Rubi Con 4: April 6th, 2002.
This talk covers the mathematical background behind elliptic curve
cryptography, and the best methods for attacking ellipic curve
cryptosystems. The elliptic curve variant of the discrete logarithm
problem, and Pollard's Rho method for attacking the ECDLP will both be
explained. Once the background is in place, the real-world method of
implementing a parallelized method of Pollard's Rho attack will be
described, and the feasiblity of such an attack will be discussed.
Rubi Con 5: March 29, 2003.
This talk will cover pseudorandom number generation, and how
"randomness" can be defined. It will be oriented for those people who
want a better understanding of what terms like "pseudorandom" and "bit
entropy" mean, or are wondering why exactly it is that a computer can
not generate a "truly random" number. A number of different aspects of
pseudorandom number generation will also be covered, including ways of
analyzing the strength and randomness of pseudorandom number generators,
and explaining things such as what it means when nmap tells you that a
PRNG is weak.
Toorcon 101: September 28, 2003.
Many efficient methods of generating "good" pseudorandom numbers
exist in the literature of mathematics and computer science. One
particular method of generating good randomness is to use
"extractors": functions which will transform "bad" randomness (i.e.
smaller ratio of entropy/data, or randomness distributed poorly) into
"good" randomness (of a provable level of security) by an additional
input of only a small number of truly random bits.
This talk will cover the mathematical background behind pseudorandom
number generation, including concepts such as entropy and what "good"
and "bad" randomness actually means. Once the appropriate background
has been presented, the talk will move from the world of theory to that
of practice, demonstrating how these concepts can be used for the
purpose of pseudorandom number generation. Specifically, the current
/dev/{,u}random PRNG for Linux will be discussed and compared to the new
/dev/erandom PRNG written which uses these extractors.
Northern Ohio Technical Advancement Conference: April 23, 2004.
Computers are getting faster, programs more complex. People are
programming in much higher level languages, using methods to protect the
entire project from a sloppy coder. We even have Clippy, who will now
let you know when you only need to #include <iostream> instead of
#include <iostream.h>.
This makes it easy to lose sight of where it all started, the
foundation that computing today is built on.
In this talk, we will forget about all the modern advancements of
programming languages dot Net and silicon, APIs and transistors, and
look at the bigger picture. Rather than covering the work of the latest
and greatest "computer security professionals" of our time, we will look
at the work of people such as Alan Turing, Alonzo Church, Kurt Gödel,
and Stephen Kleene. We will program without touching a computer, and
play with languages that aren't used with compilers, linkers, or
interpreters.
Black Hat Europe 2004: May 20, 2004.
Many efficient methods of generating "good'' random numbers exist in
the literature of mathematics and theoretical computer science. One
particular method of generating good randomness is to use "extractors'':
graphs which will transform "bad'' randomness (i.e. smaller ratio of
entropy/data, or randomness distributed poorly) to "good'' randomness
(of a provable level of security) by an additional input of only a small
number of truly random bits.
This talk will cover the mathematical background behind pseudorandom
number generation, including concepts such as entropy and what "good''
and "bad'' randomness actually means. Once the appropriate background
has been presented, the talk will move from the world of theory to that
of practice, demonstrating how these concepts can be used for the
purpose of pseudorandom number generation. Specifically, the current
/dev/{,u}random PRNG for Linux will be discussed and compared to the new
/dev/erandom PRNG written which uses these extractors.
Entropy harvesting will also be covered; the work on /dev/erandom
prompted a number of improvements to the entropy harvesting methods used
in the Linux kernel. The new framework for entropy harvesting will be
demonstrated, and the advantages (specifically flexibility and
extensibility) of the new method will be covered.
