All Activity

This stream auto-updates     

  1. Earlier
  2. Zoom has acquired Keybase, the people behind Saltpack https://saltpack.org/ The acquisition is expected to help deliver end-to-end encryption for Zoom. It also made a commitment not to build a backdoor into its security. https://blog.zoom.us/wordpress/2020/05/07/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering/ https://keybase.io/blog/keybase-joins-zoom
  3. If anyone is interested in an outside the box approach. I invented a cipher over 6 years ago. It is a positional cipher that among many things compresses the cipher text to as little as a single one byte digit. Decryption is a simple counting function. Let me know if you are interested. I am not a programmer but thought this had merit even though it is now a simple hand cipher.
  4. The Zoom version 5.0 update improves the encryption used to protect call data. Zoom is upgrading from 128-bit Advanced Encryption Standard (AES) keys to AES 256-bit GCM encryption. https://mashable.com/article/zoom-encryption-update/
  5. Below is a sample key using letters. It could just as easily use ascii or bits or bytes. You will notice that it has several words called " paces" the obvious question is how do you know which one to use. The truth is it does not matter and to avoid human random error sequences that might allow this to be frequency attacked you could make decicions by the flip of a coin. In a frequency attack such as you would use with a one time pad. Vigeners cipher you could include letter double, triples, and even whole words, nibbles, bits, bytes, etc. m 5 a v er o a b space tt c 1 8 space j y g t f er n p t s 3 e th u space o on 9 w space space l h o space k th ee t 0 r a e 6 . i ss q space 7 4 x z on 2 e , d ff space
  6. Decided to post this simply because it has relevance past what I am able to code... I know Schneier said "Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break." I have studied cryptography, encryption methods and cryptanalysis for over 20 years. This is past me and has many one time pad similarities, but very very different. Enjoy and let me know what you think. Here is the link to see how to code and decode a positional cipher. I thought of this many years ago and thought I would post it to see what you think. To me it is little more than a toy but it might be of more interest to others here. I have tried to launch attacks against it and do not see how anyone could break this. I know I am not the smartest apple in the cart and so it probably would be simple to break by others with more knowledge than I have. I call it a 10-8 cipher. Below is a small test. Hints about the key: To avoid frequency, attack the key has duplicate most common used letters to confuse the actual position used. It is alpha numeric. There are no red herrings or tricks. misspelled words, shifts or skips. I did include letter pairs and number pairs and maybe some triples. Hints about the plain text: It is a fake NOC list (Non-Official Cover) of the 3 top spies from the country of Taured. It includes their first and last name, Age, Phone number. The plain text is separated by commas. Hints about the cipher text: Be careful the numbers are the position of the letters and do not represent letters in the plain text, In the next puzzle I will use combination of single letters, letter or number pairs, letter or number triples. Watch the video and you will see how how a letter or number in the cipher text could represent any number, any letter, or any pair or triple (this is why I said I cannot come up with a way to attack this). The 3 ciphers each use different keys…. Questions, just post them below. Have fun FIRST CIPHER 45-36-3-9-27-8-20-22-3-38-17-26-10-46-35-25-18-8-37-37-59-58-60-2-60-20 SECOND CIPHER 18-25-12-49-35-8-23-43-18-54-33-13-60-3-34-2-20-13-43-41-20-13-4-4-60-32-35-35-15-63-59 THIRD CIPHER 15-45-34-50-8-19-64-33-10-14-20-15-24-30-45-27-6-3-4-63-62-34-12-64-28-63-11-23-59 If you really are brave. I will call this unbreakable because it uses letter doubles and triples mixed in with the full alpha-numeric with repeats. Hint: 1. The 52 cipher text phrase below, has 68 character including spaces in the original plain text. 69-46-24-34-55-32-15-58-9-12-47-64-64-31-30-7-80-60-10-9-48-78-48-2-79-14-95-32-48-95-84-97-87-75-93-46-75-87-87-42-89-99-69-54-91-87-66-50-17-13-73-23- Something unique is that using this positional cipher you can also reveal sequences in a number strings easily, and reveal higher or lower entropy to compare what number streams are different in randomness. For instance let's say you were given the problem of finding missing or out of place sequences for a steganography problem or simply hiding information in a stream. In this example of numbers 5-3-2-3-1-1-2-5-2-4-2-5-1-5-3, ( which by first glance could be a random stream) that are taken from a set of numbers 1-2-3-4-5, one number is out of place. What process is currently used to detect which number is out of place (there currently is not one method to detect missing or out of place sequences). This would almost be a puzzle of its own unless you use this positional cipher in which case it stands out obviously. The answer to the above when you run the set of numbers ( 5-3-2-3-1-1-2-5-2-4-2-5-1-5-3) through the positional cipher with the key being 1-2-3-4-5 you get. (5-3-2-4-1-5-3-2-4-1-4-3-2-4-1) from this it is obvious that the position combination that repeats is 5-3-2-4-1 the number that is obviously out of position is the 11th number 4 an interesting point is that you can see from this sequence that the odds of this happening is 5^15 or 1 in 30517578125. Now the question after this little game is. Is checking the position of numbers through this cipher a way to determine the randomness of a stream of numbers? To see a video on how i came up with the answer of 5-3-2-4-1 series above click here to see the video.
  7. James

