Law journal article that looks at the Dual_EC_PRNG backdoor from a US constitutional perspective: Abstract: The National Security Agency (NSA) reportedly paid and pressured technology companies to trick their customers into using vulnerable encryption products. This Article examines whether any of three theories removed the Fourth Amendment’s requirement that this be reasonable. The first is … Read More ““Encryption Backdoors and the Fourth Amendment”” »
Category: encryption
Auto Added by WPeMatico
Good tutorial by Micah Lee. It includes some nonobvious use cases. Powered by WPeMatico
A Florida bill requiring encryption backdoors failed to pass. Powered by WPeMatico
Last month, I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, both Sweden and France are contemplating mandating backdoors. Both initiatives are attempting to scare people into supporting backdoors, which are—of course—are terrible idea. Also: “A Feminist Argument Against Weakening Encryption.” Powered by WPeMatico
Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government … Read More “An iCloud Backdoor Would Make Our Phones Less Safe” »
In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include: Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted … Read More “Australia Threatens to Force Companies to Break Encryption” »
Really interesting analysis of the American M-209 encryption device and its security. Powered by WPeMatico
Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not. Powered by WPeMatico
From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: … Read More “NIST Releases First Post-Quantum Encryption Algorithms” »
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December … Read More “Compromising the Secure Boot Process” »