BC TRADING
Saved by @Alex1Powell

A thread on the Tasmota TLS MitM attack I found a few months ago since getting a proper blog post about it is taking me forever.

Tasmota is an open source firmware that runs on a number of ESP8266-based IoT home automation devices, which talks to an MQTT broker for management.

 MQTT can be run over TLS to provide confidentiality and integrity, but given the constraints of running on an ESP8266 device, standard TLS certificate validation is rather heavy. As an alternative, Tasmota implements fingerprint based validation, like SSH
The fingerprint validation can do "trust on first use" (TOFU) and just remember the server's public key. This can work well if you're hosting your own MQTT server, and you can just use a self signed certificate. The fingerprint algorithm was even based on how SSH does it.
If you read RFC4253, it describes the RSA key format with the following encoding

string "ssh-rsa"
mpint e
mpint n

where e is the public exponent (usually 65537) and n is the modulus.

Slight problem. RFC4253 doesn't explain what an mpint is.
You have to go dig up RFC4251 for what an mpint is. The precise details don't really matter for this bug, but the critical detail is that an mpint is length-prefixed, which makes it unambiguous where when mpint ends and the next begins.

Tasmota's implementation missed this.
Instead, everything was simply concatenated together with no delimiter. That means each fingerprint actually matches a "family" of RSA keys with identical serialization with the public exponent ending and the modulus beginning in different places.
As an example (with tiny number), we could have e=17 and n=389436408973, with a serialization of "ssh-rsa17389436408973". But e=17389 and n=436408973 gives the same serialization and is much easier to factor - it's 7 * 11 * 13 * 435973.
A quick bit about RSA - keys are normally formed from two large prime numbers that are around the same size, which are multiplied together to form the modulus. The security of RSA depends on it being difficult to decompose the modulus into its prime factors.
The math behind RSA also works perfectly fine with more than two prime numbers - and this is even supported (though rarely used) by modern implementations. The question is, can factors actually be found for collisions of arbitrary RSA keys under Tasmota's scheme?
There are two ways to factor numbers large enough to use as RSA keys - general number field sieve and elliptic curve method.

GNFS's difficulty depends on the size of the number, and these are too big.

ECM, however, depends on the size of the second largest factor.
For a normal RSA number with two primes, GNFS would be faster, but if the primes are small enough, ECM is feasible.

So, then, to attack the key, the family of RSA keys that match the fingerprint are all generated, and then ECM is used to try to factor them.
The ECM attempt can be time bounded. I found a few minutes per key worked reasonably well, and gave about a 99% success rate in finding one usable factorization.
As a "nothing up my sleeve" demo, I picked this key here that covers nsa[.]gov (among other domains):

https://t.co/1AITBNXWIv
I was able to find a colliding key with a factorization of 13, 1,091, 15,032,926,429, and a 340 digit prime that won't fit in this tweet.

The attack also worked just fine on my LAN and I was able to pull off a MitM attack.
I supplied a patch to Tasmota to remediate this. My patch adds length prefixes to the RSA key serialization to make it unambigious, and will automatically update the fingerprint so long as the server's key isn't "suspicious".

https://t.co/quyAT5uzw4
I believe my code made it into Tasmota 8.4.0, so if you're running an up to date version you're protected - though I imagine most folks aren't bothering with TLS on their home networks.

I am the sort of person who thinks that running transport mode IPSec at home is a good time.
This was one of the coolest crypto exploits I've ever written.

I published a blog post a couple months ago about constructing multi-prime RSA keys in python, which was part of my attack for this.
I did need to patch OpenSSL to remove the limits on the maximum number of primes it allowed, but that was pretty simple.

I think that wraps this thread.

More from Trading

Christian Reshoeft
Christian Reshoeft
@reshoftc
(Thread) Why do I own individual stocks?

Thesis:

1. The digitalization of our world is 10% complete.
2. This megatrend will continue for at least another decade.
3. If you enjoy spending your free time on individual stocks, then the potential for outsized returns is possible.

What is my approach?

There are two parts to my portfolio.

- 40% in Vanguard All-World ETF. This is on autopilot w/ regular contributions.
- 60% in what I consider to be high growth stocks

I keep a balance by adding cash. No shuffling around unless it gets too out of whack.

The latter is the interesting part.

I invest in companies that can

1. successfully disrupt an industry with new business models $TTD $SQ $PTON $TDOC

2. further enable the digital transformation with their services and infrastructure $ZS $HUBS $TWLO $CRWD

I intend to hold my shares indefinitely and allow my investments to compound over time.

I don’t believe that it is possible to time the market. Markets go up and down. I hold on knowing that quality businesses tend to bounce back.

The list of reasons to sell is always long.

If you have full conviction in your holdings, then no single piece of “infotainment” should make you change your mind.

