Cryptologists, Gaggle of →
Certainly an eponymous panel of cryptographic scientists, inclusive of Paul Kocher (Moderator) , Adi Shamir, Whitfield Diffie, Ed Giorgio, Ronald Rivest holding forth, as it were...
Certainly an eponymous panel of cryptographic scientists, inclusive of Paul Kocher (Moderator) , Adi Shamir, Whitfield Diffie, Ed Giorgio, Ronald Rivest holding forth, as it were...
Good news for TrueCrypt, via the inimitable Dan Goodin, writing at Ars Technica, of the apparent clean bill of cryptographic health, as it were...
"The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software," Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday's report. "The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances." via Dan Goodin at Ars Technica
Old, still relevant, and the reasons' why... Wouldn't you say?
In which, we are enthralled by Le Bon Professeur Jules Verne. Via a typically superb post - crafted by Nick Pelling at his Tremendous Cipher Mysteries site; further, by way of a fascinating article in the United States Army Signal Corps Bulletin of April to June 1940 detailing Monsieur Verne's prediliction for both transpositional and Vigenère ciphers. Outstanding.
More IPV6 myths exposed by ISOC's Deploy360 Director Chris Grundemann. This time focusing on the myth that IPv6 is too new to be attacked. Today's MustRead!
Well now, this is good news [of coursepurely dependent upon where your place is within the transaction, and future issues of both key management and governance related challenges] as Box has commenced with provisioning customers with their encryption keys. Gotta admire the transfer of risk in this action, all under the guide of enterprise key management...
'Today, Box says it has a new product that gets the job done. Called “Enterprise Key Management (EKM),” the service puts encryption keys inside a customer’s own data center and in a special security module stored in an Amazon data center. The Box service still must access customer’s data in order to enable sharing and collaboration, but EKM makes sure that only happens when the customer wants it to, Box says.' ArsTechnica's Jon Brodkin
In an astonishing turn of luck, Alan Turing's Banbury Notes have turned up as roof insulation, at Beltchley Park's Hut 6. Reportedly, the notes were discovered during the renovation of the Hut in 2013.
Astoundingly, myths still arise in this epoch of science, strangely so, when dealing with new technologies [Read: new means new in the final two years of the last century as IPv4 was originally codified by the IETF in 1981, with the acceptance of RFC 791] - in this case the vaunted move to IPv6. Now, arising from the ashes of IPv4 exhaustion hysteria, comes a current popular myth surrounds the utilization NATs in IPv4 and the lack of a counterpart construct in IPv6.
Dr. Michael Geist (Law Professor at the University of Ottawa, and the current holder of the Canada Research Chair in Internet and E-commerce Law) holds forth on current cloud cogitation up north (at least within the data confines of the Government of Canada / Gouvernement du Canada).
An End-to-End Encrypted Secret, that is...
If you read anything today about cryptography today, read the work of Stanford University's Center for Internet and Society's Jeffrey Vagle, JD [Mr. Vagle is also a Lecturer in Law and the Executive Director of the Center for Technology, Innovation and Competition [CTIC] at the University of Pennsylvania Law School]; in which, Mr. Vagle examines the criminalization of cryptography [snippet of his work appears below].
'We've heard this story from governments before, of course, from the "crypto wars" of the early 1990s to recent claims by the FBI that encryption allows networks to "go dark," and prevent legitimate law enforcement efforts. But as the leaked security memo asserts, without strong crypto and secure networks, we're all put at greater risk. It is crucial that we keep this in perspective as the world's legislative bodies rush to do something--anything--in the face of these crises.' - via Jeffrey Vagle writing at the Center for Internet and Society, at Stanford University
New and shiny, the Dark Mail Alliance has released the company's secure mobile platform, with minimal fanfare, but tremendous functionality. Founding members of the alliance are Phil Zimmermann, John Callas, Mike Janke and Ladar Levinson; code is available for examination on GitHub. Outstanding!
Physikalisch Zugriff Nicht Erforderlich
More interesting security slap and tickle at the Chaos Computer Club confab in Germany... This time, apparently the lack of physical access was not an impediment in the second well publicized defeat of Apple Inc.'s [NasdaqGS: AAPL] TouchID. Jan Krissler, holding forth at the conference has detailed the steps taken to overcome the vaunted security of TouchID via a presentation entitled 'Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] '.
'Krissler said he used commercially available software called VeriFinger to pull off the feat. The main source was a close-up picture of von der Leyen’s thumb, obtained during a news conference in October, along with photographs taken from different angles to get an image of the complete fingerprint.' - via Emil Protalinski writing at VentureBeat
The Electronic Frontier Foundations' Secure Messaging Scorecard is our Must Read. In a nutshell, the EFF has graded the anti-surveillance efficacy of an impressive number of providers and software packages. Enjoy!
Astonished to find this well-written investigative piece by Vince Lattanzio, writing for NBC 10, in Bala Cynwyd, Pennsylvania [covering Philadelphia and the NBC affiliate in the City of Brotherly Love]. In an effort to detail the the Department of Homeland Security's Forensics Investigation Laboratory many of the tricks of the trade - so to speak- are illustrated for all, including an EMF blocker container to examine miscreant-owned mobile devices without the possibility of remote data destruction.
News, via Paul Rubens writing at eSecurity Planet, of the apparent resurfacing of the TrueCrypt project, this time, with more eyes on the prize, so to speak. Look for a resurrected TrueCrypt 7.1a code-base with a new re-branded name: CipherShed. Hat Tip to Firewall Consultants.
via the inimitable Kim Zetter, Senior Staff Writer at Wired, comes this staggeringly well crafted piece on the United States National Security Agency / Central Security Service's work to create a tool known as MonsterMind. The natural progeny of encompassing surveillance, is the capability to detect and mitigate malware in the wild.