List of ressources and documents

Ordered by chronological order (oldest first)

• source code – win32 binary – rtgen-mt a multi-threaded rainbow tables generator based on rtgen
• nt_crack_cell-0.2.tar.bz2 – NTLM-MD4 Cell BE. implementation
• source code – tutorial – C++ implementation of Keyczar
• openssl-attacks.html – unmaintained list of cryptographic attacks against OpenSSL
• curve25519p/smult.c – secret key randomization for Curve25519
• ecdsa_25519.py – Curve25519 ECDSA signature
• python-oauth-timing-hmac.pdf – Python OAuth implementation flaws
• wcurve – documentation – Python EC arithmetic on Weierstraß curves, also implements infective computations techniques
• jpake-session-key-retrieval.pdf – Small subgroup confinement issue with session key retrieval in the J-PAKE implementations of OpenSSL and OpenSSH
  • openssl-jpake.tar.gz – OpenSSL demo source code
  • openssh-jpake.tar.gz – OpenSSH demo source code
  • CVE-2010-4252 – advisory – commit – OpenSSL's advisory and fix written by OpenSSL's team
  • CVE-2010-4478 – commit/jpake.c – commit/schnorr.c (1) – commit/schnorr.c (2) – diff/jpake.c – diff/schnorr.c (1) – diff/schnorr.c (2) – fix written by OpenSSH's team
  • clipperz_srp_flaws.user.js – Greasemonkey script demonstrating various Clipperz flaws whose this small subrgoup confinement issue in its SRP implementation
• ec_infinity.c – related commit written by OpenSSL's team (is it fixing all these issues though? haven't found time to review it yet) – issues in OpenSSL's handling of point at infinity in EC code
• challenge_nginx – solution – a short crypto challenge targetting a modified version of Nginx