Home
Search results “Cryptographically random nonce define”
What is CRYPTOGRAPHIC NONCE? What does CRYPTOGRAPHIC NONCE mean? CRYPTOGRAPHIC NONCE meaning
 
04:52
What is CRYPTOGRAPHIC NONCE? What does CRYPTOGRAPHIC NONCE mean? CRYPTOGRAPHIC NONCE meaning - CRYPTOGRAPHIC NONCE definition - CRYPTOGRAPHIC NONCE explanation. Source: Wikipedia.org article, adapted under https://creativecommons.org/licenses/by-sa/3.0/ license. SUBSCRIBE to our Google Earth flights channel - https://www.youtube.com/channel/UC6UuCPh7GrXznZi0Hz2YQnQ In cryptography, a nonce is an arbitrary number that may only be used once. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash function. A nonce is an arbitrary number used only once in a cryptographic communication, in the spirit of a nonce word. They are often random or pseudo-random numbers. Many nonces also include a timestamp to ensure exact timeliness, though this requires clock synchronization between organizations. The addition of a client nonce ("cnonce") helps to improve the security in some ways as implemented in digest access authentication. To ensure that a nonce is used only once, it should be time-variant (including a suitably fine-grained timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudo-randomness (or unpredictability) as a requirement for a nonce. Authentication protocols may use nonces to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time the 401 authentication challenge response code is presented, thus making replay attacks virtually impossible. The scenario of ordering products over the Internet can provide an example of the usefulness of nonces in replay attacks. An attacker could take the encrypted information and—without needing to decrypt—could continue to send a particular order to the supplier, thereby ordering products over and over again under the same name and purchase information. The nonce is used to give 'originality' to a given message so that if the company receives any other orders from the same person with the same nonce, it will discard those as invalid orders. A nonce may be used to ensure security for a stream cipher. Where the same key is used for more than one message and then a different nonce is used to ensure that the keystream is different for different messages encrypted with that key; often the message number is used. Secret nonce values are used by the Lamport signature scheme as a signer-side secret which can be selectively revealed for comparison to public hashes for signature creation and verification. Initialization vectors may be referred to as nonces, as they are typically random or pseudo-random. Nonces are used in proof-of-work systems to vary the input to a cryptographic hash function so as to obtain a hash for a certain input that fulfills certain arbitrary conditions. In doing so, it becomes far more difficult to create a "desirable" hash than to verify it, shifting the burden of work onto one side of a transaction or system. For example, proof of work, using hash functions, was considered as a means to combat email spam by forcing email senders to find a hash value for the email (which included a timestamp to prevent pre-computation of useful hashes for later use) that had an arbitrary number of leading zeroes, by hashing the same input with a large number of nonce values until a "desirable" hash was obtained. Similarly, the bitcoin block-chain hashing algorithm can be tuned to an arbitrary difficulty by changing the required minimum/maximum value of the hash so that the number of bitcoins awarded for new blocks does not increase linearly with increased network computation power as new users join. This is likewise achieved by forcing bitcoin miners to add nonce values to the value being hashed to change the hash algorithm output. Because cryptographic hash algorithms cannot easily be predicted based on their inputs, this makes the act of blockchain hashing and the possibility of being awarded bitcoins something of a lottery, where the first "miner" to find a nonce that delivers a desirable hash is awarded valuable bitcoins.
Views: 6318 The Audiopedia
Hashing Algorithms and Security - Computerphile
 
08:12
Audible free book: http://www.audible.com/computerphile Hashing Algorithms are used to ensure file authenticity, but how secure are they and why do they keep changing? Tom Scott hashes it out. More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Pigeon Sound Effects courtesy of http://www.freesfx.co.uk/ Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels
Views: 767505 Computerphile
Randomizing Cryptography - CompTIA Security+ SY0-501 - 6.1
 
03:35
Security+ Training Course Index: http://professormesser.link/sy0501 Professor Messer’s Course Notes: http://professormesser.link/501cn Frequently Asked Questions: http://professormesser.link/faq - - - - - We rely heavily on randomization when using cryptography. In this video, you’ll learn about the importance of randomization and how random information is used to provide data security. - - - - - Subscribe to get the latest videos: http://professormesser.link/yt Calendar of live events: http://www.professormesser.com/calendar/ FOLLOW PROFESSOR MESSER: Professor Messer official website: http://www.professormesser.com/ Twitter: http://www.professormesser.com/twitter Facebook: http://www.professormesser.com/facebook Instagram: http://www.professormesser.com/instagram Google +: http://www.professormesser.com/googleplus
Views: 16431 Professor Messer
Bitcoin Q&A: Nonces, mining, and quantum computing
 
15:24
Who generates the nonce? What makes it random? How is nonce-guessing important to the competitive process of mining? What happens if the hashing algorithm (SHA-256) was compromised? Is quantum computing a threat? More on nonces and the mining process: https://github.com/bitcoinbook/bitcoinbook/blob/8ae3c056fb257111bda8883d9d204e8476f9870c/ch09.asciidoc More about the SHA-1 collision: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html More about SHA-1 and Bitcoin: https://bitcoin.stackexchange.com/questions/75135/is-sha-1-used-in-bitcoin CORRECTION: At 5:53, I described what a collision was. However, the definition I outlined was actually for a pre-image attack, which is distinct from collision attacks. The subtitles have been edited to include the correction. https://en.wikipedia.org/wiki/Preimage_attack These questions are from the MOOC 7.2 and 9.2, which took place on February 26th 2017 and February 23rd 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop RELATED: Consensus Algorithms, Blockchain Technology, and Bitcoin - https://youtu.be/fw3WkySh_Ho Advanced Bitcoin Scripting Part 1: Transactions and Multisig - https://youtu.be/8FeAXjkmDcQ Advanced Bitcoin Scripting Part 2: SegWit, Consensus, and Trustware - https://youtu.be/pQbeBduVQ4I What is Consensus: Rules without Rulers - https://youtu.be/2tqo7PX5Pyc Forkology: A Study of Forks for Newbies - https://youtu.be/rpeceXY1QBM Bitcoin: Where the Laws of Mathematics Prevail - https://youtu.be/HaJ1hvon0E0 Software distribution security - https://youtu.be/_V0vqy046YM What is mining? - https://youtu.be/t4p4iMqmxbQ The mining process - https://youtu.be/L4Xtau0YMJw Miners, pools, and consensus - https://youtu.be/JHz7LM4ncLw Cryptographic primitives - https://youtu.be/RIckQ6RBt5E The rules of Bitcoin (part 1) - https://youtu.be/VnQu4uylfOs The rules of Bitcoin (part 2) - https://youtu.be/vtIp0GP4w1E Rules versus rulers - https://youtu.be/9EEluhC9SxE The value of proof-of-work - https://youtu.be/ZDGliHwstM8 Migrating to post-quantum cryptography - https://youtu.be/dkXKpMku5QY Could a state-sponsored 51% attack work? - https://youtu.be/KUd8ZGgm6Qo Honest nodes and consensus - https://youtu.be/KAhY2ymI-tg Spam transactions and Child Pays For Parent (CPFP) - https://youtu.be/t3c0E4fkSNs Is Bitcoin a democracy? - https://youtu.be/TC3Hq76UT5g Decentralized power, leaderless governance - https://youtu.be/E5VbDlQTPzU Scaling, trust, and trade-offs - https://youtu.be/vCxmHwqyJWU What is the role of nodes? - https://youtu.be/fNk7nYxTOyQ Why running a node is important - https://youtu.be/oX0Yrv-6jVs Lightning, full nodes, and miners - https://youtu.be/dlJG4OHdJzs Running nodes and payment channels - https://youtu.be/ndcfBfE_yoY What happens during a fork? - https://youtu.be/XBk8hBJ1xVo SegWit adoption - https://youtu.be/KCsTVTRk6I4 Spam transactions and Child Pays For Parent (CPFP) - https://youtu.be/t3c0E4fkSNs Energy consumption - https://youtu.be/2T0OUIW89II Solar energy and mining in space - https://youtu.be/cusakcpa8AM Bitmain and ASICBoost allegations - https://youtu.be/t6jJDD2Aj8k Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin. Follow on Twitter: @aantonop https://twitter.com/aantonop Website: https://antonopoulos.com/ He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters. THE INTERNET OF MONEY, v1: https://www.amazon.co.uk/Internet-Money-collection-Andreas-Antonopoulos/dp/1537000454/ref=asap_bc?ie=UTF8 [NEW] THE INTERNET OF MONEY, v2: https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/194791006X/ref=asap_bc?ie=UTF8 MASTERING BITCOIN: https://www.amazon.co.uk/Mastering-Bitcoin-Unlocking-Digital-Cryptocurrencies/dp/1449374042 [NEW] MASTERING BITCOIN, 2nd Edition: https://www.amazon.com/Mastering-Bitcoin-Programming-Open-Blockchain/dp/1491954388 Subscribe to the channel to learn more about Bitcoin & open blockchains! Music: "Unbounded" by Orfan (https://www.facebook.com/Orfan/) Outro Graphics: Phneep (http://www.phneep.com/) Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)
Views: 10743 aantonop
Create A Random Nonce String Using JavaScript
 
