Fermat’s algorithm was based on the fact that any odd number can be expressed as the difference between two squares. When the factors are near the root of the number, they can be calculated easily and quickly. The method isn’t feasible when factors are truly random and hence far apart.
Source: Researcher uses 379-year-old algorithm to crack crypto keys found in the wild | Ars Technica
A nonprofit Certificate Authority providing TLS certificates to 240 million websites.
Source: Let’s Encrypt – Free SSL/TLS Certificates
#!/usr/local/bin/perl -s do 'bigint.pl';
s/.|\n/$c=&badd(&bmul ($c,256),ord$&)/ge;$_=$k;s/./$r=&bmod(&bmul($r,$r),$x),$&?$r=&bmod(&bmul($r,$c ),$x):0,""/ge;($r,$t)=&bdiv($r,256),$_=pack(C,$t).$_ while$w--+1-2*$d;print}
Source: RSA in 5 lines of perl
VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. Brought to you by IDRIX (https://www.idrix.fr) and based on TrueCrypt 7.1a.
Source: VeraCrypt – Free Open source disk encryption with strong security for the Paranoid
Berg and Ulfberg and Amano and Maruoka have used CNF-DNF-approximators to prove exponential lower bounds for the monotone network complexity of the clique function and of Andreev’s function. We show that these approximators can be used to prove the same lower bound for their non-monotone network complexity. This implies P not equal NP.
Source: [1708.03486] A Solution of the P versus NP Problem
More background at: The P-versus-NP page
This page collects links around papers that try to settle the “P versus NP” question (in either way). Here are some links that explain/discuss this question:
DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.
Hillary’s team uses “hillaryclinton.com”, which as DKIM enabled. Thus, we can verify whether some of these emails are true.
Source: Errata Security: Yes, we can validate the Wikileaks emails
I was just listening to ABC News about this story. It repeated Democrat talking points that the WikiLeaks emails weren’t validated. That’s a lie. This email in particular has been validated. I just did it, and shown you how you can validate it, too.
In the modern day, the ability to work through a problem and decipher it is essential to anyone who works in cybersecurity, partly because a lot of what they do involves working out what is going on with less than perfect knowledge.
The puzzles below have been drawn up with the help of the team behind the UK’s Cyber Security Challenge, which uses similar tests to find people who are good at problem solving who could be of use for attacking and defending computer networks.
Source: Do you have the brains for cybersecurity? – BBC News
Like records of land ownership. Creating and maintaining incorruptible registers of land titles is a huge – and mostly unsolved – problem for developing countries. So when the government of Honduras launched an investigation into whether a blockchain-based land registry could solve it, the non-geek world sat up and began to take notice. The unmistakable message was that this technology could be much more useful than merely securing cryptocurrencies. It might actually turn out to be one of the biggest IT inventions of our time.
Source: Is Blockchain the most important IT invention of our age? | John Naughton | Opinion | The Guardian
To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world.
And all because Juniper had already paved the road.
Source: A Few Thoughts on Cryptographic Engineering: On the Juniper backdoor
One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.
Dell Foundation Services installs the cert and its purpose is to quicken online support engagements with Dell staff. The certificate, Dell said, allows online support to identify the PC model, drivers, OS, hard drive and more.”
Source: Two More Self-Signed Certs, Private Keys Found on Dell Machines | Threatpost | The first stop for security news
So far, eDellroot has been found on Dell XPS 15 laptops, M4800 workstations, and Inspiron desktops and laptops.
“It means attackers are de facto certificate authorities, free to generate man-in-the-middle certs, or just direct phishing sites that won’t get flagged as illegitimate,”