Ignore it + people who make predictions about the economy.
TRADING , FINANCE
Abhishek Kar
Abhishek Kar
@Abhishekkar_
𝐑𝐮𝐥𝐞𝐬 𝐨𝐟 𝐈𝐧𝐯𝐞𝐬𝐭𝐢𝐧𝐠 𝐓𝐡𝐫𝐞𝐚𝐝
The entire thread summarizes some important rules with respect to investing. Inspired by legendary traders,these will not only help you to grow wealth,but also make a smart investor. Hope you would like the thread & shower some love

Rule 1: Bulls, Bears Make Money, Pigs Get Slaughtered so chose your category wisely
Rule 2: It's OK to Pay the Taxes,Dont just wait for a 10% LTCG always. Sometimes you know it won't pay you
Rule 3: Don't Buy All at Once,Have patience market will give enough opportunities

Rule 4: Buy Damaged Stocks, Not Damaged Companies. Understand the diff b/w undervalued stocks and no value stocks. Everything cheap is not bargain,it could be trap.
Rule 5: Diversify to Control Risk,make sure you don't put everything into one stock,one sector or one asset class.

Rule 6: Do Your Stock Homework. You spend 5 hours to buy a cream on Amazon but research for 1 hr based on buying a stock on twitter! Well,do your homework.

Rule 7: No One Made a Dime by Panicking .Invest 2-10% and leave rest. If it falls,pain will be low,if moves,no FOMO haunt

Rule 8: Buy Best-of-Breed Companies,This doesnt mean you have to invest in the most expensive companies,all it means is you need to buy co.s with good earnings,promoters and sustainability
Rule 9: Defend Some Stocks, Not All
Rule 10: Bad Buys Won't Become Takeovers,STOP hoping
TRADING
Advertisement
I have to wear shoes? \U0001f339
I have to wear shoes? ...
@migbike
A thread about GameStop:

Big hedge funds made big bets that GameStop’s stock was overvalued. The way these bets work is the hedge fund borrows shares of the stock and sells those borrowed shares.

When it comes time to give the borrowed shares back, they buy them on the market, hopefully at lower prices. For example, they might sell the borrowed share at $50, hoping to be able to buy the share back at $30, to make a $20 profit. This is called shorting.

The hedge funds were so sure that GameStop was going down, that GameStop was the most shorted stock on the market. 140% of the shares in existence were “borrowed.” Imagine Bob borrows from Jane who borrows from Sue who borrows from John.

Shorting is risky, but the hedge funds were so sure that they just didn’t even care. People on Reddit realized this and basically thought “what if we all just bought shares and refused to sell them when the hedge funds need to give their borrowed shares back.”

The price goes up, the hedge funds are forced to buy back the expensive shares and lose money. Except the hedge funds kept doubling down as the price rode up, expecting that it would eventually fall. The Redditors weren't scared off and with "diamond hands" refused to sell.
TRADING
Emperor\U0001f451
Emperor👑
@EmperorBTC
Crypto Day-Trading Secret Strategy.

SIMPLE. HIGH PROFIT. NO NONSENSE.

One of the best strategies for Scalping crypto.

Share it to help all beginners.

(A THREAD)🚀🚀


We will use three basic indicators.

1. Pivot Points
2. Stoch RSI
3. VWAP

Note- This strategy will have a MUCH higher probability of success if basic Price action, volume and Candlestick pattern is kept in mind.

USE THE STRATEGY:

I will introduce the tools and then explain the strategy.

I Will talk about the calculations to arrive at the indicators separately.

IMPORTANT- Don't use the indicators alone.
Eg. Stoch RSI has less than 26% hit rate so you can't use it alone to trade.

Tool 1- Pivot Points:

They are reversal points based the historical prices.
Go to the indicators tab and type 'Pivot point standard'

The settings to be used have been disclosed in the pic below.

Note- You can choose your own settings but I have disclosed the ones I use.


This is what they will Look like.

Ignore All notations and just remember.
ALL the lines are Support or Resistance lines
(Lines of Interest)

It doesn't matter if it's been denoted as P,R or S.

We will learn how to use them below, practically.
TRADING
Greg Duncan \U0001f981
Greg Duncan 🦁
@GregDuncan_
Many traders have no consistency when sizing their positions.

The pros have this down to a science.

Here's my dead simple, 3-step guide to position sizing (and to outperforming 99% of other traders in the process):

Step 1:

Define how much of your account you're willing to risk per trade.

Personally, I never risk more than 1% of my account equity.

If I have $100,000 account, I will never risk more $1,000.

This ensures I will never blow up my account on one single trade.

There are successful traders who risk 2-3% of their account per trade, but I find it most calming to risk 1% or less.

The first step in this process is completely up to you - only you can dictate how much risk you can tolerate.

Step 2:

Look for entries & exits that are within 5% (preferably less) of each other.

This means if I buy a stock & have a 5% stop loss, I can put a 20% equity position on & still be risking 1% of my equity.

Your account will thank you w/ 20% in a stock that goes up 100%.

Step 3:

Position size using this formula:

Total equity (100%) / Trade Stop Loss %

So, if your stop loss is 4%, here's the math:

100% equity / 4% stop loss = 25% Equity Position Size

(assuming 1% equity risk).

