That was a great read. I saw the title and figured it would quickly go over my head but it's all pretty understandable.<p>Does anyone know where I can download the src to have a look through?<p>Edit: found it <a href="https://code.google.com/p/corkami/source/browse/#svn%2Ftrunk%2Fsrc%2Fangecryption" rel="nofollow">https://code.google.com/p/corkami/source/browse/#svn%2Ftrunk...</a>
There's also a word play in the title. "AES" transliterates to "АЭС" (acronym for "<i>А</i>томная <i>Э</i>лектро<i>с</i>танция") in Russian (and some other Slavic languages), which means "nuclear power plant". Thus, the "☢" sign.
Actual link: <a href="https://speakerdeck.com/ange/when-aes-equals-episode-v" rel="nofollow">https://speakerdeck.com/ange/when-aes-equals-episode-v</a>
Recording of the talk: <a href="http://podcast.raumzeitlabor.de/#wbHkVZfCNuE" rel="nofollow">http://podcast.raumzeitlabor.de/#wbHkVZfCNuE</a>
That's amazing. Didn't think it's even possible, however it turns out to be surprisingly simple. Also, laughed out loud because of that guy's twitter nickname on the 3rd slide.
Cool trick, I have encountered something like this in a steganography wargame before, the only difference is they used Base64 encoding on the original picture instead of AES :)
I love the "HexII" hex-dump format he links to, it's so much less cluttered than the traditional one. I'm definitely going to have to try that out the next time I'm picking apart some binary file.
Impressive.<p>That's also the reason why one should limit the max-length of a password field (something reasonable), if one is using the <i>salted-password in db</i> approach. Otherwise someone could enter a very long password to do the trick (MD5/SHA1), see <a href="http://en.wikipedia.org/wiki/MD5#Security" rel="nofollow">http://en.wikipedia.org/wiki/MD5#Security</a> .