cryptanalysis – Page 5 – SSL and internet security news

Evidence for the Security of PKCS #1 Digital Signatures

September 25, 2018 infossl

academicpapers, algorithms, cryptanalysis, cryptography, rsa, Security technology, signatures

This is interesting research: “On the Security of the PKCS#1 v1.5 Signature Scheme“: Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for … Read More “Evidence for the Security of PKCS #1 Digital Signatures” »

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

September 21, 2018 infossl

academicpapers, cryptanalysis, cryptography, rsa, Security technology

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren’t interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring … Read More “New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography” »

Defeating the iPhone Restricted Mode

July 18, 2018 infossl

apple, cellphones, cryptanalysis, cryptography, iphone, Security technology

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson in this: security is hard. Apple Computer has one of the … Read More “Defeating the iPhone Restricted Mode” »

Critical PGP Vulnerability

May 14, 2018 infossl

cryptanalysis, cryptography, email, encryption, pgp, protocols, Security technology, vulnerabilities

EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We’ll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. … Read More “Critical PGP Vulnerability” »

LC4: Another Pen-and-Paper Cipher

May 3, 2018 infossl

academicpapers, cryptanalysis, encryption, Security technology

Interesting symmetric cipher: LC4: Abstract: ElsieFour (LC4) is a low-tech cipher that can be computed by hand; but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A … Read More “LC4: Another Pen-and-Paper Cipher” »

Two NSA Algorithms Rejected by the ISO

April 25, 2018 infossl

algorithms, backdoors, cryptanalysis, edwardsnowden, encryption, internetofthings, nsa, Security technology

The ISO has rejected two symmetric encryption algorithms: SIMON and SPECK. These algorithms were both designed by the NSA and made public in 2013. They are optimized for small and low-cost processors like IoT devices. The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they’re backdoored. … Read More “Two NSA Algorithms Rejected by the ISO” »

The “Extended Random” Feature in the BSAFE Crypto Library

December 28, 2017 infossl

backdoors, cryptanalysis, cryptography, nsa, randomnumbers, Security technology, tls

Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico

Attack on Old ANSI Random Number Generator

October 31, 2017 infossl

academicpapers, cryptanalysis, cryptography, randomnumbers, Security technology

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »

Security Flaw in Infineon Smart Cards and TPMs

October 17, 2017 infossl

cryptanalysis, cryptography, estonia, idcards, Security technology, securityengineering, smartcards, vulnerabilities

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »

NSA Brute-Force Keysearch Machine

May 16, 2017 infossl

cryptanalysis, cryptography, encryption, ibm, keys, nsa, Security technology

The Intercept published a story about a dedicated NSA brute-force keysearch machine being built with the help of New York University and IBM. It’s based on a document that was accidentally shared on the Internet by NYU. The article is frustratingly short on details: The WindsorGreen documents are mostly inscrutable to anyone without a Ph.D. … Read More “NSA Brute-Force Keysearch Machine” »