05:42
Create a random string of characters that can be used for strong passwords, oauth nonces, or anything else using JavaScript. View a written version of this tutorial on my web blog: https://blog.nraboy.com/2015/03/create-a-random-nonce-string-using-javascript/ Follow my blog or subscribe to my YouTube channel for other great programming tutorials.
Views: 4928 Nic Raboy
Password Hashing, Salts, Peppers | Explained!
 
04:30
---------------------------------------------------------------------------------------------- Check out my site: http://www.seytonic.com Follow me on twitter: https://twitter.com/seytonic
Views: 63852 Seytonic
Nonce Meaning
 
00:27
Video shows what nonce means. The one or single occasion; the present reason or purpose (now only in for the nonce).. A nonce word.. nonce pronunciation. How to pronounce, definition by Wiktionary dictionary. nonce meaning. Powered by MaryTTS
Views: 9107 SDictionary
How to use WordPress Nonce - Part1
 
04:32
In this video tutorial, we are going to see how to use WordPress Nonce in our form. We will create our nonce and verify it while submitting form data. WordPress Nonce is useful to prevent CSRF attacks. -~-~~-~~~-~~-~- Please watch: "How To Add Two Step Authentication On WordPress Website" https://www.youtube.com/watch?v=q30vfFbNnJ4 -~-~~-~~~-~~-~-
Views: 1451 Artisans Web
Bitcoin Q&A: Public keys vs. addresses
 
12:43
What is the difference between public keys and addresses? How are new addresses generated? How are change addresses generated? Why have two outputs? Do you still pay fees if you are sending bitcoin to new addresses in your own wallet? What is the VanityGen command? What does the SIG_HASH flag do? More from 'Mastering Bitcoin': https://github.com/bitcoinbook/bitcoinbook/blob/f8b883dcd4e3d1b9adf40fed59b7e898fbd9241f/ch04.asciidoc These questions are from the MOOC 9.3 and 9.5 sessions which took place on March 2nd and March 16th, 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop RELATED: Advanced Bitcoin Scripting Part 1: Transactions and Multi-sig - https://youtu.be/8FeAXjkmDcQ Advanced Bitcoin Scripting Part 2: SegWit, Consensus, and Trustware - https://youtu.be/pQbeBduVQ4I Reusing addresses - https://youtu.be/4A3urPFkx8g Airdrop coins and privacy implications - https://youtu.be/JHRnqJJ0rhc Wealth distribution statistics - https://youtu.be/X2Qsz4eaSPY Mixing services - https://youtu.be/rKoMvOH4zoY How do mnemonic seeds work? - https://youtu.be/wWCIQFNf_8g Using paper wallets - https://youtu.be/cKehFazo8Pw What is Segregated Witness? - https://youtu.be/dtOjjB4mD8k Spam transactions and Child Pays For Parent (CPFP) - https://youtu.be/t3c0E4fkSNs Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin. Follow on Twitter: @aantonop https://twitter.com/aantonop Website: https://antonopoulos.com/ He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters. THE INTERNET OF MONEY, v1: https://www.amazon.co.uk/Internet-Money-collection-Andreas-Antonopoulos/dp/1537000454/ref=asap_bc?ie=UTF8 [NEW] THE INTERNET OF MONEY, v2: https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/194791006X/ref=asap_bc?ie=UTF8 MASTERING BITCOIN: https://www.amazon.co.uk/Mastering-Bitcoin-Unlocking-Digital-Cryptocurrencies/dp/1449374042 [NEW] MASTERING BITCOIN, 2nd Edition: https://www.amazon.com/Mastering-Bitcoin-Programming-Open-Blockchain/dp/1491954388 Subscribe to the channel to learn more about Bitcoin & open blockchains! Music: "Unbounded" by Orfan (https://www.facebook.com/Orfan/) Outro Graphics: Phneep (http://www.phneep.com/) Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)
Views: 11581 aantonop
Authentication Protocol   Man In Middle Attack   Replay Attack   Nonce
 
13:10
In this playlist you will learn about the following topics Protocols, Layered Model Network components Uses of networks Traceroute and socket API Protocols and layering Reference models (Internet, OSI) History of the internet Physical and Direct Link Layer Simple link models (latency, bandwidth-delay product) Media and signals Modulation schemes (baseband, passband) Fundamental limits (Shannon) Framing Error detection schemes (checksum, CRC) Error correction schemes (Hamming) Retransmissions, Multiple access, Switching Retransmissions (ARQ) Multiplexing schemes (TDM. FDM) Random access / Ethernet (CSMA family) Wireless access / 802.11 Contention-free access / Token Ring LAN switching (switches vs. hubs, spanning tree, backward learning) Network Layer and Internetworking Datagram and virtual circuit models (IP, MPLS) IP addressing and forwarding (prefixes, longest matching prefix) IP helpers: ARP, DHCP Internetworking (fragmentation, path MTU discovery, ICMP) IPv4 and IPv6 Network Address Translation (NAT) Routing Shortest cost routing model Dijkstra's algorithm Flooding Distance Vector and Link-state Equal-cost multi-path routing Hierarchical routing (prefixes, aggregation, subnets) Multiple parties and policy (BGP) Transport Layer, Reliable Transport Sockets, ports and service APIs Reliable and unreliable delivery (TCP, UDP) Connection establishment and teardown Flow control and sliding windows Retransmission timeouts Congestion Control Fairness and Efficiency Additive Increase Multiplicative Decrease (AIMD) TCP congestion control (slow start, fast retransmission and recovery) Congestion avoidance (ECN) Web and Content Distribution Naming (DNS) Web protocols (HTTP, caching) Content Distribution Networks (CDNs) Peer-to-Peer (BitTorrent) Quality of Service and Real-Time Apps Streaming media and Conferencing Scheduling disciplines (FIFO, WFQ) Traffic shaping with Token Buckets Differentiated Services Rate and Delay Guarantees Optional: Network Security Encryption for Confidentiality and Authenticity Web security (SSL, DNSSEC) Wireless security (802.11i) Firewalls and Virtual Private Networks (VPNs) Distributed Denial of Service (DDOS) Computer Networks 1 OSI Model in Networking OSI model layers and their function (L1) 2 IP Address Basics: Classful Addressing dotted decimal notation 3 IP Address: Network ID and Host ID Network Mask 4 IP Address Subnet Supernet subnetmask 5 Classless IP Addressing: Subnet Mask, subnet block size, network address 6 Block Allocation of IP address Create subnets from block of IP address 7 Introduction to Interconnecting Devices: REPEATERS HUBS BRIDGE SWITCHES ROUTERS 8 VLAN: Virtual Lan concepts VLAN TRUNK and Switches 9 Address Resolution Protocol (ARP) and Reverse ARP explained Animated 10 Medium Access Control: Aloha and Slotted Aloha Protocol 11 Carrier Sense Multiple Access Protocol CSMA 12 CSMA/CD (Carrier Sense Multiple Access/ Collision Detection) 13 Network Address Translation (NAT) 14 Dynamic Host Configuration Protocol (DHCP) 15 Circuit Switching vs Packet Switching 16 Virtual Circuit Network Virtual Circuit switching 17 Domain Name Server (DNS) Name Server DNS how dns works 18 Internet Control Message Protocol (ICMP) ICMP protocol tutorial part 1 19 Internet Control Message Protocol (ICMP) : Error Message (Part 2) 20 Stop and Wait Protocol Stop and Wair ARQ Stop and Wait Flow control 21 GO BACK N ARQ Protocol Go back N sliding window 22 SELECTIVE REPEAT ARQ selective repeat sliding window protocol 23 Authentication Protocol Man In Middle Attack Replay Attack Nonce 24 Introduction to Public Key Cryptography Public Key Cryptography animation 25 Introduction to Digital Signature Public Key cryptography 26 RSA Algorithm and public key encryption rivest shamir adleman algorithm 27 Message Digest and Digital Signature Cryptographic Hash Function 28 Certification Authority (CA) Digital Certificate 29 Secure EMail How To Public Private Key Encryption Secure E-Mail PGP
Views: 100 Vijay S
Introduction to Using Nonces in WordPress
 
