| |
Current Topic: Cryptography |
|
Ron was wrong, Whit is right |
|
|
Topic: Cryptography |
7:26 pm EST, Feb 14, 2012 |
Steve Bellovin et al: Architecture matters a lot, and in subtle ways.
Whit Diffie: The future will be a golden age for intelligence.
Arjen K. Lenstra and James P. Hughes: We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security. Our conclusion is that the validity of the assumption is questionable and that generating keys in the real world for "multiple-secrets" cryptosystems such as RSA is significantly riskier than for "single-secret" ones such as ElGamal or (EC)DSA which are based on Diffie-Hellman.
Jean-Francois Raymond and Anton Stiglic: Diffie-Hellman key agreement protocol implementations have been plagued by serious security flaws. The attacks can be very subtle and, more often than not, have not been taken into account by protocol designers.
Charles C. Mann: Minute changes in baseline assumptions produce wildly different results.
Eric Schmidt: If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
Ron was wrong, Whit is right |
|
Lest We Remember: Cold Boot Attacks on Encryption Keys |
|
|
Topic: Cryptography |
9:53 pm EST, Feb 21, 2008 |
From deep within the laboratory of Edward W. Felten, we bring you the emperor in all his glory: Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at room temperature and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.
From the archive: After reading about these notebook search shenanigans I started using filevault and set a screensaver password, and I hope soon to be in a position to afford the seizure of my notebook at a border.
I have FileVault enabled at present on my mac, which i suppose is pretty secure.
My entire home directory is encrypted with FileVault. Assuming FV is secure (i don't really know), what're they gonna do about it?
Lest We Remember: Cold Boot Attacks on Encryption Keys |
|
E-Mail Encryption Rare in Everyday Use |
|
|
Topic: Cryptography |
8:22 pm EST, Feb 23, 2006 |
Same old story ... Many Americans have expressed concern over the Bush administration's eavesdropping program. But there's a simple solution for anyone concerned with prying eyes, at least when it comes to e-mail: encryption.
Um, obviously the folks at NPR didn't read that WaPo story about the not-so-anonymous botmaster in Middle America. Or they'd know that for a great many of those "concerned with prying eyes", their computers are infested with malware, often with root access. E-Mail Encryption Rare in Everyday Use |
|
Ross Anderson urges Parliament to mandate key escrow; Microsoft agrees |
|
|
Topic: Cryptography |
9:03 pm EST, Feb 15, 2006 |
Ross Anderson told MPs that the upcoming release of Windows Vista would mean more computer files being encrypted. He urged the government to look at establishing "back door" ways of getting around encryptions. The Home Office later told the BBC News website it is in talks with Microsoft.
Did I just miss the last ten years, or did you speak too soon? UPDATE: See my other post on this thread for another perspective from Peter Gutmann. Ross Anderson urges Parliament to mandate key escrow; Microsoft agrees |
|
Topic: Cryptography |
2:53 pm EST, Dec 24, 2005 |
The instructions that accompany Sudoku often reassure the number-shy solver that "No mathematics is required." What this really means is that no arithmetic is required. You don't have to add up columns of figures; you don't even have to count. As a matter of fact, the symbols in the grid need not be numbers at all; letters or colors or fruits would do as well. In this sense it's true that solving the puzzle is not a test of skill in arithmetic. On the other hand, if we look into Sudoku a little more deeply, we may well find some mathematical ideas lurking in the background.
Do you Sudoku? Unwed Numbers |
|
Chinese Cryptologists Get Invitations to a US Conference, but No Visas |
|
|
Topic: Cryptography |
9:17 am EDT, Aug 17, 2005 |
Aug. 16 - Last year a Chinese mathematician, Xiaoyun Wang, shook up the insular world of code breakers by exposing a new vulnerability in a crucial American standard for data encryption. On Monday, she was scheduled to explain her discovery in a keynote address to an international group of researchers meeting in California. But a stand-in had to take her place, because she was not able to enter the country. Indeed, only one of nine Chinese researchers who sought to enter the country for the conference received a visa in time to attend. "It's not a question of them stealing our jobs," said Stuart Haber, a Hewlett-Packard computer security expert who is program chairman for the meeting, Crypto 2005, being held this week in Santa Barbara. "We need to learn from them, but we are shooting ourselves in the foot."
Chinese Cryptologists Get Invitations to a US Conference, but No Visas |
|
Topic: Cryptography |
11:01 pm EST, Feb 18, 2005 |
... filled with political intrigue, heroes and villains, and enough twists and turns to keep readers immersed. This book's highlight is the story of a mysterious book discovered in 1912 and named for its owner, Wilfrid Voynich. The manuscript has a coded text enhanced by hundreds of illustrations depicting exotic plants, astronomical phenomena and strange "strings of tiny naked women cavorting in a variety of fountains, waterfalls, and pools." Various experts have attributed the manuscript to Roger Bacon -- but as it has kept its secrets from some of the world's greatest cryptanalysts, including some in the CIA and England's MI-8, as well as the largest supercomputers in the world, the attribution remains speculative. But these efforts make a compelling story for readers of the history of science and of code breaking. The Friar and the Cipher |
|
Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key |
|
|
Topic: Cryptography |
5:39 pm EST, Jan 30, 2005 |
Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at Lowe's. Nothing unusual about that, except that the automobile industry has spent millions of dollars to keep him from being able to do it. Mr. Green, a graduate student at Johns Hopkins University, is part of a team that plans to announce on Jan. 29 that it has cracked the security behind "immobilizer" systems from Texas Instruments Inc. All that would be required to steal a car, the researchers said, is a moment next to the car owner to extract data from the key, less than an hour of computing, and a few minutes to break in, feed the key code to the car and hot-wire it. Graduate Cryptographers Unlock Code of 'Thiefproof' Car Key |
|
Hyper-Encryption by Virtual Satellite |
|
|
Topic: Cryptography |
12:23 am EST, Dec 20, 2004 |
As part of the Harvard University Science Center Lecture Series, Michael O. Rabin, the T.J. Watson Sr. Professor of Computer Science at Harvard University, lectures on hyper-encryption and provably everlasting secrets. In this lecture, Professor Rabin confronts the failure of present-day computer systems to provide minimal network security. As a solution, Professor Rabin presents the theory of hyper-encryption and attempts to prove its security against an adversary possessing unlimited computer power. This hyper-encryption method provides secure data exchange even if the adversary mounts an adaptive attack and obtains the secret decryption key. This program offers over an hour of video content and slides from the presentation. Hyper-Encryption by Virtual Satellite |
|