The Fifth Hope: July 10, 2004
This talk will focus on one reason why it's extremely important to verify the trustworthiness of your encryption programs. A number of papers about a subliminal channel in the Digital Signature Algorithm (DSA) used by the United States Digital Signature Standard were published more than ten years ago. This channel allows for undetectable communication via digital signatures. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in an undetectable way to anyone who knows what to look for. This presentation will show how this subliminal channel works and demonstrate - using a patched version of the GNU Privacy Guard - how to use it for both benign and malicious reasons: legitimate communication using the subliminal channel, and leaking secret keys with each signature.
DEF CON 12: July 31, 2004
A number of papers about a subliminal channel in the Digital Signature Algorithm were published more than ten years ago, allowing for communication through digital signatures in an undetectable manner. The subliminal channel is generally viewed as a method of legitimate but hidden communication, but it can also be used for leaking secret information (such as keys) in a undetectable way to anyone who knows what to look for. I will present on how this subliminal channel works, and demonstrate using a patched version of the GNU Privacy Guard how to use it for both benign and malicious reasons, both of which have little to no prior implementation in encryption programs.
21C3: December 28, 2004
The goal of this talk is to help demystify some of the internals of
the OpenPGP standard, through example, so that others can learn from and
hopefully continue the process. The current (free) open source
implementations of the OpenPGP standard are easily better than many
commercial solutions, as well as more readily supported. To do this, I
will show off a number of the OpenPGP-based projects I've been working
on lately, including: subliminally leaking keys in digital signatures;
vanity key generation; extending the web of trust to ssh host keys; and
maybe even some attacks against the keyserver network that I'll later
regret showing off code for.
Shmoocon: February 5, 2005
this talk is inspired by the title quote, part of a response to the question "how much cryptography experience do you have?" normally, it wouldn't have been a big deal. in this case though, the person i was talking to was someone who'd just given a talk on his new web-based, new-and-improved system for cryptographically-secure email that is easy-enough-for-anyone-to-use. a system he'd written in his spare time and was plugging hard so that everyone in the world could feel safe that their email is secure.
riiiiiiight.
it's been getting too easy lately. want proof? i'm going to bring up a number of these systems that promise security, anonymity, authentication, non-repudiation, whatever other buzzwords in the general field of cryptology that happen to be big at the time. and then i'm going to show you how and why they're broken, along with the steps that could be taken to improve them.
i'll also show how systems that are very good can still have their weaknesses, which can range anywhere from mildly annoying to rather problematic. while i may regret it later on, i'll describe and demonstrate a few "attacks" which most people seem to have overlooked completely.
the end result? hopefully the audience will have a better understanding of the common mistakes that novice cryptographers make, and will avoid them in the future. hopefully people will have a better idea of how to determine what to avoid if they want to actually be secure. and hopefully i won't offend anyone too badly in the process.
22C3: December 29, 2005
Even with tutorials on the WoT and good trust policies the concept of "trust" can still be hard to grasp. Here we'll look at trust metrics, ways of using current trust systems better, and some non-crypto applications of trust.
The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have keysigning parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory.
We'll take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better), and current "correct" practices for establishing trust (and why they could be a lot better). To wrap up, we'll look at the possibilities for doing other interesting (but non-cryptographic) applications involving trust.
Northern Ohio Technological Advancement Conference 3: April 8, 2006
Over the past number of years, I've put in a lot of time developing and maintaining resources that are open (in varying degrees) to the world. While I do consider these projects more than worthwhile, sometimes they can be hard to deal with. While there are always problems-- with time, financially, or with other resources-- it seems that the biggest headaches always come from within. In this talk, we'll look at a few communities of varying degrees of stability I've been involved with, the problems that have come up in and because of these communities, and the steps taken to help solve these problems. These will include things created both online (2600net, aculei.net) and in the real world (the Hacker Halfway House, the current yet-unnamed project I'm working on).
Hope Number 6: July 22, 2006
The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have key signing parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory.
Seth will take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better) and the current "correct" practices for establishing trust (and why they could be a lot better). To finish, Seth will talk about some of the many bad trust policies that have managed to become mainstream and commonly accepted, even by many self-described "computer security professionals."