Here's another hypothetical calculation:
TRADING

You May Also Like

Jaya_Upadhyaya
Jaya_Upadhyaya
@Jayalko1
DEVI KARUMARIAMMAN, THIRUVERKADU (TN)

Devi is worshipped here as both Swayambhu (self-manifested) and as Parashakti (with 4 arms holding skull,sword,trishul,udukkai/damru).

Here, Muruga got Vel from Devi to fight Suran. So the place was called Vel kadu which became Verkadu.


It is said that there was an anthill here long ago. Devi appeared in the dream of a devotee and asked him to build a shrine at that spot. When the anthill was removed, the swayambhu murti of Devi emerged. So Devi is called Karuvil Illadha Karumari ( not in the womb of mother).


Once, Devi went to Surya in the form of an old woman but Surya neglected her. Devi’s anger made Surya lose his brightness.
To appease her, Surya said that His rays would fall on Her directly twice in a year and touch her feet. Also, Sunday is celebrated as day of Devi Karumari.


There is also a wooden image of Devi (Marachilai Amman) here. Devotees offer locks to her in the belief that She would safe guard their houses.
Temple tank (Thiruchamber Poigai) is said to have been created by Subramanya. Taking dip in it is said to cure skin related disorders.
ALL
WORLD OF SANATAN DHARMA
WORLD OF SANATAN DHARM...
@world_sanatan
WHY BABUR NEVER TRIED TO ATTACK SRI KRISHNADEVARAYA ?

A🧵u must read

It is very well known that Babur considered Krishna Dev Raya as the strongest ruler of the entire subcontinent, and Vijayanagar empire the strongest during that time in India.

1/10


The Vijayanagar empire reached its peak during 1509-1529 around the reign of Krishna Dev Raya.

Vijayanagar’s famed elephant brigade 👇

2/10


At his command there were over 50000 elite troops with a regiment of Portuguese gunners and 3200 cavalry with 600 elephants.

3/10

Along with that more than four hundred thousand ( four lakh) peasant levies and irregular military made this empire one of the largest in all of South Asia.

A typical Vijayanagar levie soldier 👇

4/10


During Baburs invasion, Krishna Dev Raya ruled supreme in all of deccan.

In fact, in an all our brawl, Krisha Dev Raya will beat Babur fair and square.

Babur could muster at max 50000 troops with 50 canons.

While Krishna Dev Raya had these numbers in Hampi alone

5/10
ALL
Advertisement
Dr Amanda Moehring
Dr Amanda Moehring
@FlyBehaviour
In Academia, people aren’t always supported when they need it. I want to share what @WesternU did when my husband died right after the pandemic shutdown. It should be shared with other uni’s as a model for empathy and proactive care when someone is in crisis.
1/
#AcademicChatter
SCIENCE
Aditya Todmal
Aditya Todmal
@AdityaTodmal
12 TRADING SETUPS which experts are using.

These setups I found from the following 4 accounts:

1. @Pathik_Trader
2. @sourabhsiso19
3. @ITRADE191
4. @DillikiBiili

Share for the benefit of everyone.

Here are the setups from @Pathik_Trader Sir first.

1. Open Drive (Intraday Setup explained)


Bactesting results of Open Drive


2. Two Price Action setups to get good long side trade for intraday.

1. PDC Acts as Support
2. PDH Acts as


Example of PDC/PDH Setup given
STOCKLEARNINGS , LEARNSTOCKTRADING
Kentaur Wolf2
Kentaur Wolf2
@fragma_dia2
Хајде да направимо мали осврт на случај Мика Алексић .

Алексић је жртва енглеске освете преко Оливере Иванчић .
Мика је одбио да снима филм о блаћењу Срба и мењању историје Срба , иза целокупног пројекта стоји дипломатски кор Британаца у Београду и Оливера Иванчић


Оливера Илинчић је иначе мајка једне од његових ученица .
Која је претила да ће се осветити .

Мика се налази у притвору због наводних оптужби глумице Милене Радуловић да ју је наводно силовао човек од 70 година , са три бајпаса и извађеном простатом пре пет година

Иста персона је и обезбедила финансије за филм преко Беча а филм је требао да се бави животом Десанке Максимовић .
А сетите се и ко је иницирао да се Десанка Максимовић избаци из уџбеника и школства у Србији .

И тако уместо романсиране верзије Десанке Максимовић утицај Британаца

У Србији стави на пиједестал и да се Британци у Србији позитивно афирмишу како би се на тај начин усмерила будућност али и мењао ток историје .
Зато Мика са гнушањем и поносно одбија да снима такав филм тада и почиње хајка и претње која потиче из британских дипломатских кругова

Најгоре од свега што је то Мика Алексић изговорио у присуству високих дипломатских представника , а одговор је био да се све неће на томе завршити и да ће га то скупо коштати .
Нашта им је Мика рекао да је он свој живот проживео и да могу да му раде шта хоће и силно их извређао
ALL


Category Partner: Enkryptopedia