cryptography – Page 11 – SSL and internet security news

Two New Papers on the Encryption Debate

March 12, 2018 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, Security technology

Seems like everyone is writing about encryption and backdoors this season. “Policy Approaches to the Encryption Debate,” R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. “Encryption Policy in Democratic Regimes,” East West Institute. I recently blogged about the new National Academies report on the same topic. Here’s a … Read More “Two New Papers on the Encryption Debate” »

New National Academies Report on Crypto Policy

February 16, 2018 infossl

cryptography, encryption, nationalsecuritypolicy, Security technology

The National Academies has just published “Decrypting the Encryption Debate: A Framework for Decision Makers.” It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here. Powered by WPeMatico

Yet Another FBI Proposal for Insecure Communications

January 11, 2018 infossl

cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »

Susan Landau’s New Book: Listening In

January 10, 2018 infossl

apple, books, cryptography, cybersecurity, fbi, lawenforcement, privacy, Security technology, surveillance

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It’s based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to — and can — … Read More “Susan Landau’s New Book: Listening In” »

The “Extended Random” Feature in the BSAFE Crypto Library

December 28, 2017 infossl

backdoors, cryptanalysis, cryptography, nsa, randomnumbers, Security technology, tls

Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico

Post-Quantum Algorithms

December 27, 2017 infossl

algorithms, contests, cryptography, nist, quantumcomputing, Security technology

NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.) Powered by WPeMatico

“Crypto” Is Being Redefined as Cryptocurrencies

December 4, 2017 infossl

bitcoin, cryptocurrency, cryptography, Security technology

I agree with Lorenzo Franceschi-Bicchierai, “Cryptocurrencies aren’t ‘crypto’“: Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word “crypto” as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word “cryptocurrency” — which probably shouldn’t even … Read More ““Crypto” Is Being Redefined as Cryptocurrencies” »

Attack on Old ANSI Random Number Generator

October 31, 2017 infossl

academicpapers, cryptanalysis, cryptography, randomnumbers, Security technology

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »

FBI Increases Its Anti-Encryption Rhetoric

October 27, 2017 infossl

cryptography, cryptowars, encryption, fbi, nationalsecuritypolicy, Security technology

Earlier this month, Deputy Attorney General Rod Rosenstein gave a speech warning that a world with encryption is a world without law — or something like that. The EFF’s Kurt Opsahl takes it apart pretty thoroughly. Last week, FBI Director Christopher Wray said much the same thing. This is an idea that will not die. … Read More “FBI Increases Its Anti-Encryption Rhetoric” »

Security Flaw in Infineon Smart Cards and TPMs

October 17, 2017 infossl

cryptanalysis, cryptography, estonia, idcards, Security technology, securityengineering, smartcards, vulnerabilities

A security flaw in Infineon smart cards and TPMs allows an attacker to recover private keys from the public keys. Basically, the key generation algorithm sometimes creates public keys that are vulnerable to Coppersmith’s attack: While all keys generated with the library are much weaker than they should be, it’s not currently practical to factorize … Read More “Security Flaw in Infineon Smart Cards and TPMs” »