hashes – SSL and internet security news

More on Apple’s iPhone Backdoor

August 20, 2021 infossl

apple, backdoors, hashes, photos, privacy, Security technology, surveillance, Uncategorized

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the … Read More “More on Apple’s iPhone Backdoor” »

Apple’s NeuralHash Algorithm Has Been Reverse-Engineered

August 18, 2021 infossl

algorithms, apple, backdoors, cryptography, hashes, ios, iphone, reverse engineering, Security technology, Uncategorized

Apple’s NeuralHash algorithm — the one it’s using for client-side scanning on the iPhone — has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash … Read More “Apple’s NeuralHash Algorithm Has Been Reverse-Engineered” »

On the Insecurity of ES&S Voting Machines’ Hash Code

March 16, 2021 infossl

authentication, certifications, hashes, Security technology, Uncategorized, voting

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&S’s software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the “reference hashcode” is completely missing, then it’ll say “yes, boss, everything is fine” instead of reporting an error. It’s simultaneously shocking and unsurprising that ES&S’s … Read More “On the Insecurity of ES&S Voting Machines’ Hash Code” »

Cryptanalyzing a Pair of Russian Encryption Algorithms

May 10, 2019 infossl

academicpapers, algorithms, backdoors, cryptanalysis, cryptography, encryption, hashes, russia, Security technology

A pair of Russia-designed cryptographic algorithms — the Kuznyechik block cipher and the Streebog hash function — have the same flawed S-box that is almost certainly an intentional backdoor. It’s just not the kind of mistake you make by accident, not in 2014. Powered by WPeMatico

Facebook Fingerprinting Photos to Prevent Revenge Porn

November 9, 2017 infossl

australia, facebook, fingerprints, hashes, pornography, Security technology

This is a pilot project in Australia: Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be “hashed.” This means that the company converts the image into a unique digital fingerprint … Read More “Facebook Fingerprinting Photos to Prevent Revenge Porn” »

SHA-1 Collision Found

February 23, 2017 infossl

cryptanalysis, cryptography, hashes, Security technology, sha1

The first collision in the SHA-1 hash function has been found. This is not a surprise. We’ve all expected this for over a decade, watching computing power increase. This is why NIST standardized SHA-3 in 2012. Powered by WPeMatico