09:47
Demonstrates how to use nonce fields in your WordPress forms for improved security Read more: http://pippinsplugins.com/introduction-to-using-nonces-for-form-validation
Views: 3916 Pippin Williamson
Bitcoin - Proof of work
 
10:32
An explanation of cryptographic proof-of-work protocols, which are used in various cryptographic applications and in bitcoin mining. More free lessons at: http://www.khanacademy.org/video?v=9V1bipPkCTU Video by Zulfikar Ramzan. Zulfikar Ramzan is a world-leading expert in computer security and cryptography and is currently the Chief Scientist at Sourcefire. He received his Ph.D. in computer science from MIT.
Views: 188858 Khan Academy
BSidesSF 2018 - No More XSS: Deploying CSP with nonces and strict-dynamic (Devin Lundberg)
 
29:25
Devin Lundberg - No More XSS: Deploying CSP with nonces and strict-dynamic XSS, one of the most common web vulnerabilities, can be completely prevented with a strict Content Security Policy (CSP). Older versions of CSP involved the tedious process of building a whitelist of domains where scripts lived. It is very common for these whitelists to contain sites that allow for arbitrary code execution and developers cannot use inline scripts without disabling the XSS protections. Version 3 of CSP introduced a mechanism called strict-dynamic that makes applying content security policy to an existing web page possible without having to do major refactors. This talk will cover how we applied a strict CSP to pinterest.com and instapaper.com including how easy it is and some things to watch out for. I'll also cover what kinds of attacks are still possible after a strict CSP is deployed.
IOTA tutorial 7: Proof of Work, Curl and Nonce
 
15:09
If you like this video and want to support me, go this page for my donation crypto addresses: https://www.youtube.com/c/mobilefish/about This is part 7 of the IOTA tutorial. In this video series different topics will be explained which will help you to understand IOTA. It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier. Making a transaction: Step 1. Constructing the bundle and signing the transaction inputs with your private keys. IOTA uses a bundle which consists of multiple transactions containing credits to the receiving addresses and debits from the spending addresses. In IOTA there are two types of transactions: one where you transfer value and thus, have to sign inputs, and ones where you simply send a transaction to an address with no value transfer (e.g. a message). A transaction is an object containing several fields such as an address, signature, value and tag. Step 2. Tip selection The tip selection is a process whereby you traverse the tangle in a random walk to randomly chose two transactions which will be validated by your transaction. Your transaction checks for example if the descendants of that transaction is valid. If these transactions are valid they will be added to your bundle construct. Step 3. Proof of Work (PoW) Once the bundle is constructed, signed and the tips are added to the bundle, the PoW has to be done for each transaction in the bundle. Every transaction in a bundle requires a nonce (this is the result of the PoW) in order to be accepted by the tangle network. IOTA's PoW is directly comparable to Hashcash, as it serves a similar purpose to prevent spam, and in IOTA's case, also to prevent sybil-attacks. When the PoW is done, the nonce of the transaction object should be updated. The transaction can now be broadcasted to the tangle network and wait for it to be approved by someone else. The IOTA light wallet uses the Curl hash algorithm for PoW. There are two methods to execute the Curl hash algorithm: Method 1: Using Webgl 2 Curl implemention. The Curl hash algorithm is ported to Javascript (curl.lib.js) to work in WebGL-enabled browsers such as Chromium. WebGL uses the system Graphics Processing Unit (GPU). Method 2: Using CCurl implementation. CCurl means C port of the Curl library, which uses the system Central Processing Unit (CPU) (aka native route). PoW is executed faster using GPUs instead of CPUs. By default the IOTA light wallet uses the "Webgl 2 Curl" implementation thereby speeding up the PoW. However, some people will find that they get an "Invalid Transaction Hash" when they use this setting. In that case select the light wallet option "CCurl implementation". CCurl implemenation means using the C port of the Curl library for the PoW. The CCurl library can be found at: https://github.com/iotaledger/ccurl Webgl 2 Curl implementation means using the curl.lib.js ported Javascript library to work in WebGL enabled browsers for the PoW. The curl.lib.js library can be found at: https://github.com/iotaledger/curl.lib.js As mentioned earlier the purpose of the PoW is to prevent spam and sybil-attacks. PoW means calculating the nonce for every transaction in a bundle. When making a value or non value transaction you pay no fee. However there is a small cost you are paying. You pay for the electrical energy that you spend for the PoW. Get the Minimum Weight Magnitude (MWM). The Minimum Weight Magnitude is the difficulty of PoW. An IOTA transaction data is encoded and stored in a string of 2673 trytes (= transactionObjectTrytes). The last 81 trytes of the transactionObjectTrytes is reserved for the nonce. Execute the PoW using the transactionObjectTrytes and Minimum Weight Magnitude as input. The PoW outputs the nonce which is 81 trytes in size. Insert the nonce in the transactionObjectTrytes (= transactionObjectWithNonceTrytes). Convert transactionObjectWithNonceTrytes into trits (= transactionObjectWithNonceTrits) Create and initialise a CheckHash object. This object will hold the Curl hash algorithm result. Create and initialise a CurlHash object. This object will: - receive inputs (absorb the transactionObjectWithNonceTrits) - execute the Curl hash algorithm - outputs the result (squeeze data into the CheckHash object) The CheckHash object will hold the Curl hash algorithm result in trits. The number of 0’s at the end of the CheckHash value must be at least the Minimum Weight Magnitude. If that is the case the nonce is valid. A valid nonce is required for the transaction to be accepted by the tangle network. Check out all my other IOTA tutorial videos: https://goo.gl/aNHf1y Subscribe to my YouTube channel: https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html #mobilefish #howto #iota
Views: 5524 Mobilefish.com
Bypass 0auth nonce and steal oculus response code
 
01:23
POC: https://medium.com/@lokeshdlk77/bypass-oauth-nonce-and-steal-oculus-response-code-faa9cc8d0d37
Views: 669 lokesh kumar
How Random Is Your RNG [ShmooCon 2015]
 
46:14
Meltem Sönmez Turan, John Kelsey, and Kerry McKay Cryptographic primitives need random numbers to protect your data. Random numbers are used for generating secret keys, nonces, random paddings, initialization vectors, salts etc. Deterministic pseudorandom number generators are useful, but they still need truly random seeds generated by entropy sources in order to produce random numbers. Researchers have shown examples of deployed systems that did not have enough randomness in their entropy sources, and as a result, crypto keys were compromised. So how do you know how much entropy is in your entropy source? Estimating entropy is a difficult (if not impossible) problem, and we've been working to create usable guidance that will give conservative estimates on the amount of entropy in an entropy source. We want to share some of the challenges and proposed methods. We will also talk about some new directions that we're investigating, and present results of our estimation methods on simulated entropy sources. The authors work within the Cryptographic Technology Group at the National Institute of Standards and Technology (NIST). Meltem is a cryptographer at NIST and holds a Ph.D. in Cryptography from Middle East Technical University. Kerry is a computer scientist at NIST and holds a D.Sc. in Computer Science from The George Washington University. John is an experienced cryptographer at NIST and has degrees in Computer Science and Economics from the University of Missouri Columbia.
Views: 312 Michail S
What is the merkle tree in Bitcoin?
 
