Category Archives: Uncategorized

Where to store your auth token? Cookie or JS? Both!

In the security community, there is a contention on whether an auth token (think OAuth access_token, JSESSIONID, ...) should be stored inside a cookie or if should live within javascript, so e.g. a variable in a single page application, local storage or session storage, etc.

If it is stored in javascript, all requests to resources that require auth have to be made from JS, so it is usually difficult to retrofit an application that was written for cookie-based auth to have it store the auth token in JS.

That being said, for new applications, the developers have to make this decision. Which one is more secure? It is often said that cookies are safer against XSS (with the HttpOnly flag set), but using cookies makes your app more vulnerable to CSRF. Tokens within JS, on the other hand, are easier to exfiltrate through XSS but CSRF therefore becomes much less of a problem.

But why not just combine the two approaches to get the best of both worlds? The web application can split the auth_token into two by doing:

r := random_bytes()
share1 := auth_token XOR r
share2 := r

share1 can then be set as a cookie and share2 as a JS variable. The web frontend then needs to always provide both shares to the backend to authorize a request.

Instead of XOR, other cryptographic operations are possible, but XOR is especially performant and should be easily available in every programming environment.


The WhatsApp vulnerability debate got quite heated up and polarized people. I wish I could have had this debate with the Facebook Security Team in Whitehat Report #1008534892515816. In private, without the public listening and judging our opinions, agreeing on a solution and giving a joint statement at the end. Continue reading

US Credit Cards Overview

This was written in 2016. If you read this in >= 2018 there is a good chance this is outdated.

Usually I don't post commercial stuff. But I think other people moving to the US might find this helpful. I did a quite comprehensive survey of the consumer credit card market and want to share my findings. If you live here for a year or longer you need to get a US credit card. Often enough this is the only form of payment accepted and international credit cards often enough fail for random reasons. I'm going to assume that you do not want the credit card for the credit, and that you will pay your total balance all at once and on time. If not, you should look into other offers. If not explicitly said, cards mentioned here do not come with annual membership fees.

Using the best offers I found, I'll get roughly $1000 cash back per year with the spending profile of a regular graduate student, so it is worth thinking for a few hours about a good strategy. Continue reading

UC Berkeley spies on all Students, Staff, Faculty 24/7

The University of California Office of the President (UCOP) has been secretly monitoring university network traffic since about August 2015. ALL data including all private E-Mail communication and everything else sent from or to the UC Network is analyzed by a not disclosed third party and retained for at least 30 days. Sources: SF Chronicle, Blogpost, Letter from Raechel Nava, Executive Vice President — Chief Operating Officer

The people responsible for implementing the unconditional and extremely invasive surveillance of all people on campus claim that this installation will enhance individual's privacy as it is necessary for improving campus security, and security is a requirement for privacy. lol. or cry. idk.

Yes, security is a requirement for privacy, but analyzing and storing all data, including the most private information, is a particularly bad attempt to achieve the goal. First, it is only a matter of time until the skillful attackers break into the surveillance system and get all data served on a silver tray. Second, the main use-case would be to analyze attacks after they happened, not prevent them. Third, parts of the UC IT are quite outdated and presumably contain lots of security holes. Fixing them first would be much more effective. Fourth, giving a third party access to all private data is a bad idea because it greatly extends the set of trusted people, devices, and networks. Fifth, today they promise to only use the data for protecting the network. When we already store all this data the next generation will legitimately ask, why it is not used to resolve other crime cases as well. A few years later, the government just slightly changes how to define crime.

Again we see the security argument applied as a plain decoy to justify peoples nasty surveillance dreams. Or maybe they just don't know better? Idk. Btw: Berkeley is worldwide one of the top research institutions in Computer Security. Apparently non of the faculty or students were asked to assist with making the network more secure. Instead an external party was secretly contracted.

Notice that the security fence is full of holes

Notice that the security fence is full of holes

So, what can we do against this. I don't know. Convincing the administration that this form of surveillance it no good might be fruitful in case they just did not know what else to do. I doubt it. And even then other actors are monitoring all your communication anyways. So it seems like as long as there is no better solution available, we all have to protect ourselves a little bit more. We can


Not to care about privacy because you have nothing to hide is like not caring about free speech because you have nothing to say. - Edward Snowden

Comments allowed and welcome.

