https://miscreants.github.io/blog.trailofbits.com/authors/paul-kehrer/Recent content in Paul Kehrer on The Trail of Bits BlogHugoen-usFri, 26 Feb 2021 10:31:47 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/Fri, 26 Feb 2021 10:31:47 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/It is a truism in modern software development that a robust continuous integration (CI) system is necessary. But many projects suffer from CI that feels brittle, frustrates developers, and actively impedes development velocity. Why is this? What can you do to avoid the common CI pitfalls? Continuous Integration Needs a Purpose CI […]https://miscreants.github.io/blog.trailofbits.com/2019/07/02/state/Tue, 02 Jul 2019 06:50:11 -0400https://miscreants.github.io/blog.trailofbits.com/2019/07/02/state/RandomX is a new ASIC and GPU-resistant proof-of-work (PoW) algorithm originally developed for Monero, but potentially useful in any blockchain using PoW that wants to bias towards general purpose CPUs. Trail of Bits was contracted by Arweave to review this novel algorithm in a two person-week engagement and provide guidance on alternate parameter selection. But […]https://miscreants.github.io/blog.trailofbits.com/2019/03/25/what-application-developers-need-to-know-about-tls-early-data-0rtt/Mon, 25 Mar 2019 09:00:23 -0400https://miscreants.github.io/blog.trailofbits.com/2019/03/25/what-application-developers-need-to-know-about-tls-early-data-0rtt/TLS 1.3 represents the culmination of over two decades of experience in deploying large-scale transport security. For the most part it simplifies and improves the security of TLS and can act as a drop-in replacement for TLS 1.2. However, one new feature in the protocol represents a significant security risk to some existing applications: TLS […]https://miscreants.github.io/blog.trailofbits.com/2018/12/17/csaw-ctf-crypto-challenge-breaking-dsa/Mon, 17 Dec 2018 06:50:42 -0500https://miscreants.github.io/blog.trailofbits.com/2018/12/17/csaw-ctf-crypto-challenge-breaking-dsa/The Trail of Bits cryptographic services team contributed two cryptography CTF challenges to the recent CSAW CTF. Today we’re going to cover the easier one, titled “Disastrous Security Apparatus – Good luck, ‘k?” This problem involves the Digital Signature Algorithm (DSA) and the way an apparently secure algorithm can be made entirely insecure through surprising […]https://miscreants.github.io/blog.trailofbits.com/2018/11/07/we-crypto-now/Wed, 07 Nov 2018 06:50:17 -0500https://miscreants.github.io/blog.trailofbits.com/2018/11/07/we-crypto-now/Building and using cryptographic libraries is notoriously difficult. Even when each component of the system has been implemented correctly (quite difficult to do), improperly combining these pieces can lead to disastrous results. Cryptography, when rolled right, forms the bedrock of any secure application. By combining cutting-edge mathematics and disciplined software engineering, modern crypto-systems guarantee data and communication privacy.