Hey! I'm David Wong, a security consultant at Cryptography Services (NCC Group). You can find more about that on my blog. Prior to this I graduated from a Cryptography Masters at the University of Bordeaux and went through McMaster, Lyon1 to graduate in Math, and the Beijing Language and Culture University to learn Chinese. Here are some things I've done.



april 2014

Napster + Node-webkit. A free spotify-like desktop application made with node-webkit. It crawls google and find mp3 files and plays them back to you.



march 2014

The Litecoin exchange rate, the Bitcoin one is here. Made with javascript and python because I needed something pretty to display continuously on a screen in the background.



november 2013

Keep track of your facebook friends. shows you who's deleting you, adding you or changing his/her name on facebook.



november 2013

Makes you write everyday. Last time I checked 4134 people had used it to write 12,350,718 words. Around 300 people use it everyday.



september 2009

Where are the student parties in Lyon? This tries to answer that question every week. In the last years Lyon01 gave away a huge amount of tickets to gigs/parties through multiple contests and had had its logo printed on most fliers and posters in the city.




A script to organize tournaments easily. Can be used for multiple games, customizable, different kind of brackets, ... Used to be translated in 7 languages and used all over Europe.




One of my first blog. It's now made with Laravel, but it used to be made with Django, Rails, Code Igniter, Wordpress, ... It's changed a lot over the years, it's kind of my sandbox to learn something new.

Research I've done.

CVE golang


April 2016

A Common Vulnerability Exposure found in the math bignum library of Go. This provokes a infinite loop that would have facilitated DoS attacks on TLS, SSH and some other custom protocols like the Let's Encrypt one.



february 2014

Research on whiteboxes. The symmetric cipher DES was used to illustrate the different techniques of obfuscation and input/output encryptions.

Talks, Videos, Education...

Noise Protocol

The Noise Protocol Framework

April 2016

An overview of the Noise Protocol Framework, a building base to create TLS-like protocol, notably used in the WhatsApp messaging app.


Attacking RSA with lattice reduction techniques (LLL)

april 2015

This video is an explanation of Coppersmith's attack on RSA, which was later simplified by Howgrave-Graham, and the later attack by Boneh and Durfee, simplified as well by Herrmann and May. Both use LLL, the lattice reduction algorithm of Lenstra Lenstra Lovasz.

Sometimes the press talks about me.

+ August 10th 2016

Der Vorfall brachte David Wong von der Sicherheitsfirma NCC allerdings auf die Idee, man könne eine ähnliche Änderung in einer Krypto-Software in eine NOBUS-Hintertür verwandeln.
Written by Fabian A. Scherschel on Heise.de

+ August 8th 2016

Der Diffie-Hellman-Schlüsselaustausch ist sicher - wenn die Parameter korrekt gewählt sind. Doch was passiert, wenn es einem Angreifer gelingt, fehlerhafte Parameter einzuschleusen? David Wong ist es gelungen, damit eine sogenannte Nobus-Hintertür zu erzeugen.
Written by Hanno Böck on Golem.de

+ September 2014


+ April 16th 2014

Le deal est simple... Vous vous inscrivez sur 3Pages et celui-ci vous offrira un cadre d'écriture très zen avec une quantité à respecter de 750 mots pas jour (soit 3 pages). Il ne s'agit pas d'un blog, personne ne lira vos écrits, mais il vous aidera à tenir le rythme tout en vous faisant plaisir jour après jour.
Written by Korben.

+ October 29th 2010

L'incroyable effet viral de Facebook prend alors la relève et c'est parti pour une audience qui peut monter en France à 300.000 visiteurs/jours (chiffre revendiqué par On aime bien).

Le réseau social a mis en lumière une tendance de fond du web jeune —le besoin de marqueurs identitaires, de tatouages 2.0— dont il est possible de tirer partie différement. C'est ce qu'a bien compris David Wong, 21 ans, créateur de On aime bien:
«Vie de merde a eu une belle carrière. J'imagine qu'On aime bien et tous les sites du genre pourraient rêver du même parcours à condition de se détacher le plus possible de Facebook et de leurs caprices. C'est ce que j'essaye de faire actuellement avec On aime bien où j'essaye de pousser les utilisateurs à voter sur le site, et non pas via Facebook».
Written by Vincent Glad for Slate