03:53
Explanation of cryptographic hash: https://youtu.be/IVqD-_QskW0?t=1m13s 13uJjYF12aRVdwaiTmALx5XDfguQ9MnYtK
Views: 20341 Keifer Kif
Statistical Fault Attacks on Nonce Based Authenticated Encryption Schemes
 
24:56
Christoph Dobraunig and Maria Eichlseder and Thomas Korak and Victor Lomné and Florian Mendel. Talk at Asiacrypt 2016. See http://www.iacr.org/cryptodb/data/paper.php?pubkey=27913
Views: 350 TheIACR
WordPress QuickTip: What is a nonce good for?
 
03:10
This quick tip shows what a nonce is and why you should use nonces in your own themes and plugins.
Views: 521 Marian Heddesheimer
Key Distribution Center (KDC)
 
03:40
This video is part of the Udacity course "Intro to Information Security". Watch the full course at https://www.udacity.com/course/ud459
Views: 16328 Udacity
Securing form submission with nonces
 
02:26
For More Visit : http://vivatutorials.com
Views: 490 Honey Boney
Bitcoin Q&A: What is a private key?
 
18:18
What is a private key? How are they generated and formatted? Are private keys transmitted when you make a transaction? What are the chances of collision? Will quantum computing making it easy to guess private keys? Does implementing quantum-proof algorithms require an overhaul of the code? Learn more from the following chapters of 'Mastering Bitcoin': https://github.com/bitcoinbook/bitcoinbook/blob/f8b883dcd4e3d1b9adf40fed59b7e898fbd9241f/ch04.asciidoc https://github.com/bitcoinbook/bitcoinbook/blob/f8b883dcd4e3d1b9adf40fed59b7e898fbd9241f/ch05.asciidoc Key to address code: https://github.com/bitcoinbook/bitcoinbook/blob/35f1c62f192dd0eaf1b1c462f88a46e0f5942e16/code/key-to-address-ecc-example.py These questions are from the MOOC 9.3 and 9.4 sessions, as well as the (rescheduled) April Patreon Q&A session, which took place on March 2nd, March 9th, and May 5th 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop RELATED: Bitcoin: Where the Laws of Mathematics Prevail - https://youtu.be/HaJ1hvon0E0 Advanced Bitcoin Scripting Part 1: Transactions & Multisig - https://youtu.be/8FeAXjkmDcQ Advanced Bitcoin Scripting Part 2: SegWit, Consensus, and Trustware - https://youtu.be/pQbeBduVQ4I Cryptographic primitives - https://youtu.be/RIckQ6RBt5E Nonces, mining, and quantum computing - https://youtu.be/d4xXJh677J0 Public keys vs. addresses - https://youtu.be/8es3qQWkEiU Re-using addresses - https://youtu.be/4A3urPFkx8g What happens to our bitcoins during a hard fork? - https://youtu.be/sNR76fWd7-0 How do mnemonic seeds work? - https://youtu.be/wWCIQFNf_8g Multi-signature and distributed storage - https://youtu.be/cAP2u6w_1-k What is Segregated Witness? - https://youtu.be/dtOjjB4mD8k SegWit and fork research - https://youtu.be/OorLoi01KEE Forkology: A Study of Forks for Newbies - https://youtu.be/rpeceXY1QBM MimbleWimble and Schnorr signatures - https://youtu.be/qloq75ekxv0 Protocol development security - https://youtu.be/4fsL5XWsTJ4 Migrating to post-quantum cryptography - https://youtu.be/dkXKpMku5QY Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin. Follow on Twitter: @aantonop https://twitter.com/aantonop Website: https://antonopoulos.com/ He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters. THE INTERNET OF MONEY, v1: https://www.amazon.co.uk/Internet-Money-collection-Andreas-Antonopoulos/dp/1537000454/ref=asap_bc?ie=UTF8 [NEW] THE INTERNET OF MONEY, v2: https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/194791006X/ref=asap_bc?ie=UTF8 MASTERING BITCOIN: https://www.amazon.co.uk/Mastering-Bitcoin-Unlocking-Digital-Cryptocurrencies/dp/1449374042 [NEW] MASTERING BITCOIN, 2nd Edition: https://www.amazon.com/Mastering-Bitcoin-Programming-Open-Blockchain/dp/1491954388 Translations of MASTERING BITCOIN: https://bitcoinbook.info/translations-of-mastering-bitcoin/ Subscribe to the channel to learn more about Bitcoin & open blockchains! Music: "Unbounded" by Orfan (https://www.facebook.com/Orfan/) Outro Graphics: Phneep (http://www.phneep.com/) Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)
Views: 8952 aantonop
Bsides LV 2014 - Untwisting The Mersenne Twister: How I killed the PRNG - 05Aug2014
 
42:23
05 Aug 2014 - Bsides Las Vegas 2014 Joe "moloch" - Bishop Fox Dan "AltF4" Petro - Bishop Fox http://www.bishopfox.com http://www.bishopfox.com/blog/2014/08/untwisting-mersenne-twister-killed-prng/ http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/bg04-untwisting-the-mersenne-twister-how-i-killed-the-prng-moloch Untwisting The Mersenne Twister: How I killed the PRNG Applications rely on generating random numbers to provide security, and fail catastrophically when these numbers turn out to be not so “random.” For penetration testers, however, the ability to exploit these systems has always been just out of reach. To solve this problem, we’ve created “untwister:” an attack tool for breaking insecure random number generators and recovering the initial seed. We did all the hard math, so you don't have to! Random numbers are often used in security contexts for generating unique IDs, new passwords for resets, or cryptographic nonces. However, the built-in random number generators for most languages and frameworks are insecure, leaving applications open to a series of previously theoretical attacks. Lots of papers have been written on PRNG security, but there's still almost nothing practical you can use as a pentester to actually break live systems in the wild. This talk focuses on weaponizing what used to be theoretical into our tool: untwister. Let's finally put rand() to rest. DISCLAIMER: This video is intended for pentesting training purposes only.
Views: 4232 Bishop Fox
Bitcoin Q&A: What is difficulty targeting?
 
