cryptography – Page 4 – SSL and internet security news

SIKE Broken

August 4, 2022 infossl

algorithms, cryptanalysis, cryptography, encryption, nist, quantum computing, Security technology, Uncategorized

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken, really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on … Read More “SIKE Broken” »

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

July 6, 2022 infossl

cryptography, encryption, nist, quantum computing, Security technology, Uncategorized

NIST’s post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. For digital … Read More “NIST Announces First Four Quantum-Resistant Cryptographic Algorithms” »

On the Subversion of NIST by the NSA

June 23, 2022 infossl

academic papers, algorithms, cryptography, nist, nsa, Security technology, Uncategorized

Nadiya Kostyuk and Susan Landau wrote an interesting paper: “Dueling Over DUAL_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process“: Abstract: In recent decades, the U.S. National Institute of Standards and Technology (NIST), which develops cryptographic standards for non-national security agencies of the U.S. government, has emerged as the de facto international source for cryptographic … Read More “On the Subversion of NIST by the NSA” »

Hertzbleed: A New Side-Channel Attack

June 22, 2022 infossl

cryptography, keys, Security technology, side-channel attacks, Uncategorized

Hertzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. The team discovered that … Read More “Hertzbleed: A New Side-Channel Attack” »

Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

June 21, 2022 infossl

cryptography, laws, Security technology, Uncategorized

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally … Read More “Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills” »

Hartzbleed: A New Side-Channel Attack

June 20, 2022 infossl

cryptography, keys, Security technology, side-channel attacks, Uncategorized

Hartzbleed is a new side-channel attack that works against a variety of microprocressors. Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit. The team discovered that … Read More “Hartzbleed: A New Side-Channel Attack” »

“Crypto” Means “Cryptography,” not “Cryptocurrency”

November 22, 2021 infossl

cryptocurrency, cryptography, Security technology, Uncategorized

I have long been annoyed that the word “crypto” has been co-opted by the blockchain people, and no longer refers to “cryptography.” I’m not the only one. Powered by WPeMatico

More Military Cryptanalytics, Part III

August 31, 2021 infossl

cryptanalysis, cryptography, foia, history of cryptography, military, nsa, Security technology, Uncategorized

Late last year, the NSA declassified and released a redacted version of Lambros D. Callimahos’s Military Cryptanalytics, Part III. We just got most of the index. It’s hard to believe that there are any real secrets left in this 44-year-old volume. Powered by WPeMatico

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

August 18, 2021 infossl

algorithms, apple, backdoors, cryptography, hashes, ios, iphone, reverse engineering, Security technology, Uncategorized

Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash … Read More “Apple’s NeuralHash Algorithm Has Been Reverse-Engineered” »

Bizarro Banking Trojan

May 20, 2021 infossl

backdoors, banking, credentials, cryptography, malware, reports, Security technology, Uncategorized

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will … Read More “Bizarro Banking Trojan” »