204 matches found
NIST Post-Quantum Cryptography Standard Algorithms Based on Quantum Random Number Generators
In recent years, the advancement of quantum computing technology has posed potential security threats to RSA cryptography and elliptic curve cryptography. In response, the National Institute of Standards and Technology NIST published several Federal Information Processing Standards FIPS of...
Quantum Skyshield: Quantum Key Distribution and Post-Quantum Authentication for Low-Altitude Wireless Networks in Adverse Skies
Recently, low-altitude wireless networks LAWNs have emerged as a critical backbone for supporting the low-altitude economy, particularly with the densification of unmanned aerial vehicles UAVs and high-altitude platforms HAPs. To meet growing data demands, some LAWN deployments incorporate...
A Comparative Study and Implementation of Key Derivation Functions Standardized by NIST and IEEE
Since many applications and services require pseudorandom numbers PRNs, it is feasible to generate specific PRNs under given key values and input messages using Key Derivation Functions KDFs. These KDFs are primarily constructed based on Message Authentication Codes MACs, where the MAC serves as ...
Technical Evaluation of a Disruptive Approach in Homomorphic AI
We present a technical evaluation of a new, disruptive cryptographic approach to data security, known as HbHAI Hash-based Homomorphic Artificial Intelligence. HbHAI is based on a novel class of key-dependent hash functions that naturally preserve most similarity properties, most AI algorithms rel...
CVE-2023-22334
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System CHS Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack...
python3.11 bug fix update
An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...
AZL-61673 CVE-2024-58134 affecting package perl-Mojolicious 8.57-3
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute...
AESHA3: Efficient and Secure Sub-Key Generation for AES Using SHA-3
Advanced Encryption Standard AES is one of the most widely used symmetric cipher for the confidentiality of data. Also it is used for other security services, viz. integrity, authentication and key establishment. However, recently, authors have shown some weakness in the generation of sub-keys in...
Post Quantum Cryptography (PQC) Signatures without Trapdoors
Some of our current public key methods use a trap door to implement digital signature methods. This includes the RSA method, which uses Fermat's little theorem to support the creation and verification of a digital signature. The problem with a back-door is that the actual trap-door method could, ...
Complexity of Post-Quantum Cryptography in Embedded Systems and Its Optimization Strategies
With the rapid advancements in quantum computing, traditional cryptographic schemes like Rivest-Shamir-Adleman RSA and elliptic curve cryptography ECC are becoming vulnerable, necessitating the development of quantum-resistant algorithms. The National Institute of Standards and Technology NIST ha...
From Cyber Threat to Data Shield: Constructing Provably Secure File Erasure with Repurposed Ransomware Cryptography
Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER Secure and Efficient Encryption-based Erasure...
ChuanhuChatGPT 代码问题漏洞
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A server-side request forgery vulnerability exists in ChuanhuChatGPT version 20240914, which stems from a vulnerability that allows a respons...
kernel: ipv6: sr: fix out-of-bounds read when setting HMAC data.
An out-of-bounds read flaw was found when setting HMAC data in net/ipv6/seg6.c in the Linux kernel. This issue may lead to a crash...
UBUNTU-CVE-2024-42255
In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpmbufcheckhmacresponse Dereference auth after NULL check in tpmbufcheckhmacresponse. Otherwise, unless tpm2sessionsinit was called, a call can cause NULL dereference, when TCGTPM2HMAC is...
python3 security update
3.11.7-1.3 - Security fix for CVE-2024-4032 Resolves: RHEL-44097 3.11.7-1.2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40785...
python3 security update
3.9.18-3.3 - Security fix for CVE-2024-4032 Resolves: RHEL-44106 3.9.18-3.2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40767...
The vulnerability of the gcry_md_get_algo_dlen() function in ClusterLabs Booth’s high-availability cluster management and monitoring software allows a attacker to perform an invalid HMAC.
The vulnerability of the gcrymdgetalgodlen function in ClusterLabs Booth’s high-availability cluster management and monitoring software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker operating remotely to generate invalid HMACs...
PT-2024-6943 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the tpm buf check hmac response function in the Linux kernel's Trusted Platform Module TPM driver. It involves a null pointer dereference when TCG TPM2 HMAC is...
booth: specially crafted hash can lead to invalid HMAC being accepted by Booth server
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server...
Oracle Linux 8 : python3 (ELSA-2024-4243)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4243 advisory. 3.12.3-2 - Enable importing of hash-based .pyc files under FIPS mode Resolves: RHEL-40776 3.12.3-1 - Update to 3.12.3 Related: RHEL-33685 3.12.2-3 - Move all te...