xenol's blog

Chance favors the prepared mind

Dec 29, 2012 - 2 minute read - 29C3 CCC

29c3: Day Two

I started this day with visiting talk by Axel Arnbak titled Certificate Authority Collapse. Axel talked about the current model being completely broken (nothing new in the security community) and that the change is needed. He described the DigiNotar incident. The European Union wants to address this issue by regulations, which do more harm than good. If the CA model is broken, it should be fixed technically and not by law. Video can be found here.

After lunch, I went and saw Lightning talks block. I liked the talk about a project building community GSM and mesh networks in remote areas in Mexico.

Another great talk of the day was FactHacks - RSA factorization in the real world by Daniel J. Bernstein, Nadia Heninger and Tanja Lange. Speakers gave a quick introduction to RSA cryptosystem and some facts about its factorization. Dan also showed several algorithms for factoring primes. There was practical example on how we can search for private keys on the Internet, complete missing parts of it and speakers generally advised to stop using 1024-bits RSA keys. I switched to ECDSA few months ago and you should do it as well. If your SSH server doesn’t support ECDSA (OpenSSH <5.7), then stick to 2048 bit or 4096 bit private key size. Video can be found here.

The final talk I visited was about Stylometry and Online Underground Markets, which was about the usage of stylometry to identify and gaining a better understanding of how do underground market work. Video should be available shortly.