached S/MIME Signature in Python
Feb 21, 2012 - 600 Words |
-
Quantifying the Unknown: Measuring a Theoretical SecurID Attack
Mar 22, 2011 - 1700 Words |
-
The RSA/SecurID Compromise: What is my risk?
Mar 18, 2011 - 900 Words |
-
Nails in the Crypt
Dec 22, 2010 - 800 Words |
-
Rainbow Tables for Unix DES Crypt(3) Hashes
Dec 20, 2010 - 600 Words |
-
ShmooCon 2017 Badge (and more) Contest - Solutions
Jan 20, 2017 - 8500 Words |
ShmooCon 13 Badge contest, scoring, solutions to the puzzles.
-
Poem Codes - WWII Crypto Techniques
Mar 27, 2016 - 2700 Words |
A rough introduction to how poem codes work and how they may have been used in practice by SOE agents in WWII.
-
Good fun with bad crypto
Jan 15, 2014 - 1300 Words |
-
DBIR Cover Challenge 2013
Apr 29, 2013 - 2400 Words |
-
Winning the Decode This! puzzle at Black Hat
Aug 17, 2012 - 300 Words |
-
Fidelis Security Systems' Decode This 2012
Aug 17, 2012 - 1200 Words |
-
Verizon 2012 DBIR Challenge
Mar 28, 2012 - 400 Words |
-
2012 Verizon DBIR Cover Challenge
Mar 28, 2012 - 3700 Words |
-
BSides Phoenix 2012 Badge Puzzle
Feb 19, 2012 - 1500 Words |
-
ShmooCon 2008 Badge Puzzle
Feb 4, 2012 - 1900 Words |
-
ShmooCon 2012 Badge Puzzle
Feb 3, 2012 - 1800 Words |
-
How to Lose $1000 in Vegas Without Even Gambling
Aug 30, 2011 - 1900 Words |
-
DEF CON 16 Punch Card Puzzle
Jul 27, 2011 - 1400 Words |
-
CarolinaCon Flag Puzzle
May 8, 2011 - 1800 Words |
-
The 2009 Verizon Data Breach Investigation Report
Apr 12, 2011 - 1500 Words |
-
ShmooCon 2011 Badge Contest
Feb 9, 2011 - 4400 Words |
-
Breaking a 147-Year-Old Message
Dec 30, 2010 - 4000 Words |
-
Civil War Ciphers Fall!
Dec 30, 2010 - 900 Words |
-
ToorCon 12 Badge Puzzle
Dec 6, 2010 - 4500 Words |
-
THOTCON Pre-Sale Code Puzzle
Nov 22, 2010 - 2700 Words |
-
DEF CON 18 Crypto Challenge
Sep 2, 2010 - 3700 Words |
-
ShmooCon 2010 Badge Contest
Aug 29, 2010 - 2500 Words |
-
QuahogCon Flag Puzzle
May 20, 2010 - 1900 Words |
-
THOTCON 0x1 Puzzle
May 11, 2010 - 2900 Words |
-
ShmooCon 2009 Badge Contest
Apr 27, 2010 - 2000 Words |
-
Making Tunnelblick + Google Authenticator Easier to Use
May 30, 2014 - 1100 Words |
VPNs which require 2-Factor Google Authenticator codes are a pain to start up in Tunnelblick on OS X. Here's a script to make it easier.