encryption – Page 2 – SSL and internet security news

NIST Releases First Post-Quantum Encryption Algorithms

August 15, 2024 infossl

cryptography, encryption, national security policy, nist, quantum computing, security standards, Security technology, Uncategorized

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: … Read More “NIST Releases First Post-Quantum Encryption Algorithms” »

Compromising the Secure Boot Process

July 26, 2024 infossl

cryptography, encryption, keys, passwords, Security technology, supply chain, Uncategorized, vulnerabilities

This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December … Read More “Compromising the Secure Boot Process” »

WhatsApp in India

April 30, 2024 infossl

encryption, india, Meta, privacy, Security technology, Uncategorized, whatsapp

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption. Powered by WPeMatico

Hardware Vulnerability in Apple’s M-Series Chips

March 28, 2024 infossl

apple, encryption, hardware, Security technology, side-channel attacks, Uncategorized

It’s yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, … Read More “Hardware Vulnerability in Apple’s M-Series Chips” »

Facebook Enables Messenger End-to-End Encryption by Default

December 11, 2023 infossl

cybersecurity, encryption, facebook, Meta, Security technology, Uncategorized

It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread. Powered by WPeMatico

Child Exploitation and the Crypto Wars

October 23, 2023 infossl

child pornography, children, crypto wars, encryption, laws, national security policy, privacy, Security technology, surveillance, Uncategorized

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution. Powered by WPeMatico

Signal Will Leave the UK Rather Than Add a Backdoor

September 26, 2023 infossl

backdoors, encryption, privacy, Security technology, signal, Uncategorized

Totally expected, but still good to hear: Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the … Read More “Signal Will Leave the UK Rather Than Add a Backdoor” »

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

September 6, 2023 infossl

cryptocurrency, encryption, keys, Security technology, Uncategorized

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea. Powered by WPeMatico

You Can’t Rush Post-Quantum-Computing Cryptography Standards

August 8, 2023 infossl

cryptography, encryption, national security policy, nist, quantum computing, security standards, Security technology, Uncategorized

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have … Read More “You Can’t Rush Post-Quantum-Computing Cryptography Standards” »

Backdoor in TETRA Police Radios

July 26, 2023 infossl

backdoors, cryptography, eavesdropping, encryption, infrastructure, law enforcement, police, radio, Security technology, Uncategorized

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, … Read More “Backdoor in TETRA Police Radios” »