Cryptography - Page 6
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Brute force attacks on cryptography could take billions of years, which no one has to spare. Maybe you live in a country where rubber hose cryptography is, shall we say, frowned upon. Hacking a target's endpoint is an option, but what if you get caught? Better to use an attack that leaves no forensic traces behind.
The first rule of cryptography club is: never invent a cryptography system yourself. The second rule of cryptography club is: never implement a cryptography system yourself: many real-world holes are found in the implementation phase of a cryptosystem as well as in the design.
For governments worldwide, encryption is a thorn in the side in the quest for surveillance, cracking suspected criminal phones, and monitoring communication.
A project dear to its heart, Let's Encrypt has now made wildcard certificate support live in the next step to encrypt the Web. The certificate authority, which offers free SSL and TLS certificates to webmasters, said this week that support is now live for wildcard certificates, alongside ACMEv2.
Internet and social media companies will be banned from putting customer communications beyond their own reach under new laws to be unveiled on Wednesday.
Researchers have some good and bad news about the availability of secure e-mail. Use of STARTTLS and three other security extensions has surged in recent months, but their failure rate remains high, in large part because of active attacks that downgrade encrypted connections to unencrypted ones.
We now live in a world where a New York City sixth grader is making money selling strong passwords. Earlier this month, Mira Modi, 11, began a small business at dicewarepasswords.com, where she generates six-word Diceware passphrases by hand.
The Internet is abuzz with this blog post and paper, speculating that the NSA is breaking the Diffie-Hellman key-exchange protocol in the wild through massive precomputation.
SHA1, one of the Internet's most crucial cryptographic algorithms, is so weak to a newly refined attack that it may be broken by real-world hackers in the next three months, an international team of researchers warned Thursday.
The anti-encryption lobby has just got a new fan. After the government agencies, who are against encryption for obvious reasons, Edward Snowden has spoken out against encryption albeit for a different reason altogether.
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys. Florian Weimer, a researcher with Red Hat, last week published a paper called
OpenSSH 7.1 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.
OpenSSH 7.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.
Two researchers with the University of Leuven have developed a new, more practical attack technique that exposes weaknesses in the RC4 encryption algorithm.
Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm.
Almost a third of the world's encrypted Web connections can be cracked using an exploit that's growing increasingly practical, computer scientists warned Wednesday. They said the attack technique on a cryptographic cipher known as RC4 can also be used to break into wireless networks protected by the Wi-Fi Protected Access Temporal Key Integrity Protocol.
Organizations that installed the June 11 OpenSSL update need to pull it back immediately after a serious certificate validation error was discovered and patched today in a new update.
Monday a group of cryptographers and security experts released a major paper outlining the risks of government-mandated back-doors in encryption products: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, by Hal Abelson, Ross Anderson, Steve Bellovin, Josh Behaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter Neumann, Ron Rivest, Jeff Schiller, Bruce Schneier, Michael Specter, and Danny Weitzner.
"Britain is not a state that is trying to search through everybody's emails and invade their privacy," according to Prime Minister David Cameron. "We just want to ensure that terrorists do not have a safe space in which to communicate."
Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.