The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir’s Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost.
Tag Archives: encryption
Hands On With Kim Dotcom’s New Mega
So what’s to stop Mega from going down just the way Megaupload did? Mega’s privacy, which is a no-foolin’ stroke of genius. See, all of your files are encrypted locally before they’re uploaded, so Mega has no idea what anything is. It could be family photos or work documents, or an entire discography of your favorite band. Poof: online and easy to share. And importantly, Mega doesn’t have the decryption key necessary to get in. See? It’s a masterstroke of copyright subversion.
via Hands On With Kim Dotcom’s New Mega: This Service Could Dismantle Copyright Forever.
Technically you should be able to do this with any cloud storage service. The key here is that the encryption is done locally. There are many ways to encrypt your stuff locally so why would it matter which cloud storage provider you use? Maybe I’m missing something but this doesn’t seem all that novel of an idea other than perhaps the new Mega provides the software and user interface to make the entire process easier. Mega is supposed to launch tomorrow so more information will surface.
Has World War II carrier pigeon message been cracked?
“You will see the World War I artillery acronyms are shorter, but, that is because, you have to remember, that, the primitive radio-transmitters that sent the Morse code were run by batteries, and, those didn’t last much more than a half-hour tops, probably less.
“Thus all World War I codes had to be S-n-S, Short-n-Sweet.
via BBC News – Has World War II carrier pigeon message been cracked?.
“Anonymous” File-Sharing Darknet Ruled Illegal by German Court
A court in Hamburg, Germany, has granted an injunction against a user of the anonymous and encrypted file-sharing network RetroShare . RetroShare users exchange data through encrypted transfers and the network setup ensures that the true sender of the file is always obfuscated. The court, however, has now ruled that RetroShare users who act as an exit node are liable for the encrypted traffic that’s sent by others.
via “Anonymous” File-Sharing Darknet Ruled Illegal by German Court | TorrentFreak.
Quantum cryptography conquers noise problem
Physicists have attempted to solve the problem by sending photons through a shared fibre along a ‘quantum channel’ at one characteristic wavelength. The trouble is that the fibre scatters light from the normal data traffic into that wavelength, polluting the quantum channel with stray photons. Andrew Shields, a physicist at the Toshiba Cambridge Research Laboratory, UK, and his colleagues have now developed a detector that picks out photons from this channel only if they strike it at a precise instant, calculated on the basis of when the encoded photons were sent. The team publishes its results in Physics Review X.
via Quantum cryptography conquers noise problem : Nature News & Comment.
Still, 90 kilometres is a “world record that is a big step forward in demonstrating the applicability of quantum cryptography in real-world telecommunications infrastructures”, says Vicente Martín, a physicist at the Technical University of Madrid.
Lies We Tell Our CEOs About Database Security
What makes that so dangerous, of course, is that distorted views of security often lead to bad risk decisions. Because when senior executives of any public or private organizations don’t understand industry best practices or what really constitutes a sophisticated attack, they’ll probably fail to properly fund protection measures against securing sensitive databases.
via Lies We Tell Our CEOs About Database Security – Dark Reading.
“I think she’s right, an attack is inevitable; losing 3.8 million social security numbers is not,” Murray says. “That someone bad is going to keep trying to do something bad to you, yes, that’s absolutely inevitable. That they’re going to be very, very successful like they were here, not so much.”
PlayStation 3: The Final Hack?
The release of the new custom firmware – and the LV0 decryption keys in particular – poses serious issues. While Sony will almost certainly change the PSN passphrase once again in the upcoming 4.30 update, the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever. Options Sony has in battling this leak are limited – every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
Crack in Internet’s foundation of trust allows HTTPS session hijacking
The technique exploits web sessions protected by the Secure Sockets Layer and Transport Layer Security protocols when they use one of two data-compression schemes designed to reduce network congestion or the time it takes for webpages to load. Short for Compression Ratio Info-leak Made Easy, CRIME works only when both the browser and server support TLS compression or SPDY, an open networking protocol used by both Google and Twitter. Microsoft’s Internet Explorer, Google’s Chrome and Mozilla’s Firefox browsers are all believed to be immune to the attack, but at time of writing smartphone browsers and a myriad of other applications that rely on TLS are believed to remain vulnerable.
via Crack in Internet’s foundation of trust allows HTTPS session hijacking | Ars Technica.
A side effect of compression, security experts have long known, is that it leaks clues about the encrypted contents. That means it provides a “side channel” to adversaries who have the ability to monitor the data. A research paper published in 2002 by John Kelsey looks eerily similar to CRIME, but only in retrospect.
Trade group exposes 100,000 passwords for Google, Apple engineers
“It is certainly unfortunate this information was leaked out, and who knows who got it before it got fixed,” Dragusin wrote. Elsewhere in the post he said: “If leaving an FTP directory containing 100GB worth of logs publicly open could be a simple mistake in setting access permissions, keeping both usernames and passwords in plaintext is much more troublesome.”
via Trade group exposes 100,000 passwords for Google, Apple engineers | Ars Technica.
Update: An IEEE spokeswoman emailed the following statement: “IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved.
Of all groups that have membership websites which store passwords, IEEE would be the last on a list I would suspect to have something like this happen.
Quantum cryptography: yesterday, today, and tomorrow
Imagine you have a product of two prime numbers, say, 221. Now, we set that number to be an endpoint—for the purposes of our game, there are no higher integers. If we multiply two numbers together and get a number larger than 221, it wraps around, so 15 times 15 results in 225-221 = 4. If we multiply two by itself, we only get four, which doesn’t wrap, and we can do that 7 times before it wraps. But 28 results in 35. Got that? Great.
via Quantum cryptography: yesterday, today, and tomorrow | Ars Technica.
Let’s consider a consequence of using phase to calculate prime factors: 221 has prime factors 17 and 13, and factors 1 and 221. We can eliminate the latter in the classical part of our algorithm. But, what about two and 111? “Wait,” you say. “That is not a factor. The product is 222.” Nevertheless, we need to think about it, because quantum algorithms are probabilistic. 17 and 13 have the highest probabilities, but two and 111 only have a phase error of 0.5 percent. The probability of Shor’s algorithm returning the incorrect result is rather high. Unfortunately, a near miss (though easy to spot, since it is very quick to calculate that 2×111=222 not 221). This is likely not very useful in terms of decrypting a message, so we need to do something to increase the chance of getting the correct answer.