Crypto Pet Peeves: Hashing…Encoding…It’s All The Same, Right?
Patrick Toomey © 2008 Neohapsis We all know cryptography is hard. Time and time again we in the security community give advice that goes something like, “Unless you have an unbelievably good reason for...
View ArticleHulu…client-side “encryption”…seriously?
By: Patrick Toomey I remember being pretty excited by the prospect of a service like Hulu. The idea that major networks were actually coming together to stream mainstream video content was...
View ArticleEven if You Don’t Invent Your Own Crypto….It’s Still Hard
By: Patrick Toomey So, yet another crypto related post. Often times crypto related attacks fall on deaf ears, as for most people crypto is like magic (include me in that group every now and again),...
View ArticleJava Cisco Group Password Decrypter
By Patrick Toomey For whatever reason I have found myself needing to “decrypt” Cisco VPN client group passwords throughout the years. I say “decrypt” , as the value is technically encrypted using...
View Article“Researchers steal iPhone passwords in 6 minutes”…true…but not the whole story
By Patrick Toomey Direct link to keychaindumper (for those that want to skip the article and get straight to the code) So, a few weeks ago a wave of articles hit the usual sites about research that...
View ArticlePass the iOS Privacy Salt – Hashing Does NOT Guarantee Privacy.
By Michael Pearce, Neohapsis & Neolabs There has been a lot of concern and online chatter about iPhone/mobile applications and the private data that some send to various parties. Starting with the...
View Article