New paper: “A Simple Power Analysis Attack on the Twofish Key Schedule.” This shouldn’t be a surprise; these attacks are devastating if you don’t take steps to mitigate them. The general issue is if an attacker has physical control of the computer performing the encryption, it is very hard to secure the encryption inside the … Read More “Twofish Power Analysis Attack” »
Category: cryptography
Auto Added by WPeMatico
NIST is accepting proposals for public-key algorithms immune to quantum computing techniques. Details here. Deadline is the end of November 2017. I applaud NIST for taking the lead on this, and for taking it now when there is no emergency and we have time to do this right. Slashdot thread. Powered by WPeMatico
That’s the conclusion of a research paper: Once [costs and complexity] are eliminated, it enables big hosting providers to issue and deploy certificates for their customers in bulk, thus quickly and automatically enable encryption across a large number of domains. For example, we have shown that currently, 47% of LE certified domains are hosted at … Read More “Let's Encrypt Is Making Web Encryption Easier” »
Yale University Press has published a facsimile of the Voynich Manuscript. The manuscript is also available online. Powered by WPeMatico
The NSA has been abandoning secret and proprietary cryptographic algorithms in favor of commercial public algorithms, generally known as “Suite B.” In 2010, an NSA employee filed some sort of whistleblower complaint, alleging that this move is both insecure and wasteful. The US DoD Inspector General investigated and wrote a report in 2011. The report … Read More “Whistleblower Investigative Report on NSA Suite B Cryptography” »
This is exactly the sort of Internet-of-Things attack that has me worried: “IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten. Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat … Read More “Self-Propagating Smart Light Bulb Worm” »
Interesting: Roughly three weeks later, there is a operation program available to crack ACBL hand records. Given three consecutive boards, all the remaining boards for that session can be determined. The program can be easily parallelized. This analysis can be finished while sessions are still running this would permit the following type of attack: A … Read More “Hacking Bridge-Hand Generation Software” »
We’ve long known that 64 bits is too small for a block cipher these days. That’s why new block ciphers like AES have 128-bit, or larger, block sizes. The insecurity of the smaller block is nicely illustrated by a new attack called “Sweet32.” It exploits the ability to find block collisions in Internet protocols to … Read More “Collision Attacks Against 64-Bit Block Ciphers” »
In a cautionary tale to those who favor government-mandated backdoors to security systems, Microsoft accidentally leaked the key protecting its UEFI Secure boot feature. As we all know, the problems with backdoors are less the cryptography and more the systems surrounding the cryptography. Powered by WPeMatico
New paper: “Surreptitiously Weakening Cryptographic Systems,” by Bruce Schneier, Matthew Fredrikson, Tadayoshi Kohno, and Thomas Ristenpart. Abstract: Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses … Read More “"Surreptitiously Weakening Cryptographic Systems"” »