encryption – Page 9 – SSL and internet security news

Yubico Security Keys with a Crypto Flaw

July 1, 2019 infossl

cryptography, encryption, firmware, keys, randomnumbers, Security technology, securityengineering, securitytokens

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys … Read More “Yubico Security Keys with a Crypto Flaw” »

MongoDB Offers Field Level Encryption

June 26, 2019 infossl

authentication, cryptography, encryption, hacking, keys, Security technology

MongoDB now has the ability to encrypt data by field: MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a “client-side” encryption scheme, databases utilizing Field Level Encryption … Read More “MongoDB Offers Field Level Encryption” »

Germany Talking about Banning End-to-End Encryption

May 24, 2019 infossl

cryptography, cryptowars, encryption, germany, Security technology

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn’t say how. (Cory Doctorow has previously explained why this would be impossible.) The article is … Read More “Germany Talking about Banning End-to-End Encryption” »

German SG-41 Encryption Machine Up for Auction

May 23, 2019 infossl

cryptography, encryption, germany, historyofcryptography, Security technology

A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros. Powered by WPeMatico

Cryptanalyzing a Pair of Russian Encryption Algorithms

May 10, 2019 infossl

academicpapers, algorithms, backdoors, cryptanalysis, cryptography, encryption, hashes, russia, Security technology

A pair of Russia-designed cryptographic algorithms — the Kuznyechik block cipher and the Streebog hash function — have the same flawed S-box that is almost certainly an intentional backdoor. It’s just not the kind of mistake you make by accident, not in 2014. Powered by WPeMatico

Protecting Yourself from Identity Theft

May 6, 2019 infossl

cybercrime, encryption, essays, identitytheft, passwords, Security technology

I don’t have a lot of good news for you. The truth is there’s nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a … Read More “Protecting Yourself from Identity Theft” »

Stealing Ethereum by Guessing Weak Private Keys

April 29, 2019 infossl

academicpapers, blockchain, cryptocurrency, cryptography, encryption, hacking, keys, Security technology

Someone is stealing millions of dollars worth of Ethereum by guessing users’ private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here. Powered by WPeMatico

G7 Comes Out in Favor of Encryption Backdoors

April 23, 2019 infossl

backdoors, encryption, g7, hacking, keyescrow, keys, lawenforcement, Security technology, terrorism

From a G7 meeting of interior ministers in Paris this month, an “outcome document“: Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, … Read More “G7 Comes Out in Favor of Encryption Backdoors” »

Unhackable Cryptography?

April 5, 2019 infossl

cryptography, encryption, hacking, Security technology, snakeoil

A recent article overhyped the release of EverCrypt, a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of “snake-oil” alarm bells. The author’s Github README is more measured and accurate, and illustrates what a cool project this really is. But it’s not “hacker-proof … Read More “Unhackable Cryptography?” »

Enigma, Typex, and Bombe Simulators

March 22, 2019 infossl

cryptanalysis, cryptography, encryption, gchq, historyofcryptography, Security technology

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article. Powered by WPeMatico