All Activity

This stream auto-updates     

  1. Earlier
  2. The European Commission has issued a product recall for the ENOX Safe-KID-One. The device is a smartwatch designed for children. The EC recall states: the mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed. A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS. The product does not comply with the Radio Equipment Directive. Further information:
  3. Microsoft has revealed details of an incident where an automated process, designed to trigger when custom keys are removed from KeyVault, caused TDE databases to be dropped from Azure on 29 January 2019. Microsoft tried to restore customer data from a five-minutes-ago snapshot resulting in empty databases and new database names for some. Transactions, product orders, and other updates during that five minute period were lost. Compensation is available to affected customers. For more information see
  4. James


    The reference guide is here... The support forum is here...
  5. congo


    Had to reload windows encryption program changed.I did have just gnu4pg v2 then when I reloaded i,it became kleopatra.All my encryption works in that interface.Before the change i could copy an encrypted message drop it in my clipboard decrypt and use passphrase and the message would open.Now it says no secret keys or no open pgp data.Can any1 help?? date 10/21/2018, Ron
  6. Here is a Javascript implementation of the NEW version of the Hutton Cipher. The original version had the problem where the password should not contain the letter Z because otherwise, the ciphertext would periodically contain plaintext letters. But if you don't have Z in the password, plaintext letters will NEVER encrypt to themselves, and you end up with the same problem ENIGMA had. The new rule in Hutton v2 is instead of just counting to the right as many spaces as dictated by the base26 value of the key letter, you sum that value with the base26 value of whatever letter happens to be first in the scrambled alphabet. With this modification, the cipher now produces ciphertext with a 1/26 chance to encrypt a plaintext letter to itself. Which is exactly what one would want to have. Also, the keyed alphabet is now created by appending the alphabet portion in REVERSE to the key. This is because most keyed alphabets were predictably ending in XYZ.
  7. Every day this week, Cloudflare will be announcing support for a new technology that uses cryptography to make the Internet better.
  8. Here is a video illustrating how it works.
  9. If you use multiple keys whose lengths are relatively prime, your effective Vigenere key length is the product of the lengths of all the keys. Imagine using keys with relatively prime lengths 9, 10, and 11. Your effective key length would be 1,320 characters long! Using an easily-remembered phrase that you can break up until lengths of perhaps 29, 30, and 31, you're practically using a one-time pad 26,970 letters long that you can store in your head! Is there any way to crack such a ciphertext if it's shorter than the effective key length?
  10. Someone calling themselves Hutton invented a new pen-and-paper cipher that seems to be incredibly secure. He offered a reward of over $1,000 to anyone who could crack it, although he disappeared from the internet a month ago so I'm not sure if the challenge is still ongoing. Anyway, here is how it works. You come up with a scrambled alphabet and a key. Write your key repeatedly under your plaintext just like Vigenere. To encrypt the first plaintext letter, find it in the scrambled alphabet. Count to the right (wrapping if you reach the end) as many letters as the number which your key-letter represents (treating it as a base26 number where A = 0, Z = 25). The letter you land on is your first ciphertext letter. Before you move on to encrypting the next letter though, scratch out those two letters (the plaintext and ciphertext ones) from the scrambled alphabet, and write them under each other. This effectively swaps them. For example, if you first plaintext letter is B and your first ciphertext letter is X, scratch out B and write X under it. Scratch out X and write B under it. Here is a Javascript version of the cipher. Note that it treats password letters as numbers where A = 1 and Z = 26. This is only because I was creating it precisely according to the author's instructions and only realized the problem afterwards and couldn't be bothered to update it. It would be very interesting to know if anyone can find any real weakness with this marvelously practical pen-and-paper cipher.
  11. Server Name Indication (SNI) transmits a virtual domain name during the TLS negotiation process so that a server with a single IP address can support multiple virtual domains, instead of requiring a unique IP address for each TLS host. SNI does not conceal the requested hostname so it can be used for network filtering which is a privacy concern. ESNI - Encrypted SNI - replaces the server name in the ClientHello message with an encrypted equivalent. It is placed in the DNS records as a TXT record. It has a checksum which uses the first 4 octets of the SHA-256 message digest, padding, and a validity period. However the specifications suggest the expiry date should not be used for caching to allow servers to rotate the encryption keys.
  12. Intel has disclosed details of security flaw in the math processing units of Intel Core and Xeon processors. Malware can be crafted to discern numbers held in FPU registers, for example when used for AES encryption and decryption keys. Patches are being prepared for affected systems.
  13. The AMD Epyc server chips, and processors from the Ryzen Pro line have an encryption feature called Secure Encrypted Virtualization (SEV). In theory the SEV is protected by encryption on the fly. However the page-wise encryption lacks integrity protection. An adjacent host-level administrator can craft a web environment that returns plaintext of memory locations. By observing encrypted usage of the memory locations by the target user it is possible to identify and then re-map the memory to a new user. Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel have published their findings at
  1. Load more activity