14:45
How does difficulty targeting work? What determines the desired pattern? Should difficulty re-targeting still happen every 2016 blocks? Could difficulty changes (and hence profitability changes) make all miners drop out? These questions are from the MOOC 7.2 and 9.2 sessions, which took place on February 26th 2017 and February 23rd 2018 respectively. Andreas is a teaching fellow with the University of Nicosia. The first course in their Master of Science in Digital Currency degree, DFIN-511: Introduction to Digital Currencies, is offered for free as an open enrollment MOOC course to anyone interested in learning about the fundamental principles. If you want early-access to talks and a chance to participate in the monthly live Q&As with Andreas, become a patron: https://www.patreon.com/aantonop RELATED: What is mining? - https://youtu.be/t4p4iMqmxbQ Miners, pools, and consensus - https://youtu.be/JHz7LM4ncLw The mining process - https://youtu.be/L4Xtau0YMJw Nonces, mining, and quantum computing - https://youtu.be/d4xXJh677J0 Honest nodes and consensus - https://youtu.be/KAhY2ymI-tg Genesis block and coinbase transactions - https://youtu.be/strhfzJ56QE Proof-of-work changes - https://youtu.be/AcaktuPdQrc SegWit and fork research - https://youtu.be/OorLoi01KEE What is the role of nodes? - https://youtu.be/fNk7nYxTOyQ Why running a node is important - https://youtu.be/oX0Yrv-6jVs Andreas M. Antonopoulos is a technologist and serial entrepreneur who has become one of the most well-known and respected figures in bitcoin. Follow on Twitter: @aantonop https://twitter.com/aantonop Website: https://antonopoulos.com/ He is the author of two books: “Mastering Bitcoin,” published by O’Reilly Media and considered the best technical guide to bitcoin; “The Internet of Money,” a book about why bitcoin matters. THE INTERNET OF MONEY, v1: https://www.amazon.co.uk/Internet-Money-collection-Andreas-Antonopoulos/dp/1537000454/ref=asap_bc?ie=UTF8 [NEW] THE INTERNET OF MONEY, v2: https://www.amazon.com/Internet-Money-Andreas-M-Antonopoulos/dp/194791006X/ref=asap_bc?ie=UTF8 MASTERING BITCOIN: https://www.amazon.co.uk/Mastering-Bitcoin-Unlocking-Digital-Cryptocurrencies/dp/1449374042 [NEW] MASTERING BITCOIN, 2nd Edition: https://www.amazon.com/Mastering-Bitcoin-Programming-Open-Blockchain/dp/1491954388 Translations of MASTERING BITCOIN: https://bitcoinbook.info/translations-of-mastering-bitcoin/ Subscribe to the channel to learn more about Bitcoin & open blockchains! Music: "Unbounded" by Orfan (https://www.facebook.com/Orfan/) Outro Graphics: Phneep (http://www.phneep.com/) Outro Art: Rock Barcellos (http://www.rockincomics.com.br/)
Views: 7223 aantonop
Chubby Lad calls a random kid a Nonce in public
 
00:16
What a fookin nonce
Views: 204 Wobbly Orphan
Krack Attacks (WiFi WPA2 Vulnerability) - Computerphile
 
10:53
Secure WiFi is broken - Dr Mike Pound & Dr Steve Bagley on the Krack Attack discovered by researchers in Belgium. Mike's description of crib dragging relates to Professor Brailsford's discussions of WWII Lorenz cipher cracking: Fishy Codes: https://youtu.be/Ou_9ntYRzzw Zig Zag Decryption: https://youtu.be/yxx3Bkmv3ck IBM PC: https://youtu.be/fCe0I3RJajY Password Cracking: https://youtu.be/7U-RbOKanYs The researchers who discovered the vulnerability: http://bit.ly/C_CrackAttack http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computer Science at the University of Nottingham: http://bit.ly/nottscomputer Computerphile is a sister project to Brady Haran's Numberphile. More at http://www.bradyharan.com
Views: 471098 Computerphile
Blockchain tutorial 3: Hash
 
05:09
This is part 3 of the Blockchain tutorial explaining what hashes are. In this video series different topics will be explained which will help you to understand blockchain. Bitcoin released as open source software in 2009 is a cryptocurrency invented by Satoshi Nakamoto (unidentified person or group of persons). After the introduction of Bitcoin many Bitcoin alternatives were created. These alternate cryptocurrencies are called Altcoins (Litecoin, Dodgecoin etc). Bitcoin's underlying technology is called Blockchain. The Blockchain is a distributed decentralized incorruptible database (ledger) that records blocks of digital information. Each block contains a timestamp and a link to a previous block. Soon people realises that there many other use cases where the Blockchain technology can be applied and not just as a cryptocurrency application. New Blockchain platforms were created based on the Blockchain technology, one of which is called Ethereum. Ethereum focuses on running programming code, called smart contracts, on any decentralized application. Using the new Blockchain platforms, Blockchain technology can be used in supply chain management, healthcare, real estate, identity management, voting, internet of things, etcetera, just to name a few. Today there is a growing interest in Blockchain not only in the financial sector but also in other sectors. Explaining how Blockchain works is not easy and for many the Blockchain technology remains an elusive concept. This video series tries to explain Blockchain to a large audience but from the bottom up. Keywords often used in Blockchain conversation will be explained. Each Blockchain video is short and to the point. It is recommended to watch each video sequentially as I may refer to certain Blockchain topics explained earlier. Check out all my other Blockchain tutorial videos https://goo.gl/aMTFHU Subscribe to my YouTube channel https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: http://www.mobilefish.com/developer/blockchain/blockchain_quickguide_tutorial.html #mobilefish #blockchain #bitcoin #cryptocurrency #ethereum
Views: 14918 Mobilefish.com
Understanding And Managing Entropy Usage
 
55:33
by Bruce Potter & Sasha Wood As security and privacy concerns become an above the fold concern for the public at large and enterprises continue to grapple with targeted intrusions, cryptography is becoming a ubiquitous and necessary characteristic of modern IT systems. While the primitives and core algorithms are well understood, there are still numerous concerns regarding properly encrypting data that transcend decisions such as public vs. private key or key length. Underlying nearly every modern cryptosystem is the need to have cryptographically strong random numbers. Key generation and inclusion of nonces to prevent replay are two areas where lack of quality random numbers can completely destroy the security provided by the underlying cryptosystem. For decades, we have used Pseudo Random Number Generators (PRNGs) as a surrogate for truly random numbers. While these PRNGs have been generally sufficient for historic cryptographic usage, they are only as good as their underlying entropy source. With advances, such as Perfect Forward Secrecy in TLS (and its wide scale deployment), entropy usage has skyrocketed. Unfortunately, enterprises dont have any understanding of their entropy requirements and entropy usage in the systems we use every day. How much entropy does an OpenSSL PFS transaction actually use? What are the sources of entropy used in your front line webservers? How does entropy creation vary in different versions of Linux? These are all important questions with no clear answer. This talk aims to shine light on the core concerns of entropy creation and entropy utilization. We have analyzed a wide variety of systems, including different versions of the Linux and FreeBSD kernel, OpenSSL, OpenSSH, OpenVPN, and other crypto systems and documented their requirements for random numbers and required amount of entropy to function correctly. The team will also present findings entropy consumption for a variety of TLS modes including the impact of PFS. We will also present analysis of the quality and quantity of entropy sources available on common desktop, laptop, server, and mobile hardware. Finally, the team will also release the first version of our open source software, libentropy, that provides a unified interface for OpenSSL to manage sources of entropy and report status of entropy creation and utilization.
Views: 872 Black Hat
IOTA tutorial 3: IOTA Seed
 
