Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It’s based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to — and can — … Read More “Susan Landau’s New Book: Listening In” »
Category: cryptography
Auto Added by WPeMatico
Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico
NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.) Powered by WPeMatico
I agree with Lorenzo Franceschi-Bicchierai, “Cryptocurrencies aren’t ‘crypto’“: Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word “crypto” as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word “cryptocurrency” — which probably shouldn’t even … Read More ““Crypto” Is Being Redefined as Cryptocurrencies” »
Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »
Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law — or something like that. The EFF’s Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an idea that will not die. … Read More “FBI Increases Its Anti-Encryption Rhetoric” »
A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »
The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It’s because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions … Read More “ISO Rejects NSA Encryption Algorithms” »
New research: “Verified Correctness and Security of mbedTLS HMAC-DRBG,” by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security — that its output is pseudorandom — using a hybrid game-based proof. … Read More “Proof that HMAC-DRBG has No Back Doors” »
Ross Anderson gave a talk on the history of the Crypto Wars in the UK. I am intimately familiar with the US story, but didn’t know as much about Britain’s verson. Hour-long video. Summary. Powered by WPeMatico