Security Analysis of Pseudo-Random Number Generators with Input

Coming up in this year’s CCS is a paper with the provocative subtitle “/dev/random is not Robust,” and thanks to widespread availability of online preprints, it’s already scored quite a bit of online attention, e.g. at Bruce Schneier’s blog and on Hacker News. I’m…

Analysis of the HTTPS Certificate Ecosystem

Hot off the presses (as it were), this year’s Internet Measurement Conference brings us “Analysis of the HTTPS Certificate Ecosystem,” an attempt to figure out just how X.509 server certificates are being used “in the wild,” specifically for HTTPS servers. Yet more specifically, they are looking for endemic…

Introduction

I'm a graduate student in computer security, so I read lots and lots of papers. After I read the papers, they go into piles on my desk, and after a week or so I don't remember which paper was which, anymore. This will not do. From now on, I will…