08:53
If you like this video and want to support me, go this page for my donation crypto addresses: https://www.youtube.com/c/mobilefish/about This is part 3 of the IOTA tutorial. In this video series different topics will be explained which will help you to understand IOTA. It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier. An IOTA seed is 81 characters long and only consists of the latin alphabet characters and the number 9: ABCDEFGHIJKLMNOPQRSTUVWXYZ9 The characters A-Z are all upper case. With the seed the IOTA wallet can generate corresponding addresses. Each specific seed generate addresses belonging to the seed. An IOTA seed looks like: C9RQFODNSAEOZVZKEYNVZDHYUJSA9QQRCUJVBJD9KHAKPTAKZSNNKLJHEFFVK9AWVDAUJRYYKHGWQIAWT According to the official IOTA knowledge base: https://kb.helloiota.com/KnowledgebaseArticle50005.aspx you can use the following methods to generate IOTA seeds: - Linux Operating System: Open a terminal and enter the following command: cat /dev/urandom |tr -dc A-Z9|head -c${1:-81} - Mac Operating System: Open a terminal and enter the following command: cat /dev/urandom |LC_ALL=C tr -dc 'A-Z9' | fold -w 81 | head -n 1 The function /dev/urandom creates cryptographically random numbers by gathering random data for example environmental noise (entropy) from device drivers, network packet timings and other sources into an entropy pool. The data from the entropy pool is used as input for the Cryptographically Secure PseudoRandom Number Generator (CSPRNG) This generator will generate the random numbers. urandom means unlimited random On the Mac there is no difference between /dev/random and /dev/urandom, both behave identically. On Linux systems there are differences between /dev/random and /dev/urandom. In this presentation these differences will not be discussed. Another solution the IOTA knowledge base recommends to generate an IOTA seed is using this web application: https://ipfs.io/ipfs/QmdqTgEdyKVQAVnfT5iV4ULzTbkV4hhkDkMqGBuot8egfA The source code for this seed generator can be found at: https://github.com/knarz/seedgen The knarz/seedgen uses the Stanford Javascript Crypto Library. This library can be found at: https://github.com/bitwiseshiftleft/sjcl More information about this library can be found at: http://bitwiseshiftleft.github.io/sjcl/ http://bitwiseshiftleft.github.io/sjcl/doc The Stanford Javascript Crypto Library (SJCL) is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. The SJCL library is used in many web applications. If you want to use the web application to generate an IOTA seed do the following: - Goto https://ipfs.io/ipfs/QmdqTgEdyKVQAVnfT5iV4ULzTbkV4hhkDkMqGBuot8egfA and save the webpage locally on your computer. - Disconnect your computer from the Internet (disable WiFi, or remove your Ethernet cable) - Open the webpage and move your mouse until its reaches 100% - Store your IOTA seed in a secure location. You should NEVER create an IOTA seed by entering 81 characters (A-Z9) yourself on a keyboard. You should NEVER create an IOTA seed using an web application while you are online. You should NEVER use unknown IOTA seed generators. Use the seed generators recommended by the official IOTA knowledge base: https://kb.helloiota.com/KnowledgebaseArticle50005.aspx There are several online IOTA seed generators which do not generate Cryptographically Secure Random Numbers which means there is big chance someone else can generate the same seed as you have. Check out all my other IOTA tutorial videos https://goo.gl/aNHf1y Subscribe to my YouTube channel: https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html #mobilefish #howto #iota
Views: 11170 Mobilefish.com
Blockchain tutorial 2: Random numbers
 
03:06
This is part 2 of the Blockchain tutorial explaining what random numbers are. In this video series different topics will be explained which will help you to understand blockchain. Bitcoin released as open source software in 2009 is a cryptocurrency invented by Satoshi Nakamoto (unidentified person or group of persons). After the introduction of Bitcoin many Bitcoin alternatives were created. These alternate cryptocurrencies are called Altcoins (Litecoin, Dodgecoin etc). Bitcoin's underlying technology is called Blockchain. The Blockchain is a distributed decentralized incorruptible database (ledger) that records blocks of digital information. Each block contains a timestamp and a link to a previous block. Soon people realises that there many other use cases where the Blockchain technology can be applied and not just as a cryptocurrency application. New Blockchain platforms were created based on the Blockchain technology, one of which is called Ethereum. Ethereum focuses on running programming code, called smart contracts, on any decentralized application. Using the new Blockchain platforms, Blockchain technology can be used in supply chain management, healthcare, real estate, identity management, voting, internet of things, etcetera, just to name a few. Today there is a growing interest in Blockchain not only in the financial sector but also in other sectors. Explaining how Blockchain works is not easy and for many the Blockchain technology remains an elusive concept. This video series tries to explain Blockchain to a large audience but from the bottom up. Keywords often used in Blockchain conversation will be explained. Each Blockchain video is short and to the point. It is recommended to watch each video sequentially as I may refer to certain Blockchain topics explained earlier. Check out all my other Blockchain tutorial videos https://goo.gl/aMTFHU Subscribe to my YouTube channel https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: http://www.mobilefish.com/developer/blockchain/blockchain_quickguide_tutorial.html #mobilefish #blockchain #bitcoin #cryptocurrency #ethereum
Views: 8597 Mobilefish.com
Diffie Hellman Key Exchange Algorithm | Complete Working with Diagram & Example
 
13:43
In this video tutorial we will study and understand the working of Diffie-Hellman Key exchange algorithm. Symmetric Key Echange Problem - 1. Key exchange solution is not fool proof or is not practically possible. 2. This problem is called as key distribution or key exchange problem. 3. It is inherently linked with the symmetric key cryptography Diffie-Hellman Key Exchange/ Agreement Algorithm - 1. Two parties, can agree on a symmetric key using this technique. 2. This can then be used for encryption/ decryption. 3. This algorithm can be used only for key agreement, but not for encryption or decryption. 4. It is based on mathematical principles Diffie Hellman Algorithm Steps - 1. Firstly Alice and Bob mutually agree on 2 large prime numbers, n & g. These 2 numbers need not be kept secret. 2. Alice chooses another large random number x(private to her) and calculates A such that A = g^x mod n. 3. Alice sends this number A to Bob. 4. Bob independently chooses another large random number y(private to him) and calculates B such that B = g^y mod n. 5. Bob sends this number B to Alice. 6. Alice now computes her private key value K1 as: K1 = B^x mod n. 7. Bob computes his private key value K2 as: K2 = A^y mod n. 8. K1 == K2 (key exchange done successfully) Complete Network Security / Information Security Playlist - https://www.youtube.com/watch?v=IkfggBVUJxY&list=PLIY8eNdw5tW_7-QrsY_n9nC0Xfhs1tLEK Download my FREE Network Security Android App - https://play.google.com/store/apps/details?id=com.intelisenze.networksecuritytutorials Simple Snippets Official Website - http://simplesnippets.tech/ Simple Snippets on Facebook - https://www.facebook.com/simplesnippets/ Simple Snippets on Instagram - https://www.instagram.com/simplesnippets/ Simple Snippets on Twitter - https://twitter.com/simplesnippet Simple Snippets Google Plus Page - https://plus.google.com/+SimpleSnippets Simple Snippets email ID - [email protected] For More Technology News, Latest Updates and Blog articles visit our Official Website - http://simplesnippets.tech/
Views: 2087 Simple Snippets
Authentication Tokens, Types pf Tokens – Challenge/Response and Time Based Tokens
 
11:11
User Authentication - Authentication Tokens, Types pf Tokens – Challenge/Response and Time Based Tokens Keywords: Authentication Tokens in Security Token based Password Management Challenge/Response Based Token Time Based Token Network Security Notes
34C3 -  Uncovering vulnerabilities in Hoermann BiSecur
 
51:36
https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur An AES encrypted radio system Hoermann BiSecur is a bi-directional wireless access control system “for the convenient and secure operation of garage and entrance gate operators, door operators, lights […]” and smart home devices. The radio signal is AES-128 encrypted and the system is marketed to be “as secure as online banking”. In comparison to conventional and often trivial to break wireless access control systems, the system should thus make it practically infeasible to clone a genuine transmitter so that attackers can get unauthorized access. We used the low-cost CCC rad1o software defined radio (SDR) platform to intercept and analyze the wireless radio signal. We took apart several Hoermann BiSecur hand transmitters and subsequently utilized a vulnerability in the microcontroller to successfully extract the firmware. In order to conduct a security audit, the extracted firmware was disassembled and analyzed so that the encryption mechanism, the key material, the cryptographic operations as well as the RF interface could be reverse engineered. Our security analysis shows that the overall security design is sound, but the manufacturer failed to properly initialize the random seed of the transmitters. As a result, an attacker can intercept an arbitrary radio frame and trivially compute the utilized encryption key within less than a second. Once the key is known to the attacker, a genuine transmitter can be cloned with an SDR platform such as the CCC rad1o. In addition to unauthorized operation of gates and doors, there is a likely (although currently untested) impact on Smart Home appliances that use the BiSecur system. We tested a total of 7 hand transmitters from 3 different model series and with manufacturing dates between 2015 and 2017. All analyzed hand transmitters shared the same static random seed and were found to be vulnerable to our attack. The vulnerability can easily be fixed so that future hand transmitters and radio transmission are protected from our attack. In our CCC talk we plan to give a step-by-step presentation on how we analyzed and subsequently broke the Hoermann BiSecur system. This includes the following topics: - Overall system overview - Radio signal analysis with the CCC rad1o SDR platform - Reverse engineering of the radio signal - Hardware analysis of BiSecur transmitters - Firmware extraction from the microcontroller by exploiting a security flaw in the PIC18F controller - Firmware disassembly and reverse engineering with IDA Pro - Analysis results providing a technical overview of how the BiSecur system operates including the encryption scheme (with AES-128 at its core) and RF operations - Presentation of our attacks (signal cloning of genuine transmitters) - Live-Hacking Demo with the CCC rad1o SDR platform - Suggested security fix Markus Muellner Markus Kammerstetter https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9029.html
Views: 1243 media.ccc.de
Bugs in Crypto Implementations
 
