cryptography – Page 11 – SSL and internet security news

Ray Ozzie’s Encryption Backdoor

May 7, 2018 infossl

backdoors, cryptography, cryptowars, encryption, keyescrow, lawenforcement, Security technology, securityengineering

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It’s a weird article. It paints Ozzie’s proposal as something that “attains the impossible” and “satisfies both law enforcement and privacy purists,” when (1) it’s barely a proposal, and (2) it’s essentially the … Read More “Ray Ozzie’s Encryption Backdoor” »

NIST Issues Call for “Lightweight Cryptography” Algorithms

May 2, 2018 infossl

algorithms, cryptography, nist, nsa, Security technology

This is interesting: Creating these defenses is the goal of NIST’s lightweight cryptography initiative, which aims to develop cryptographic algorithm standards that can work within the confines of a simple electronic device. Many of the sensors, actuators and other micromachines that will function as eyes, ears and hands in IoT networks will work on scant … Read More “NIST Issues Call for “Lightweight Cryptography” Algorithms” »

Two New Papers on the Encryption Debate

March 12, 2018 infossl

academicpapers, backdoors, cryptography, cryptowars, encryption, Security technology

Seems like everyone is writing about encryption and backdoors this season. “Policy Approaches to the Encryption Debate,” R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. “Encryption Policy in Democratic Regimes,” East West Institute. I recently blogged about the new National Academies report on the same topic. Here’s a … Read More “Two New Papers on the Encryption Debate” »

New National Academies Report on Crypto Policy

February 16, 2018 infossl

cryptography, encryption, nationalsecuritypolicy, Security technology

The National Academies has just published “Decrypting the Encryption Debate: A Framework for Decision Makers.” It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I will summarize them here. Powered by WPeMatico

Yet Another FBI Proposal for Insecure Communications

January 11, 2018 infossl

cloudcomputing, cryptography, cryptowars, encryption, fbi, police, Security technology, vulnerabilities

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private industry to address a problem we … Read More “Yet Another FBI Proposal for Insecure Communications” »

Susan Landau’s New Book: Listening In

January 10, 2018 infossl

apple, books, cryptography, cybersecurity, fbi, lawenforcement, privacy, Security technology, surveillance

Susan Landau has written a terrific book on cybersecurity threats and why we need strong crypto. Listening In: Cybersecurity in an Insecure Age. It’s based in part on her 2016 Congressional testimony in the Apple/FBI case; it examines how the Digital Revolution has transformed society, and how law enforcement needs to — and can — … Read More “Susan Landau’s New Book: Listening In” »

The “Extended Random” Feature in the BSAFE Crypto Library

December 28, 2017 infossl

backdoors, cryptanalysis, cryptography, nsa, randomnumbers, Security technology, tls

Matthew Green wrote a fascinating blog post about the NSA’s efforts to increase the amount of random data exposed in the TLS protocol, and how it interacts with the NSA’s backdoor into the DUAL_EC_PRNG random number generator to weaken TLS. Powered by WPeMatico

Post-Quantum Algorithms

December 27, 2017 infossl

algorithms, contests, cryptography, nist, quantumcomputing, Security technology

NIST has organized a competition for public-key algorithms secure against a quantum computer. It recently published all of its Round 1 submissions. (Details of the NIST efforts are here. A timeline for the new algorithms is here.) Powered by WPeMatico

“Crypto” Is Being Redefined as Cryptocurrencies

December 4, 2017 infossl

bitcoin, cryptocurrency, cryptography, Security technology

I agree with Lorenzo Franceschi-Bicchierai, “Cryptocurrencies aren’t ‘crypto’“: Lately on the internet, people in the world of Bitcoin and other digital currencies are starting to use the word “crypto” as a catch-all term for the lightly regulated and burgeoning world of digital currencies in general, or for the word “cryptocurrency” — which probably shouldn’t even … Read More ““Crypto” Is Being Redefined as Cryptocurrencies” »

Attack on Old ANSI Random Number Generator

October 31, 2017 infossl

academicpapers, cryptanalysis, cryptography, randomnumbers, Security technology

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »