Skip to content

Instantly share code, notes, and snippets.

Christopher Jeffrey (JJ) chjj

Block or report user

Report or block chjj

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@chjj
chjj / covert_ecdh.md
Created Oct 23, 2019 — forked from sipa/covert_ecdh.md
Covert ECDH over secp256k1
View covert_ecdh.md

Covert ECDH over secp256k1

If ECDH is used to establish a shared session secret for an encrypted connection, two elliptic curve points need to be transmitted (one in each direction) before encryption starts. In order to avoid being identifiable as a (specific) ECDH negotiation, ideally those two points are sent in a way that is indistinguishable from random.

This problem is easily addressed by using curves that support Elligator-style encodings: functions that encode a (subset of) elliptic curve points as sequences of bytes with no observable bias: (almost) every byte sequence corresponds to exactly one point, and the others correspond to none.

Unfortunately, no Elligator-style encoding is known for secp256k1.

@chjj
chjj / repl.js
Created Jul 7, 2012 — forked from jfhbrook/output.log
curl node repl (possibly dangerous?)
View repl.js
var http = require('http');
var pty = require('pty.js');
var server = http.createServer(function(req, res) {
var ua = req.headers['user-agent'] || '';
if (!~ua.indexOf('curl/')) {
res.setHeader('Content-Type', 'text/plain');
return res.end('curl -sSNT. localhost:8000');
}
You can’t perform that action at this time.