The day I almost became stupid

Today is Friday, Jan 22, 2016. I will remember this day. In discussions we security researchers often talk about the dumb average computer user. Today I almost became one of them. I received the following email from a spoofed sender address [email protected]:

Screen Shot 2016-01-22 at 5.40.26 PM


It tells me that because I am a non-resident alien in the US I need to submit additional information to the IRS because I opened a bank account and I am exempt from "tax withholdings on interest paid". All this was true to me and because I only very quickly skimmed the e-mail I did not detect any major flaws in the language. I would never expect a German authority to send me such an request by email but the Americans do many sensitive stuff online so I was not really surprised by the fact that "IRS" was communicating with me via email. I also gave them my email address on another form a few month ago.

What finally helped me to identify that it was a phishing attempt was that a google search for the indicated Fax number did not give any results. I would have expected to find it on some IRS website. Then I looked at the mail headers which revealed that the sender address was spoofed and finally made it clear that this is indeed a phishing attempt.

Screen Shot 2016-01-22 at 5.33.31 PM

I am glad I realized this in the last minute as the information I would have provided on the form would be enough for an attacker to try to call my bank and reset the password with the information or something similar.

I am wondering why the phishing email was so well targeted at me. Or is my view just biased because I directly delete all other phishing mails?

By the way, the IRS never communicates by email. More information on their website.

CryptoSaarland: A new meetup for Saarbrücken

I am already very excited to spend the next semester at the Saarland University CS grad school. To find new friends as well as enhance collaboration in cryptography research and development in the area I had the idea of founding a Meetup group in Saarbrücken.

In this group all enthusiasts for cryptography and security are welcome. We will discuss recent achievements in cryptography and related areas such as secure systems, implementation, offensive security, theory of computation, and hardware security in weekly meetings. Every meeting has a designated topic and a member will hold a casual presentation on this topic leading to a onward discussion with accompanied dinner. In the course of the evening, different topics may also be discussed with the present members. As the blood alcohol level raises, the discussion will become more and more informal ;)

For our first meetup I proposed the following topics:

  • BlindBox: How Network Middleboxes like Firewalls and IDS can deal with encrypted traffic without having the secret key
  • SEEED: How SAP can still crunch data when it is encrypted by the customer
  • Zero Knowledge Proof: An Overview, zk-SNARKS and how to use them to make Bitcoin really privacy preserving
  • Bitcoin: An Introduction
  • Secure Multiparty Computation: An Introduction
  • BigInteger Libraries: An Overview of available libraries, their design, and how I try to speed up modular multiplication


Saarbrücken, DE
1 Cryptographers

In this group all enthusiasts for cryptography are welcome. We will discuss recent achievements in cryptography and related areas such as secure systems, implementation, offen...

Next Meetup

Hello World! Our first Meetup!

Wednesday, Apr 8, 2015, 6:00 PM
1 Attending

Check out this Meetup Group →

If you live in the area, please join the meetup group and help to find a time and place for our first meetup!

Back from EIT ICT Labs Summer School on Privacy, Security & Trust


Participants, Trento, Italy

Today I came back from an amazing two week summer school that was offered by EIT ICT Labs at the University of Trento. Topic was Privacy, Security & Trust. EIT ICT Labs is a EU-funded organization that aims to bring leading research into practice. In my opinion this is especially important in cryptography. There were so many great achievements in crypto in the last two decades, but we just can not see real products which use these, and so their value for society is still limited.

One speaker at the summer school has put it this way: Traditionally, the EU has funded research, then companies used the discoveries, increased sales, and payed taxes from the money they earned. But the gap between academia and industry is too large. Thus the EU wants to bridge it.

Therefore the summer school consisted of two parts. In the first week prominent speakers held lectures on modern cryptography. There were Jan Camenisch (IBM Research, ERC Fellow), Yvo Desmedt (University of Texas at Dallas), Yehuda Lindell (Bar Ilan University, ERC Fellow), Anna Lysyanskaya (Brown University), David Naccache (Panthéon-Assas University, École Normal Supérieure), Moti Yung (Google, Columbia University), and Timothy Edgar (Brown University).

In the second week we then took those concepts and designed products in small teams.

At the end, we pitched our ideas to real investors, who rated them in terms of technical and economic feasibility. My team and I won 2nd place :).

Simulating Public-Private Key Pairs and SCSI Disks

by Berk Öcal and Tobias Boelter


Many scholars would agree that, had it not been for the partition table, the visualization of journaling file systems might never have occurred. In this work, we confirm the typical unification of Internet QoS and red-black trees, which embodies the typical principles of hardware and architecture. This at first glance seems counterintuitive but is buffetted by prior work in the field. In order to address this issue, we validate that although erasure coding and reinforcement learning are always incompatible, vacuum tubes and 802.11b are mostly incompatible. Continue reading