The Wrong Number Attack
XMPP is federated, similar to email, which means different domains can connect to each other. Back in the early days, when a server initiated a connection to a server, the initiating server could be reasonably sure it connected to the right place as it resolved the DNS records (remember, it’s 1999). But the receiving server has no guarantee on whether the incoming connection was actually from the domain it claimed.
Read moreDecember 28, 2015
Common DH groups
To deal with the logjam attack, I was looking for a set of all “common” Diffie-Hellman parameters to update xmpp.net, yet I wasn’t able to find those easily. Even just searching for the hexadecimal representation of commonly encounted primes often didn’t lead to the document they were specified. Here I’m documenting those that I found and where they are from.
Read moreDecember 18, 2015
Out with octopress, in with Hakyll
As you can see, the layout of this blog has changed. I was updating this blog so little, every time I did Ruby had broken everything (or so it felt like). I don’t like the idea of having to learn Ruby or gem to blog, so I’ve decided to switch to something else.
Read moreApril 17, 2015
Validate the encoding before passing strings to libcurl or glibc
Lets start with a simple example in php:
setlocale(LC_ALL, "nl_NL.UTF-8");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_GET["url"]);
curl_exec($ch);
This code is broken, can you tell how?
Read moreJanuary 23, 2015
Multi-end to multi-end encryption
It’s a week until the XMPP Summit in Brussels, which I won’t be able to attend. However, I do have some thoughts about two of the subjects that are on the agenda that I wanted to share.
Carbons/MAM and e2e-encryption seem to be moving in two completely opposite directions: MAM wants to store messages server-side, while e2e protocols like OTR want to ensure those stored messages are useless. But I don’t think they’d have to be mutually exclusive. I think it would be possible to find a solution that unifies the two concepts.
Read moreRecent posts
- The Wrong Number Attack
- Common DH groups
- Out with octopress, in with Hakyll
- Validate the encoding before passing strings to libcurl or glibc
- Multi-end to multi-end encryption
Copyright © 2024 - Thijs Alkemade
Site proudly generated by Hakyll.