36:12
Whether it’s by email, text, or social media platform, the average person will send over 60 messages per day—that's 22,000 messages per year. With billions of messages sent around the world each day, how can you be sure that your messages are safe and secure? Join professor Dan Boneh, one of the world’s leading experts of applied cryptography and network security, in this breakdown of vulnerabilities in WEP and iMessage. This presentation is brought to you by the Stanford Computer Forum and the Stanford Advanced Computer Security Program. If you would like information on how to join the forum and attend the next meeting, see our website: http://forum.stanford.edu/about/howtojoin.php.
Views: 1715 stanfordonline
Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
 
14:09
Terrible DPA explanation and sharing my experience solving the side channel analysis challenge "piece of scake" from the rhme2 CTF. A real DPA tutorial by Colin O'Flynn: https://www.youtube.com/watch?v=OlX-p4AGhWs The ChipWhisperer AES tutorial: http://www.newae.com/sidechannel/cwdocs/tutorial.html ChipWhsiperer: http://newae.com/tools/chipwhisperer/ The DPA paper: https://www.rambus.com/introduction-to-differential-power-analysis-and-related-attacks/ rhme2 challenge files: https://github.com/Riscure/Rhme-2016 -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #HardwareSecurity
Views: 40242 LiveOverflow
Merkle Tree | Merkle Root | Blockchain
 
02:31
Editing Monitors : https://amzn.to/2RfKWgL https://amzn.to/2Q665JW https://amzn.to/2OUP21a. Check out our website: http://www.telusko.com Follow Telusko on Twitter: https://twitter.com/navinreddy20 Follow on Facebook: Telusko : https://www.facebook.com/teluskolearn... Navin Reddy : https://www.facebook.com/navintelusko Follow Navin Reddy on Instagram: https://www.instagram.com/navinreddy20 Subscribe to our other channel: Navin Reddy : https://www.youtube.com/channel/UCxmk... Telusko Hindi : https://www.youtube.com/channel/UCitz... Donation: PayPal Id : navinreddy20 Patreon : navinreddy20 http://www.telusko.com/contactus
Views: 5215 Telusko
What is a Merkle Tree?
 
07:06
https://GeorgeLevy.com/Free presents: In this video, I answer a question from one of the students of the Blockchain Bitcoin Fundamentals course. His question is "What is a Merkle Tree?" In this lesson, taken from the course, you will see what is a Merkle Tree as well as a Merkle Root, and how they are an integral part of the Bitcoin blockchain. Learn more about blockchain and Bitcoin with the Blockchain and Bitcoin Fundamentals course found at the following link: http://BlockchainandBitcoinFundamentals.com For more information on the Blockchain Institute of Technology and available courses, visit: https://BlockchainInstituteofTechnology.com Sign up to receive FREE video lessons from George Levy's paid blockchain, Bitcoin and cryptocurrency courses at: https://GeorgeLevy.com/Free
Views: 1203 George Levy
Global Crypto Lottery
 
01:42
BlockChain Powered Fair and Transparent Lottery Management System Non-Rigged RNG System underpinned by ETH based Smart Contracts.
Views: 33 Global Cash Lotto
Cbc Initialization Vector Solution - Applied Cryptography
 
02:26
This video is part of an online course, Applied Cryptography. Check out the course here: https://www.udacity.com/course/cs387.
Views: 5730 Udacity
IOTA tutorial 1: What is IOTA and some terminology explained
 
15:38
If you like this video and want to support me, go this page for my donation crypto addresses: https://www.youtube.com/c/mobilefish/about Update: In this video i mentioned Curl and the vulnerability found in this algorithm. However it seems that this is NOT correct. Please read: https://blog.iota.org/official-iota-foundation-response-to-the-digital-currency-initiative-at-the-mit-media-lab-part-1-72434583a2 This is part 1 of the IOTA tutorial. In this video series different topics will be explained which will help you to understand IOTA. It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier. IOTA is not an acronym for Internet of Things, (IoT) but it just mean something very small. David Sønstebø, Sergey Ivancheglo, Dominik Schiener and Serguei Popov founded IOTA in 2015. IOTA Foundation main focus is Internet of Things and the Machine Economy but this technology is well suited for payments between humans as well. The IOTA white paper can be found at: https://iota.org/IOTA_Whitepaper.pdf All IOTA's which will ever exist have already been created.  The total IOTA supply is: 2,779,530,283,277,761 IOTAs IOTA features - Scalability The network becomes stronger when the number of transactions increases. IOTA can achieve high transaction throughput. - Decentralisation IOTA has no miners. Every transaction maker is also a transaction validator which means every transaction maker actively participates in the consensus. - No transaction fees IOTA has no transaction fees which means IOTA can be used for micropayments. - Quantum computing protection Quantum computers will be able to crack current data encryption methods much faster than current classical computers. IOTA uses the Winternitz One-Time Signature Scheme which is a quantum-resistant algorithm. See: https://eprint.iacr.org/2011/191.pdf IOTA is the 3rd generation public permissionless distributed ledger, based on a Directed Acyclic Graph (DAG). IOTA called this DAG the tangle. The tangle is NOT the same as the Blockchain. A tangle is a data structure based on Directed Acyclic Graph (DAG). Each transaction always validates 2 previous non validated transactions. Directed means the graph is pointing to one direction. Tips are the unconfirmed transactions in the tangle graph. Height is the length of the longest oriented path to the genesis. Depth is the length of the longest reverse-oriented path to some tip. Making a transaction is a 3 step process: - Signing: Your node (computer / mobile) creates a transaction and sign it with your private key. - Tip Selection: Your node chooses two other unconfirmed transactions (tips) using the Random Walk Monte Carlo (RWMC) algorithm. - Proof of Work: Your node checks if the two transactions are not conflicting. Next, the node must do some Proof of Work (PoW) by solving a cryptographic puzzle (hashcash). Hashcash works by repeatedly hashing the same data with a tiny variation until a hash is found with a certain number of leading zero bits. This PoW is to prevent spam and Sybil attacks. The goal of the Random Walk Monte Carlo algorithm is to generate fair samples from some difficult distribution. The Random Walk Monte Carlo (RWMC) algorithm is used in two ways: - To choose two other unconfirmed transactions (tips) when creating a transaction. - And to determine if a transaction is confirmed. To determine the confirmation level of your transaction we need the depth to start from and we execute the Random Walk Monte Carlo algorithm N times, the probability of your transaction being accepted is therefore M of N. M being the number of times you land on a tip that has a path to your transaction. If you execute RWMC 100 times, and 60 tips has a path to your transaction, than your transaction is 60% confirmed. It is up the the merchant to decide to accept the transaction and exchange goods. It is the same as Bitcoins where you want to wait for at least 6 blocks for high value transactions. Transactions with bigger depths takes longer to be validated. An IOTA Reference Implementation (IRI), wallet and libraries are available at: https://github.com/iotaledger To setup a full node you need to tether with neighbours by exchanging your ip address with theirs. Once you have sent a transaction from an address, you should never use this address again. A tangle can get branch off and back into the network. This is called partitioning. The Coordinator or ‘Coo’ for short, are several full nodes scattered across the world run by the IOTA Foundation. It creates zero value transactions called milestones which full nodes reference to. Check out all my other IOTA tutorial videos https://goo.gl/aNHf1y Subscribe to my YouTube channel: https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html #mobilefish #howto #iota
Views: 36083 Mobilefish.com
Proof of concept of GCM nonce reuse attack against visa.dk
 
