From b63f487e21c24d62cd5920269412d850b9e33cbb4d047460d9443e165ced56bf Mon Sep 17 00:00:00 2001 From: Nadim Kobeissi Date: Sat, 28 Jun 2025 23:41:05 +0200 Subject: [PATCH] Add an optional reading involving a critical analysis of KDFs --- website/index.html | 2 ++ website/papers/no-salt.pdf | 3 +++ 2 files changed, 5 insertions(+) create mode 100644 website/papers/no-salt.pdf diff --git a/website/index.html b/website/index.html index df2b2fa..e40b802 100755 --- a/website/index.html +++ b/website/index.html @@ -216,6 +216,7 @@
  • Chris Alexander and Ian Goldberg, Improved User Authentication in Off-The-Record Messaging, Workshop on Privacy in the Electronic Society, 2007.
  • Ian Martiny, Gabriel Kaptchuk, Adam Aviv, Dan Roche and Eric Wustrow, Improving Signal's Sealed Sender, Network and Distributed Systems Security Symposium, 2021.
  • Henry de Valence, It's 255:19AM. Do you know what your validation criteria are?, hdevalence.ca, 2020.
    • +
  • Matilda Backendal, Sebastian Clermont, Marc Fischlin and Felix Günther, Key Derivation Functions Without a Grain of Salt, IACR Eurocrypt, 2025.
  • Nadhem J. Alfardan and Kenneth G. Paterson, Lucky Thirteen: Breaking the TLS and DTLS Record Protocols, IEEE Symposium on Security and Privacy, 2013.
  • Whitfield Diffie and Martin E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, 1976.
  • Paul Rösler, Christian Mainka and Jörg Schwenk, More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema, IEEE European Symposium on Security and Privacy, 2018.
    • @@ -519,6 +520,7 @@
  • Nikita Borisov, Ian Goldberg and Eric Brewer, Off-the-Record Communication, or, Why Not To Use PGP, Workshop on Privacy in the Electronic Society, 2004.
  • Hugo Krawczyk, SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols, IACR Crypto, 2003.
  • Hugo Krawczyk, Cryptographic Extraction and Key Derivation: The HKDF Scheme, IACR Crypto, 2010.
    • +
  • Matilda Backendal, Sebastian Clermont, Marc Fischlin and Felix Günther, Key Derivation Functions Without a Grain of Salt, IACR Eurocrypt, 2025.
  • Joseph Bonneau and Andrew Morrison, Finite-State Security Analysis of OTR Version 2, Stanford Computer Security Laboratory, 2006.
  • Chris Alexander and Ian Goldberg, Improved User Authentication in Off-The-Record Messaging, Workshop on Privacy in the Electronic Society, 2007.
  • Nadim Kobeissi, Karthikeyan Bhargavan and Bruno Blanchet, Automated Verification for Secure Messaging Protocols and their Implementations: A Symbolic and Computational Approach, IEEE European Symposium on Security and Privacy, 2017.
    • diff --git a/website/papers/no-salt.pdf b/website/papers/no-salt.pdf new file mode 100644 index 0000000..484d41f --- /dev/null +++ b/website/papers/no-salt.pdf @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c46ab15e7c311348f10f67d37cd5991681f3877d369bb92282f224d95f1cbbc6 +size 863224