Is Mouse Input Random Enough for Generating Secret Keys? Introduction Previous WorkPrior Software Implementations Method ResultsPositions Timings Statistical Software DiscussionEntropy Quality Control Point Collection Using a Minigame Future Work Conclusion (← summary) 1. Introduction Cryptographic randomness is used to generate strong encryption and signing keys, such as for PGP, SSH, and disk encryption. Obtaining or successfully guessing the random values allows an attacker to gain acces...|
Eric Sesterhenn of X41 discovered a DoS vulnerability in ntpd-rs| X41 D-Sec - Penetration Tests and Source Code Audits
Niklas Abel and Luc Gommans of X41 discovered a Vulnerability in Medico| X41 D-Sec - Penetration Tests and Source Code Audits
Small tools and notes from X41’s 2025 internal research week| X41 D-Sec - Penetration Tests and Source Code Audits
Security Audit of nghttp3 and ngtcp2 X41 performed a source code audit of nghttp3, a QUIC implementation, and ngtcp2, an implementation of HTTP/3, sponsored once again by the Open Source Technology Improvement Fund. The report is released now that the development team addressed the issues identified. ngtcp2 implements QUIC, a network protocol aiming to improve the performance of connection-oriented web applications. On top of this, nghttp3 implements HTTP/3, which aims to improve latency and ...|
How can X41 D-Sec help with the new Digital Operational Resilience Act (DORA) framework? The financial sector is facing increasing security threats, making digital resilience a critical requirement. To address these challenges, the Digital Operational Resilience Act (DORA) sets out stringent regulatory requirements for financial institutions. Below, we outline key aspects of DORA and how security services companies can help organizations ensure compliance. What is the Digital Operational Resi...|
Security Audit of RSTUF X41 performed a source code audit of Repository Service for TUF, a collection of components that simplify the adoption of TUF, sponsored once again by the Open Source Technology Improvement Fund. The report is being released now that the development team addressed the issues identified. Full report of the security audit: https://www.x41-dsec.de/static/reports/X41-OSTIF-RSTUF-Audit-2024-Final-Report-Public.pdf RSTUF Blogpost: https://repository-service-tuf.readthedocs.i...|
X41 D-Sec GmbH Security Advisory: X41-2025-001 Multiple Vulnerabilities in OpenSlides Highest Severity Rating: Medium Confirmed Affected Versions: 4.2.4 Confirmed Patched Versions: 4.2.5 Vendor: Intevation GmbH Vendor URL:https://openslides.com/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Status: Public Advisory-URL:https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides/ Summary and Impact X41 identified multiple bugs in OpenSlides, the most severe one being a XSS. Product Description The...|
