Academics should not remain silent on hacking

Posted on December 20, 2013 by mea

NIST’s standard for random numbers used for cryptography, published in 2006, had been weakened by the NSA. Companies such as banks and financial institutions that rely on encryption to guarantee customer privacy depend on this standard. The nature of the subversions sounds abstruse: the random-number generator, the ‘Dual EC DRBG’ standard, had been hacked by the NSA so that its output would not be as random as it should have been. That might not sound like much, but if you are trying to break an encrypted message, the knowledge that it is hundreds or thousands of times weaker than advertised is a great encouragement.

via Academics should not remain silent on hacking : Nature News & Comment.

Massive surge in Litecoin mining leads to graphics card shortage

Posted on December 14, 2013 by mea

Litecoin confirms transactions faster (every 2.5 minutes, rather than every 10 minutes for Bitcoin) and it contains more coins — 84 million coins will be found in total under the LTC protocol, as opposed to 21 million for BTC. Bitcoin and Litecoin prices tend to move together; Bitcoins stratospheric leap over the past month (it’s down from a high of $1200 but trading at $873 as of this writing) has created an odd situation where it’s easier to mine Litecoin and then convert LTC to BTC then it is to just mine BTC to start with.

via Massive surge in Litecoin mining leads to graphics card shortage | ExtremeTech.

How the Bitcoin protocol actually works

Posted on December 8, 2013 by mea

It may seem surprising that Bitcoin’s basis is cryptography. Isn’t Bitcoin a currency, not a way of sending secret messages? In fact, the problems Bitcoin needs to solve are largely about securing transactions — making sure people can’t steal from one another, or impersonate one another, and so on. In the world of atoms we achieve security with devices such as locks, safes, signatures, and bank vaults. In the world of bits we achieve this kind of security with cryptography. And that’s why Bitcoin is at heart a cryptographic protocol.

via How the Bitcoin protocol actually works | DDI.

Microsoft Warns Customers Away From RC4, SHA-1

Posted on November 14, 2013 by mea

RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications.

via Microsoft Warns Customers Away From RC4, SHA-1 | Threatpost | The First Stop For Security News.

The software company also is recommending that certificate authorities and others stop using the SHA-1 algorithm.

Hackers Take Limo Service Firm for a Ride

Posted on November 4, 2013 by mea

It’s understandable why the company would decline to comment: Inside the plain text archive apparently stolen from the firm are more than 850,000 credit card numbers, expiry dates and associated names and addresses. More than one-quarter (241,000) of all compromised card numbers were high- or no-limit American Express accounts, card numbers that have very high resale value in the cybercrime underground.

via Hackers Take Limo Service Firm for a Ride — Krebs on Security.

In response to NSA revelations, the internet’s engineers set out to PRISM-proof the net

Posted on October 31, 2013 by mea

Yet one major caveat remains. While the IETF might be able to secure the pipes through which users’ data travel, users must also be able to trust the parties where their data is stored: software, hardware and services such as Cisco, Gmail and Facebook. These parties can hand over user data directly to government agencies.

via In response to NSA revelations, the internet’s engineers set out to PRISM-proof the net | Radio Netherlands Worldwide.

Weak Keys in Network Devices – Mind your RNG!

Posted on September 7, 2013 by mea

An RSA public key (e,N) consists of an exponent e and a modulus N. The modulus is the product of two randomly chosen prime numbers p and, q. If p and q are known, it is straightforward to derive the private key. However, if they are unknown, one must factor N into p and q, which requires intensive computing resources. However, let’s assume that two keys with modulus N₁ and N₂ share one of the factors: N₁ = p₁ x q and N₂ = p₂ x q. In this case, finding the greatest common divisor of N₁ and N₂, which is q, is sufficient to factor these two moduli. The task of finding the greatest common divisor of two 1024-bit integers is much simpler than factoring and can be done in microseconds…

This well known vulnerability of RSA can be exploited in the context of low entropy keys. Poor random number generation can indeed lead to multiple keys sharing one of their factors. Heninger found that more than 60’000 keys (approximately 0.5%) they had collected could be factored in this way.

via Quantis Newsletter – September 2012.

Toshiba has invented a quantum cryptography network that even the NSA can’t hack

Posted on September 6, 2013 by mea

A quantum network uses specially polarized photons to encode an encryption key—a very long series of numbers and letters that can unlock a digital file. The photons are then sent down a fiber optic cable until they reach their destination, a photon detector, which counts them, and delivers the key to the intended recipient. If the photons are interfered with, the individual packets of information are forever altered and the recipient can see the telltale signs of tampering.

via Toshiba has invented a quantum cryptography network that even the NSA can’t hack – Quartz.

Current quantum cryptography systems from companies like ID Quantique start at around $50,000, and only connect two parties at a time. “If up to 64 people can share a single photon detector than you can spread out those costs,” Shields said.

To Our Customers | Silent Circle Blog

Posted on August 9, 2013 by mea

However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

via To Our Customers | Silent Circle Blog.

Open WhisperSystems

Posted on June 13, 2013 by mea

Encrypted calls for Android

RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.

via Open WhisperSystems >> Open WhisperSystems.

Bucktown Bell

Cut to the chase.

Tag Archives: encryption