Tag Archives: encryption

Massive surge in Litecoin mining leads to graphics card shortage

Posted on by

Litecoin confirms transactions faster (every 2.5 minutes, rather than every 10 minutes for Bitcoin) and it contains more coins — 84 million coins will be found in total under the LTC protocol, as opposed to 21 million for BTC. Bitcoin and Litecoin prices tend to move together; Bitcoins stratospheric leap over the past month (it’s down from a high of $1200 but trading at $873 as of this writing) has created an odd situation where it’s easier to mine Litecoin and then convert LTC to BTC then it is to just mine BTC to start with.

via Massive surge in Litecoin mining leads to graphics card shortage | ExtremeTech.

How the Bitcoin protocol actually works

Posted on by

It may seem surprising that Bitcoin’s basis is cryptography. Isn’t Bitcoin a currency, not a way of sending secret messages? In fact, the problems Bitcoin needs to solve are largely about securing transactions — making sure people can’t steal from one another, or impersonate one another, and so on. In the world of atoms we achieve security with devices such as locks, safes, signatures, and bank vaults. In the world of bits we achieve this kind of security with cryptography. And that’s why Bitcoin is at heart a cryptographic protocol.

via How the Bitcoin protocol actually works | DDI.

Microsoft Warns Customers Away From RC4, SHA-1

Posted on by

RC4 is among the older stream cipher suites in use today, and there have been a number of practical attacks against it, including plaintext-recovery attacks. The improvements in computing power have made many of these attacks more feasible for attackers, and so Microsoft is telling developers to drop RC4 from their applications.

via Microsoft Warns Customers Away From RC4, SHA-1 | Threatpost | The First Stop For Security News.

The software company also is recommending that certificate authorities and others stop using the SHA-1 algorithm.

Hackers Take Limo Service Firm for a Ride

Posted on by

It’s understandable why the company would decline to comment: Inside the plain text archive apparently stolen from the firm are more than 850,000 credit card numbers, expiry dates and associated names and addresses. More than one-quarter (241,000) of all compromised card numbers were high- or no-limit American Express accounts, card numbers that have very high resale value in the cybercrime underground.

via Hackers Take Limo Service Firm for a Ride — Krebs on Security.

In response to NSA revelations, the internet’s engineers set out to PRISM-proof the net

Posted on by

Yet one major caveat remains. While the IETF might be able to secure the pipes through which users’ data travel, users must also be able to trust the parties where their data is stored: software, hardware and services such as Cisco, Gmail and Facebook. These parties can hand over user data directly to government agencies.

via In response to NSA revelations, the internet’s engineers set out to PRISM-proof the net | Radio Netherlands Worldwide.

Weak Keys in Network Devices – Mind your RNG!

Posted on by

An RSA public key (e,N) consists of an exponent e and a modulus N. The modulus is the product of two randomly chosen prime numbers p and, q. If p and q are known, it is straightforward to derive the private key. However, if they are unknown, one must factor N into p and q, which requires intensive computing resources. However, let’s assume that two keys with modulus N1 and N2 share one of the factors: N1 = p1 x q and N2 = p2 x q. In this case, finding the greatest common divisor of N1 and N2, which is q, is sufficient to factor these two moduli. The task of finding the greatest common divisor of two 1024-bit integers is much simpler than factoring and can be done in microseconds…

This well known vulnerability of RSA can be exploited in the context of low entropy keys. Poor random number generation can indeed lead to multiple keys sharing one of their factors. Heninger found that more than 60’000 keys (approximately 0.5%) they had collected could be factored in this way.

via Quantis Newsletter – September 2012.

Toshiba has invented a quantum cryptography network that even the NSA can’t hack

Posted on by

A quantum network uses specially polarized photons to encode an encryption key—a very long series of numbers and letters that can unlock a digital file. The photons are then sent down a fiber optic cable until they reach their destination, a photon detector, which counts them, and delivers the key to the intended recipient. If the photons are interfered with, the individual packets of information are forever altered and the recipient can see the telltale signs of tampering.

via Toshiba has invented a quantum cryptography network that even the NSA can’t hack – Quartz.

Current quantum cryptography systems from companies like ID Quantique start at around $50,000, and only connect two parties at a time. “If up to 64 people can share a single photon detector than you can spread out those costs,” Shields said.

To Our Customers | Silent Circle Blog

Posted on by

However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

via To Our Customers | Silent Circle Blog.

Think your Skype messages get end-to-end encryption? Think again

Posted on by

With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 65.52.100.214, an IP address belonging to Microsoft.

via Think your Skype messages get end-to-end encryption? Think again | Ars Technica.