IT security and cryptography. PhD from @muni_cz and @CaFoscari. Previously postdoc at @liu_universitet. Co-author of ROCA vulnerability & RSA key biases.
1) Disclosure of ECDSA implementation vulnerabilities in cryptographic smartcards and libraries https://t.co/QunOoBDMIN. Leakage of random nonce length enough for full recovery of EC private key after observing a few hundred to a few thousands of signatures.
Stefano on the stage presenting "Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem" at #SP19@IEEESSP The full paper, talk preview video and main findings are available at https://t.co/pCWfV53f12
Happy to announce that our paper "Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem" has been accepted at #SP19 (Oakland)! Joint work with @SteCalza85 @rfocardi@MatusCrypto@alvisee More info at https://t.co/pCWfV5kQpC @IEEESSP
The online ad tech industry has created an extraordinarily invasive surveillance infrastructure that threatens our democracy. But the most tragic thing is how little has been gained—how poorly ad tech works despite all the data.
Congrats to our @MatusCrypto who just scored 2nd place at @CsawEurope Applied Research Competition for #ROCA paper (factorable RSA keys from smartcards, eID, TPMs...) 🍾 See poster here: https://t.co/ndFHr7Mp4O, all details here: https://t.co/ZgGZ4QfKbo
Congrats to our @MatusCrypto who just scored 2nd place at @CsawEurope Applied Research Competition for #ROCA paper (factorable RSA keys from smartcards, eID, TPMs...) 🍾 See poster here: https://t.co/ndFHr7Mp4O, all details here: https://t.co/ZgGZ4QfKbo
Sidepane for a slide I did explaining polynomial multiplication (Schoolboy, Karatsuba, Toom-Cook, NTT). You can do this with XeLaTeX and DejaSans font.
My @ruhrsec talk at #ROCA vulnerability allowing practical factorization of RSA keys from Infineon smartcards now available https://t.co/4RNMM0jg3y Make sure to see other talks as well! https://t.co/E5ZCcFuB2R
Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk! 🙄
5.2MB → 500KB
Tým #CRoCS#fimuni je na světové špičce v oblasti informatické bezpečnosti a kryptografie, mimo jiné díky objevu bezpečnostní chyby v čipech v občanských průkazech několika států. Zasloužili si tak i ocenění rektora Mikuláše Beka. https://t.co/UX2X1bU3ml
Estonian RIA practically factorized real 2048b RSA #ROCA vulnerable key (CVE-2017-15361) of one of EE eID program leaders and decrypted his encrypted file. Took few months and electricity cost was "a couple of thousands of euros" (article behind paywall) https://t.co/0WT439Z8pb
Come to our member M. Ukrop's talk at Cryptographers track at @RSAConference: "Why Johnny the Developer Can’t Work with Public Key Certificates: An Experimental Study of OpenSSL Usability" All details here: https://t.co/zchKpQBSXV #usablesecurity
Want to freak yourself out? I'm gonna show just how much of your information the likes of Facebook and Google store about you without you even realising it
We will continue to protect #NetNeutrality in Europe, ensuring that all traffic is treated equally:
→ Every European must be able to have access to the #openinternet
→ No blocking or discrimination of online content, applications and services
https://t.co/dSUM6wYwhu
Our paper with measurement of popularity of #crypto libraries now available https://t.co/2l2zFkt7W2 online. All tools also available https://t.co/fVKQ8lJzcc thx @ACSAC_Conf for Artifact Evaluation Initiative! Going to be presented by @MatusCrypto soon
I put part of the #ROCA attack on exam for 1st year master students
https://t.co/xpFMuEcvin Under stress and time pressure several students noticed how massively reduced the key space is (we didn't do the Coppersmith part). Really must move to other RSA prime generation or ECC.
#EMV banking chipcards also contain RSA keys but normally shouldn't be affected by #ROCA vulnerability. I wrote a small app to check public keys over #NFC: https://t.co/Xm3c6oslM2 #security#Banking