Conversation

Notices

1. Embed this notice
   Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Wednesday, 21-Feb-2024 10:03:05 JST Ryan Castellucci :nonbinary_flag:

   When asked, in a work context, what my superpowers are, I often mention that I can read academic papers, and frequently am able to implement techniques/algorithms from them.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 22-Feb-2024 18:45:34 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Ondřej Surý

     @ondrej In a CTF I played in a long time ago, there was a high value challenge that involved recovering an RSA private key that had a bunch of random bytes erased.

     I found a paper (oh, of course it's from Nadia Heninger) called "Reconstructing RSA Private Keys from Random Key Bits" and with some digging discovered that PoC code existed. With some prodding, I was able to solve the challenge.

     One of the organizers was stunned that I solved it so quickly, and when I explained was even further stunned that any code existed - he just assumed the algorithm was only described in the paper.

     This isn't my writeup, but describes the challenge and approximately what I did:

     https://github.com/ctfs/write-ups-2014/blob/master/plaid-ctf-2014/rsa/README.md

   • Embed this notice
     Ondřej Surý (ondrej@mastodon.rfc1925.org)'s status on Thursday, 22-Feb-2024 18:45:37 JST Ondřej Surý

     in reply to

     @ryanc Wow, that’s a superpower. Each paper has a different often incomplete or broken pseudo code. So, yes, I would consider that a superpower.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 22-Feb-2024 18:48:19 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • Ondřej Surý

     @ondrej Anyway, the key skills really are being able to read "academic" (including the notation), and being able to muster the hubris to try.