Skip to content

Instantly share code, notes, and snippets.

@mrdrozdov

mrdrozdov/encryption-badasses.md

Created April 15, 2016 15:03
Show Gist options
  • Save mrdrozdov/abf39984a918e47273f0aba394981bf3 to your computer and use it in GitHub Desktop.
Save mrdrozdov/abf39984a918e47273f0aba394981bf3 to your computer and use it in GitHub Desktop.
Download ZIP
encryption-badasses.txt
Raw
encryption-badasses.md

Following up with encryption.

Here's my favorite prof from michigan who is an encryption badass: https://jhalderm.com/

He's done a lot of cool stuff including hacking a voting machine so that it plays the the michigan fight song every time someone votes. He's actually done quite a bit of stuff with electronic voting machines (EVMs).

Nadia Heninger is also pretty sweet. She's done work w Halderman before: https://www.cis.upenn.edu/~nadiah/

She's also been known as the chuck norris of cryptography, but it looks like some of the more entertaining tweets were deleted: http://techcrunch.com/2013/01/12/nadia-heninger-is-watching-you/

To give some more context why she has this reputation (in a super vague way), she once did a project where she essentially scanned the internet for a lot of wifi routers (this sort of thing is somewhat typical for crypto research), and discovered that a lot of the routers (something close to 1% of all the ones that were checked or 100k) had the same key. They had the same key since sometimes the hardware had a bug in how random numbers were generated, and generating random number is how these routers create their keys. Long story short, after this discovery she could literally decrypt "encrypted" network traffic by hand, and I actually saw her do this during a talk at michigan. Here's that paper but it's a little dense: https://factorable.net/weakkeys12.extended.pdf

Here's a more detailed article about what her and Halderman think of the NSA: https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

~ Andrew

PS. I said wifi router, but really what was scanned was "hosts". A host is anything that connects to the internet and can listen for requests (like someone typing a url in their browser and pressing enter). There's various ways to find all the hosts out there. For one, in order to start accepting requests, a host needs to register and gets an IP address. You could literally keep guessing through IP addresses since they fall into a predictable format like phone numbers. Although it's easier to check with where these hosts registered and get IP addresses directly this way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment