Showing posts with label cryptography. Show all posts
Showing posts with label cryptography. Show all posts

23 November 2013

NSA's Crypto Betrayal: Good News for Open Source?

Revelations from documents obtained by whistleblower Edward Snowden that GCHQ essentially downloads the entire Internet as it enters and leaves the UK, and stores big chunks of it, was bad enough. But last week we learned that the NSA has intentionally weakened just about every aspect of online encryption:

On Open Enterprise blog.

13 October 2012

CryptoParty Like It's 1993

As Techdirt stories regularly report, governments around the world, including those in the West, are greatly increasing their surveillance of the Internet. Alongside a loss of the private sphere, this also represents a clear danger to basic civil liberties. The good news is that we already have the solution: encrypting communications makes it very hard, if not entirely impossible, for others to eavesdrop on our conversations. The bad news is that crypto is largely ignored by the general public, partly because they don't know about it, and partly because even if they do, it seems too much trouble to implement. 

On Techdirt.

29 September 2012

A New Issue For Bitcoin: Crypto Key Disclosure

The debate is still raging whether Bitcoin is a brilliant idea that will revolutionize business and society, a high-tech money laundering scheme, or just a fad that will soon pass into history. But in a fascinating post, Jon Matonis points to a problem that doesn't really seem to have been considered before: 

On Techdirt.

21 January 2008

Security by Obscurity? I Don't Think So

Great post by Ed Felten about the complete mess the Dutch authorities have made of their new $2 billion transit card system, which, it seems, is wide open to cracking:

Why?

Kerckhoffs’s Principle, one of the bedrock maxims of cryptography, says that security should never rely on keeping an algorithm secret. It’s okay to have a secret key, if the key is randomly chosen and can be changed when needed, but you should never bank on an algorithm remaining secret.

Unfortunately the designers of Mifare Classic did not follow this principle. Instead, they chose to combine a secret algorithm with a relatively short 48-bit key. This is a problem because once you know the algorithm it’s possible for an attacker to search the entire 48-bit key space, and therefore to forge cards, in a matter or days or weeks.

More generally:

Now the Dutch authorities have a mess on their hands. About $2 billion have been invested in this project, but serious fraud seems likely if it is deployed as designed. This kind of disaster would have been more likely had the design process been more open. Secrecy was not only an engineering mistake (violating Kerckhoffs’s Principle) but also a policy mistake, as it allowed the project to get so far along before independent analysts had a chance to critique it. A more open process, like the one the U.S. government used in choosing the Advanced Encryption Standard (AES) would have been safer. Governments seem to have a hard time understanding that openness can make you more secure.

Let's hope other governments are listening...

15 January 2006

On Social Bookmarking, Spam - and Steganography

A fine analysis of the threats posed to social bookmarking sites (del.icio.us, digg.com etc) from Alex Bosworth. But for me, the real corker is his idea of steganographic spam.

Steganography involves hiding something in a message so that it is not even apparent there is hidden content - unlike cryptography, where the content is obscured but its presence is obvious. This might be achieved by hiding a message in the pixels of a picture - few enough for their presence not to be obvious to casual observers - that can be extracted using the appropriate software running the right algorithms.

Bosworth would have us imagine steganographic spam - so subtle, we are not even aware that it is there. Fiendish.