Articles by Philippe Teuwen

14 articles
Date Tue 20 August 2024
Author Philippe Teuwen
Category Cryptography

We studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...

Date Wed 17 April 2024
Author Philippe Teuwen
Category Cryptography

Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?

Date Thu 29 February 2024
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We announce the release of a new version of Blue Galaxy Energy, our white-box cryptanalysis tool implementing the BGE attack against AES. This version addresses the main limitations of the previous version.

Date Thu 21 December 2023
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We introduce a new white-box cryptanalysis tool based on the pioneering BGE paper but without known open source public implementation so far.

Date Tue 28 February 2023
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We are releasing a new cryptanalysis tool based on a known paper but without known open source public implementation so far.

Date Tue 18 May 2021
Authors Philippe Teuwen, Christian Herrmann
Category Hardware

Tear-off techniques to the next level.

Date Thu 19 November 2020
Authors Philippe Teuwen, Christian Herrmann
Category Hardware

Latest news from the Proxmark3 world, crunchy bits included...

Date Tue 12 May 2020
Author Philippe Teuwen
Category Hardware

In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.

Date Tue 29 October 2019
Author Philippe Teuwen
Category Hardware

We will demonstrate how we can recover the password and memory content of RFID tags by carefully cutting the power source during EEPROM writes.

Date Fri 02 August 2019
Authors Philippe Teuwen, Christian Heitman, Laurent Grémy
Category Blockchain

Quarkslab's team performed a cryptographic and security assessment of the Monero Research Lab’s new Proof-of-Work algorithm, called RandomX [1]. RandomX is a proof-of-work algorithm that is optimized for general-purpose CPUs. RandomX uses random code execution together with several memory-hard techniques to minimize the efficiency advantage of specialized hardware. We only found minor inconsistencies and formulated a few recommendations. These recommendations are mainly relevant when using alternative configurations but they are of less importance with the current configuration and usage of RandomX. The full report of the assessment can be found at the following address: [2]