DEF CON 14: August 6, 2006
The web of trust, as used in PGP, is a well-known system for
establishing trust between people, even if the people have not
previously met. Why does it work so well in crypto? The answer is
simple: it's the same system that we all use on a daily basis when
dealing with friends, family, relationships, andjust about everyone else
we have to interact with. On the crypto side, however, there are a
number of restrictions that limit the effectiveness of this trust
network. While many "security professionals" say that they are
mandatory, the system seems to work just as well without themŃ are they
completely arbitrary? Here we'll look at a couple of these restrictions,
focusing on the technical aspects of identity verification, and evaluate
their effectiveness through a couple of real-world experiments.
Northern Ohio Technological Advancement Conference 4: April 28, 2007
Like meetings in public spaces, online communities often are faced
with the problem of policing themselves against people who only wish to
disrupt things. This is even worse on the Internet, where bandwidth is
cheap, botnets are easy to create, anonymity trumps fear of
repercussions, and many people think denial of service attacks are
completely legitimate ways to show off the size of one's e-penis. This
talk will cover the problem of DDoSes to online communities: from why
it's so common (technologically speaking), to the blame-the-victim
mentality that perpetuates the problem (and how to fight it, both on a
technical and social level).
Chaos Communication Camp 2007: August 11, 2007
This workshop is a lecture in the math background of public key
encryption. (Bring something to take notes on!) All the prerequisite
math will be covered, no prior background in mathematics is necessary.
The goal of the lecture is to have everyone come out with enough
understanding of some common algorithms, not just how but also why they
work, that they may be able to reproduce and implement the algorithms
properly.
The focus will be on the discrete logarithm problem, commonly used in
the Diffie-Hellman key exchange, ElGamal encryption, and DSA digital
signatures; factoring, which is commonly used by RSA encryption and
digital signatures; and elliptic curves, used in variants of the DLP.
The math covered will mostly include abstract algebra and number theory.
Concord-Carlisle High School, Concord, MA
I was invited by the head of the math department at Concord-Carlisle High School to speak on the topic of cryptography to a senior-level class on advanced topics in mathematics. Topics covered included the RSA algorithm, elliptic curve cryptography, smart cards and cryptographic tokens, PGP and GnuPG, and careers in cryptography.
"Prowessful counterassertion, intercommon sunshining in
synentognathous crossbreeds."
Slides in: postscript pdf
"/dev/erandom: The inner workings of a provably secure PRNG."
Slides in: postscript pdf
"Computers without hardware; programming without coding."
"Pseudorandom number generation, entropy harvesting, and provable
security in Linux."
C4 (Chaos Computer Club Cologne) Presentation: May 21, 2004.
Slides in: postscript pdf
Paper in: postscript pdf
"Making use of the subliminal channel in DSA."
Slides in: pdf
Audio in: mp3
"Subliminal channels in digital signatures -or- Why it's very important to verify trustworthiness of encryption programs."
Slides in: pdf
Learning OpenPGP By Example (Stupid Crypto Tricks with GnuPG?)
Slides in: pdf
"applied cryptography? oh, I skimmed through that book once."
capitalization verbatim from published abstract.
Slides in: pdf
"Breaking Down the Web of Trust"
Slides in: pdf
Video: torrent
"Building Communities in Self-Destructive Environments"
Slides in: ppt
"Breaking Down the Web of Trust"
Slides in: ppt
Audio: mp3
"Your Name, Your Shoe Size, Your Identity? What Do We Trust In This Web?"
Slides in: ppt
"Online Communities and the Politics of DDoS"
Slides in: ppt
"A Crash Course In The Math of Public Key Cryptography"
Notes in: pdf
» Other Talks and Presentations
Concord-Carlisle High School
Advanced Topics in Mathematics (Grade 12 Class)
November 2003, November 2004, November 2005