Cryptography @ Infosec.pub

515 readers

4 users here now

Questions, answers, discussions, and literature on the theory and practice of cryptography

Rules (longer version here)

Stick to cryptography / infosec
Be a good netizen - be kind, act in good faith, maintain high quality, don't mislead
Link directly to original sources
Don't use us to cheat on challenges or tests!
Crypto review requests must show the algorithm
CTF / challenges and puzzles must use modern crypto
Avoid making duplicate posts
All use of AI / LLM and their prompts MUST be disclosed in your submissions and comments

##Related resources;

Reddit cryptography forums 1 & 2; /r/crypto /r/cryptography
Cryptology ePrint archive
Discussion site for ePrint papers
Libera Chat's IRC:s #crypto - (IRC protocol URL)
Metzdowd cryptography mailing list
Randombit cryptography mailing list
StackExchange cryptography community

founded 2 years ago

MODERATORS

SqueamishOssifrage

TrustedThirdParty

Opossum Attack - Application Layer Desynchronization using Opportunistic TLS (opossum-attack.com)

submitted 15 hours ago* (last edited 15 hours ago) by Natanael to c/crypto

0 comments fedilink hide all child comments

Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.

Note: The vast majority of websites are not vulnerable as HTTP TLS upgrade (RFC 2817) was never widely adopted and no browsers support it.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here