About Christopher Meyer
Chris works as a researcher and is eagerly looking for bugs in SSL/TLS, the Java platform and various applications. In addition, he is primarily interested in secure coding and exploiting coding mistakes.
List/Grid Author Archives Subscribe to the RSS feed of Christopher Meyer
Weaknesses in Java Pseudo Random Number Generators (PRNGs)
This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was presented at the Cryptographers’ Track at RSA Conference 2013. You can get the slides ...
A brief chronology of SSL/TLS attacks
I haven’t had a substantial post for quite a long time, so it’s time for something useful and interesting. Although not Java-specific, this post might still be interesting ...
Hash Length Extension Attacks
In this post I will try to leave the summer slump behind and focus on more interesting things than complaining about the weather – hash length extension attacks. Hash length extension ...
How to deal with {conservative, intractable, annoying} APIs
Have you ever been fighting with an, at least for your current purpose, inflexible API? I picked up one of the trickier scenarios – calling super( … ) with parameters. Sometimes ...
Using the final keyword on method parameters
After some own confusion which specific meaning final declared method parameters have this blog entry will try to clarify this. At least the final keyword on method parameters can ...
Investigating the HashDoS issue
Nearly one month ago I have written some thoughts on how the HashDoS problem presented at the 28C3 or other code defects could perhaps be fixed temporarily without interaction of vendors. Now ...
Patching Java at runtime
This article will slightly highlight how to fix issues with third party libs thatcan’t be circumvented are difficult to exclude/bypass/replaced simply provide no bugfixIn ...
