Evidence for the Security of PKCS #1 Digital Signatures

Posted on By infossl
academicpapers, algorithms, cryptanalysis, cryptography, rsa, Security technology, signatures

This is interesting research: “On the Security of the PKCS#1 v1.5 Signature Scheme“: Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for … Read More “Evidence for the Security of PKCS #1 Digital Signatures” »

New Variants of Cold-Boot Attack

Posted on By infossl
firmware, hacking, hardware, operatingsystems, Security technology

If someone has physical access to your locked — but still running — computer, they can probably break the hard drive’s encryption. This is a “cold boot” attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot … Read More “New Variants of Cold-Boot Attack” »

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Posted on By infossl
academicpapers, cryptanalysis, cryptography, rsa, Security technology

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren’t interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring … Read More “New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography” »

AES Resulted in a $250-Billion Economic Benefit

Posted on By infossl
aes, cryptography, nist, Security technology

NIST has released a new study concluding that the AES encryption standard has resulted in a $250-billion worldwide economic benefit over the past 20 years. I have no idea how to even begin to assess the quality of the study and its conclusions — it’s all in the 150-page report, though — but I do … Read More “AES Resulted in a $250-Billion Economic Benefit” »

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Posted on By infossl
computersecurity, Security technology, securityengineering, voting, vulnerabilities

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It’s a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it’s the result of a security mistake in the design process. Someone didn’t think the security through, and the result is a voter-verifiable paper audit trail … Read More “Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer” »

NSA Attacks Against Virtual Private Networks

Posted on By infossl
edwardsnowden, nsa, Security technology, vpn

A 2006 document from the Snowden archives outlines successful NSA operations against “a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.” It’s hard to believe that many of the Snowden documents are now more than … Read More “NSA Attacks Against Virtual Private Networks” »