backdoors – Page 8 – SSL and internet security news

Two New Papers on the Encryption Debate

March 12, 2018 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, Security technology

Seems like everyone is writing about encryption and backdoors this season. “Policy Approaches to the Encryption Debate,” R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. “Encryption Policy in Democratic Regimes,” East West Institute. I recently blogged about the new National Academies report on the same topic. Here’s a … Read More “Two New Papers on the Encryption Debate” »

The “Extended Random” Feature in the BSAFE Crypto Library

December 28, 2017 infossl

backdoors, cryptanalysis, cryptography, nsa, randomnumbers, Security technology, tls

Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico

Germany Preparing Backdoor Law

December 6, 2017 infossl

backdoors, encryption, germany, Security technology

The German Interior Minister is preparing a bill that allows the government to mandate backdoors in encryption. No details about how likely this is to pass. I am skeptical. Powered by WPeMatico

More on Kaspersky and the Stolen NSA Attack Tools

October 11, 2017 infossl

backdoors, israel, kaspersky, leaks, nsa, russia, Security technology

Both the New York Times and the Washington Post are reporting that Israel has penetrated Kaspersky’s network and detected the Russian operation. From the New York Times: Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky’s access to aggressively scan … Read More “More on Kaspersky and the Stolen NSA Attack Tools” »

ISO Rejects NSA Encryption Algorithms

September 21, 2017 infossl

backdoors, cryptography, edwardsnowden, encryption, nsa, Security technology, vulnerabilities

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »

Proof that HMAC-DRBG has No Back Doors

August 30, 2017 infossl

academicpapers, backdoors, cryptography, randomnumbers, Security technology

New research: “Verified Correctness and Security of mbedTLS HMAC-DRBG,” by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security — that its output is pseudorandom — using a hybrid game-based proof. … Read More “Proof that HMAC-DRBG has No Back Doors” »

Alternatives to Government-Mandated Encryption Backdoors

July 25, 2017 infossl

backdoors, encryption, essays, lawenforcement, nationalsecuritypolicy, privacy, Security technology, surveillance

Policy essay: “Encryption Substitutes,” by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume … Read More “Alternatives to Government-Mandated Encryption Backdoors” »

The US Senate Is Using Signal

May 17, 2017 infossl

android, backdoors, cryptowars, cybersecurity, iphone, nationalsecuritypolicy, Security technology, signal

The US Senate just approved Signal for staff use. Signal is a secure messaging app with no backdoor, and no large corporate owner who can be pressured to install a backdoor. Susan Landau comments. Maybe I’m being optimistic, but I think we just won the Crypto War. A very important part of the US government … Read More “The US Senate Is Using Signal” »

Encryption Policy and Freedom of the Press

April 4, 2017 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, nationalsecuritypolicy, Security technology

Interesting law journal article: “Encryption and the Press Clause,” by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption — later named the Crypto Wars — seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all … Read More “Encryption Policy and Freedom of the Press” »

Cryptkeeper Bug

February 7, 2017 infossl

backdoors, encryption, linux, Security technology, securityengineering

The Linux encryption app Cryptkeeper has a rather stunning security bug: the single-character decryption key “p” decrypts everything: The flawed version is in Debian 9 (Stretch), currently in testing, but not in Debian 8 (Jessie). The bug appears to be a result of a bad interaction with the encfs encrypted filesystem’s command line interface: Cryptkeeper … Read More “Cryptkeeper Bug” »