00:12
This video shows a script injection attack on the HTTPS version of www.visa.dk. This is possible due to a GCM nonce reuse vulnerability. The attack code and a research paper explaining the attack can be found here: https://github.com/nonce-disrespect/nonce-disrespect
Views: 7807 Hanno Böck
NTLM - CompTIA Security+ SY0-401: 6.2
 
04:04
Security+ Training Course Index: http://professormesser.link/sy0401 Professor Messer’s Course Notes: http://professormesser.link/sy0401cn Frequently Asked Questions: http://professormesser.link/faq - - - - - NTLM has been used to encrypt user authentication details in the Microsoft operating systems. In this video, you’ll learn about the history of NTLM and how the password information was stored in Windows. - - - - - Download entire video course: http://professormesser.link/401adyt Get the course on MP3 audio: http://professormesser.link/401vdyt Subscribe to get the latest videos: http://professormesser.link/yt Calendar of live events: http://www.professormesser.com/calendar/ FOLLOW PROFESSOR MESSER: Professor Messer official website: http://www.professormesser.com/ Twitter: http://www.professormesser.com/twitter Facebook: http://www.professormesser.com/facebook Instagram: http://www.professormesser.com/instagram Google +: http://www.professormesser.com/googleplus
Views: 28870 Professor Messer
OAuth 2.0 “state” parameter used for security purposes
 
03:58
In that video I explain usage of the "state" parameter of the OAuth 2.0 authorization request for security purposes.
Views: 1193 Łukasz Makuch
Reverse engineering PopUnder trick for Chrome 60
 
13:46
Reversing obfuscated JavaScript of a pop-under technique for Google Chrome version 60 on Windows. Chrome 60 Mac: https://bugs.chromium.org/p/chromium/issues/detail?id=752630 Chrome 60 Windows: https://bugs.chromium.org/p/chromium/issues/detail?id=752824 -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #ReverseEngineering
Views: 46733 LiveOverflow
The Eleventh HOPE (2016): "Stealing Bitcoin with Math"
 
51:28
Saturday, July 23, 2016: 8:00 pm (Lamarr): Bitcoin is the best thing that ever happened to bored applied cryptographers: it’s a public database of keys and signatures made by quickly developed software that, when broken, drops money as if it was loot. This talk will look at mistakes old and new that enabled attacks: from ECDSA repeated nonces to using Math.random to make keys, from double spending and transaction malleability to crappy brainwallets. The bad news is that most vulnerable wallets were emptied a long time ago. The good news is that we get to look at how (and how fast) “cryptocriminals” operate in the process. In any case, new tools that implement some of the attacks will be demoed and released. No need to be a Bitcoin or crypto wizard - everything you need in order to understand what those poor victims didn’t will be explained. Filippo Valsorda, Ryan Castellucci
Views: 17783 Channel2600
Crypto currency introduction - conversion from coin to US dollar
 
16:45
This video will explain the connection between crypto currencies and the US dollar. It will demonstrate how to convert crypto currencies (bitcoin, doge coin, LTC) to US dollars. Two ways of acquiring crypto currency are to buy it or mine it. To buy bitcoin: 1. Create a Coinbase account: https://coinbase.com/?r=5330409e9d87bd350200011b&utm_campaign=user-referral&src=referral-link To mine coins: 1. Create a Coinbase account: https://coinbase.com/?r=5330409e9d87bd350200011b&utm_campaign=user-referral&src=referral-link 2. Create a mining pool account https://scryptguild.com 3. Install mining program http://sourceforge.net/projects/cpuminer/files/?source=navbar Make sure the mining program connects to your mining pool account, make sure the mining pool account connects to the Coinbase account. Finally, connect your checking account to the Coinbase account. Investor.gov https://twitter.com/smProf/status/464789256092016640 Contents of the mine.sh program: ################################## # Coin mining program runs a cryptographic hashing function For each new hash, the mining software will use a different number as the random element of the block header, this number is called the nonce. # # # 1. Collects transactions from the network # 2. Validates them, and doesn't allow conflicting ones # 3. Puts them into large bundles called blocks # 4. Computes cryptographic hashes over and over until if finds one "good enough to count" # 5. Then submits the block to the network, adding it to the block chain and earning a reward in return. ./minerd -a scrypt -o stratum+tcp://stratum.scryptguild.com:3333 -u smachaje -p 4559 by Szymon Machajewski
Views: 1738 Szymon Machajewski
IOTA tutorial 6: Why you should not reuse an address for outgoing transactions
 
07:51
If you like this video and want to support me, go this page for my donation crypto addresses: https://www.youtube.com/c/mobilefish/about This is part 6 of the IOTA tutorial. In this video series different topics will be explained which will help you to understand IOTA. It is recommended to watch each video sequentially as I may refer to certain IOTA topics explained earlier. Digital signatures are used for authentication, integrity checking and non-repudiation.  Development of quantum computers threatens the security of currently used digital signature algorithms such as Rivest–Shamir–Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). Cryptographers developed a variety of quantum-resistant alternatives of which hash based signatures are the most promising. Hash based signatures are based on so called One Time Signatures (OTS). The term implies that a single public/private key pair must only be used once. Otherwise, an attacker is able to reveal more parts of the private key and spoof signatures. In 1979 Leslie Lamport created a method to construct digital signatures using only cryptographically secure one way hash functions. This method is called the Lamport signature or Lamport One Time Signature (OTS) scheme. Other One Time Signature schemes are the Merkle OTS and Winternitz OTS. The Lamport One Time Signature scheme is very easy to understand and is VERY LOOSELY comparable to Winternitz OTS. For simplicity's sake I will be using the Lamport One Time Signature scheme explaining why you should never reuse an IOTA address for outgoing transactions. Alice uses a random number generator and produces two pairs of 256 random numbers, total 512 numbers. Each random number is 256 bits in size. These random numbers forms the private key. Each of the 512 random numbers are separately hashed, using for example SHA-256. These hashed random numbers forms the public key. Alice has a document (or transaction data) which is hashed using SHA-256. The document hash is of course 256 bits long: 101..011 Alice wants to create a digital signature for her document. She applies the following procedure: - Loop thru each bit (n) of the hash from 0-255. - If the bit is a 0, publish the nth number from pair 0. - If the bit is a 1, publish the nth number from pair 1. - When all bits are looped, destroy all unused numbers from pair 0 and 1. This produces a sequence of 256 random numbers. The digital signature is a sequence of 256 random numbers. After the digital signature is created, delete all unused numbers from the private key. The digital signature consist half of the private key, the other 256 random numbers are still unknown and thus nobody can create signatures that fit other message hashes. Alice sends her document, together with the corresponding digital signature and public key to Bob. Bob wants to verify Alice's document signature. He first hashes the document using SHA-256. The document hash is again: 101..011 Bob follows the same steps when Alice created the digital signature, but instead uses the public key. Bob produces a sequence of 256 hashes picked from Alice's public key. Bob now hashes each of the random number in the digital signature. If both sequence of hash numbers match then the signature is ok. The Lamport signature creates a digital signature which reveals part of the private key. The private key has 512 numbers and using it once will reveal 256 numbers. Using the private key twice weakens the security of the scheme again by half. The probability of an attacker being able to successfully forge a signature for a given message increases from 1/(2^256) to 1/(2^128). A third signature using the same key would increase the probability of a successful forgery to 1/(2^64) and a fourth signature to 1/(2^32), and so on. Please note IOTA's signature scheme is based on the Winternitz One Time Signature (WOTS) scheme and is NOT the same as the Lamport signature scheme. However by using the Lamport One Time Signature scheme I am trying to give you a very simplistic understanding why you should never reuse an IOTA address for outgoing transactions. Check out all my other IOTA tutorial videos: https://goo.gl/aNHf1y Subscribe to my YouTube channel: https://goo.gl/61NFzK The presentation used in this video tutorial can be found at: https://www.mobilefish.com/developer/iota/iota_quickguide_tutorial.html #mobilefish #howto #iota
Views: 5655 Mobilefish.com