KEL.BZ

KEL.BZ https://kel.bz/ Recent content on KEL.BZ Hugo en-us © 2026 Kelby Ludwig. All rights reserved. Mon, 05 Jan 2026 00:00:00 +0000 On string comparison timing attacks in Go https://kel.bz/post/go-timing/ Mon, 05 Jan 2026 00:00:00 +0000 https://kel.bz/post/go-timing/ It’s well known that string comparisons can leak timing information. Go is no different but exploitation is tricky. Control planes are a useful concept https://kel.bz/post/control-plane/ Mon, 15 Dec 2025 00:00:00 +0000 https://kel.bz/post/control-plane/ A useful software architecture concept is the distinction between the control plane and data plane. Even if you don’t use the jargon, this is a useful concept for safer deployments. Physical proximity and latency https://kel.bz/post/physical-latency/ Sun, 28 Mar 2021 00:00:00 +0000 https://kel.bz/post/physical-latency/ An experiment showing the effects physical proximity has on network latency. Notes on Virtualization.Framework https://kel.bz/post/virtualization-framework-reversing/ Tue, 29 Dec 2020 00:00:00 +0000 https://kel.bz/post/virtualization-framework-reversing/ Notes from reversing implmentation details of the macOS Virtualization.Framework P-256 in Sage https://kel.bz/post/sage-p256/ Fri, 10 Jan 2020 00:00:00 +0000 https://kel.bz/post/sage-p256/ Reference code for creating NIST P-256 curve objects in Sagemath. Authenticated Dictionaries with Skip Lists and Commutative Hashing https://kel.bz/post/authdict/ Sun, 05 Jan 2020 00:00:00 +0000 https://kel.bz/post/authdict/ Notes and implementation of the Goodrich and Tamassia paper on authenticated dictionaries with skip lists. The Hidden Number Problem https://kel.bz/post/hnp/ Sat, 10 Aug 2019 00:00:00 +0000 https://kel.bz/post/hnp/ Notes on the Boneh and Venkatesan’s paper describing the Hidden Number Problem and code demonstrating some of the results. ECDSA is Weird https://kel.bz/post/ecdsa-is-weird/ Sun, 28 Jul 2019 00:00:00 +0000 https://kel.bz/post/ecdsa-is-weird/ Unexpected properties of ECDSA signatures. Measures of Entropy https://kel.bz/post/entropy/ Sun, 02 Jun 2019 00:00:00 +0000 https://kel.bz/post/entropy/ Different ways to describe the entropy of a random variable. RSA-based Key Encapsulation Mechanisms https://kel.bz/post/kem/ Mon, 27 May 2019 00:00:00 +0000 https://kel.bz/post/kem/ How to use RSA to encrypt symmetric keys and how RSA-KEM relates to RSA-OAEP. Questions for System Design Reviews https://kel.bz/post/designreview/ Sun, 12 May 2019 00:00:00 +0000 https://kel.bz/post/designreview/ Moving towards operationalizing system design reviews. What questions should a review team ask, or expect to be answered? What is the Value-add of ssh-agent? https://kel.bz/post/ssh-agent/ Mon, 14 Jan 2019 00:00:00 +0000 https://kel.bz/post/ssh-agent/ The purpose of ssh-agent and observations how ssh-agent improves UX and security. Fiat-Shamir Heuristic https://kel.bz/post/fiat-shamir-heuristic/ Sat, 22 Sep 2018 00:00:00 +0000 https://kel.bz/post/fiat-shamir-heuristic/ Overview and implementation of the Fiat-Shamir heuristic used to build signature schemes from interactive zero-knowledge proofs. Building Lattice Reduction (LLL) Intuition https://kel.bz/post/lll/ Tue, 25 Jul 2017 00:00:00 +0000 https://kel.bz/post/lll/ My attempt to grok the Lenstra–Lenstra–Lovász (LLL) algorithm used for basis reduction. Subgroup Confinement Attacks https://kel.bz/post/pohlig/ Sat, 14 Jan 2017 00:00:00 +0000 https://kel.bz/post/pohlig/ Subgroup confinement attacks can apply in offline and online contexts. User-influenced Shell Commands Are Still Considered Harmful https://kel.bz/post/javaexec/ Tue, 06 Dec 2016 00:00:00 +0000 https://kel.bz/post/javaexec/ Non-obvious ways of getting code execution when testing code that uses user input to build shell commands. The GGH Cryptosystem https://kel.bz/post/lattices/ Wed, 23 Nov 2016 00:00:00 +0000 https://kel.bz/post/lattices/ An introduction to lattice-based cryptography using the broken Goldreich–Goldwasser–Halevi (GGH) cryptosystem. ASIS CTF 2016: RSA Write-up https://kel.bz/post/asis-rsa/ Sun, 18 Sep 2016 00:00:00 +0000 https://kel.bz/post/asis-rsa/ Breaking RSA with sequential prime key parameter generation. Tokyo Westerns / MMA CTF: Twin Primes Write-up https://kel.bz/post/twinprimes/ Thu, 01 Sep 2016 00:00:00 +0000 https://kel.bz/post/twinprimes/ Decrypting RSA ciphertexts using correlated parameters. Modifying IP Headers With netfilter https://kel.bz/post/netfilter/ Sat, 20 Aug 2016 00:00:00 +0000 https://kel.bz/post/netfilter/ Using netfilter to programmtically rewrite the source IP address of ICMP packets. Authorization Design Patterns https://kel.bz/post/authz-design-patterns/ Mon, 01 Aug 2016 00:00:00 +0000 https://kel.bz/post/authz-design-patterns/ Patterns/anti-patterns for designing authorization APIs. Iceland https://kel.bz/post/iceland/ Mon, 01 Aug 2016 00:00:00 +0000 https://kel.bz/post/iceland/ Takeaways from my first trip to Iceland and places I hope to revisit. Secure Password Hash Migrations https://kel.bz/post/password-hash-migrations/ Fri, 27 Nov 2015 00:00:00 +0000 https://kel.bz/post/password-hash-migrations/ How to securely migrate from an insecure password hash algorithm to a secure one. Fuzzing Servers https://kel.bz/post/fuzzing-servers/ Wed, 11 Nov 2015 00:00:00 +0000 https://kel.bz/post/fuzzing-servers/ One tip for finding fast and useful fuzz targets for networked code.