    hCaptcha

    hCaptcha protects user privacy, rewards websites, and helps companies get their data labelled. It is a drop-in replacement for reCAPTCHA: you can switch within minutes. hCaptcha is free to use for publishers of any size. When you use hCaptcha, companies bid on the work your users do as they prove their humanity. You get the rewards. hCaptcha also offers an option to support the charities of your choice with the earnings you gain from using it. The hCaptcha marketplace is powered by the HUMAN Protocol, an open decentralized protocol for human review that runs on the Ethereum blockchain. Websites earn Human Tokens (HMT) whenever users use the hCaptcha widget on their site, and machine learning companies pay Human Tokens to get their data labelled. https://www.hcaptcha.com/
  8. Google, Microsoft and Mozilla have re-enabled support for Transport Layer Security (TLS) 1.0 and 1.1, because of the COVID-19 pandemic. Browser makers restore support for obsolete TLS 1.0 and 1.1 encryption https://www.computerworld.com/article/3535806/browser-makers-cite-coronavirus-restore-support-for-obsolete-tls-10-and-11-encryption.html
  9. Web servers that haven’t disabled TLS 1.0 and TLS 1.1 will be downgraded in https testing results. Qualys advises: TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or deprecated TLS, it is critically important that organizations upgrade to a secure alternative as soon as possible. https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols?fbclid=IwAR2VBdySrhbtuz28N6c0wb9c3axB7-6nY4ANHhuB3e7wKelQ9_q_szmr944
  10. Emmanuel Thomé and his colleagues at the National Institute for Research in Computer Science and Automation (Inria) have cracked the largest key so far. The team factored RSA-240, an RSA key with 240 decimal digits. The total computing time took was equivalent to a single computer core running for almost 4000 years. https://www.newscientist.com/article/2226458-number-crunchers-set-new-record-for-cracking-online-encryption-keys/ https://www.popularmechanics.com/science/math/a30149512/longest-encryption-ever-cracked/ https://www.darkreading.com/vulnerabilities---threats/scientists-break-largest-encryption-key-yet-with-brute-force/d/d-id/1336560
  11. Mastercard, Visa, eBay and Stripe have also withdrawn from the Libra Association. https://www.bbc.co.uk/news/technology-50023008
  12. The Libra Association co-founded by Facebook aims to serve as a monetary authority for the Libra cryptocurrency. It says Libra's purpose is to "empower billions of people," citing 1.7 billion adults without bank accounts who could use the currency. The Libra Association is a group of 28 companies and non-profits helping to develop Libra. The Libra blockchain is implemented using Rust. The coding guidelines for the Libra Core Rust codebase are at https://developers.libra.org/docs/community/coding-guidelines On Friday 4th October, PayPal announced its withdrawal from the project. It said it remained supportive of Libra's aspirations but had chosen to focus on its own core businesses. https://www.bbc.co.uk/news/world-australia-49944421
  13. I would be be glad to disclose this, the reserve i have is i am not a programmer nor a fellow in the field that anyone should take notice. This has been in an armchair format for years. However it is one of the most flexible, scalable ciphers i have ever seen. By flexible i imply the cipher can show differences in normal distribution of different random generator (prng, and rng) engines like a fingerprint. Single or multiple Keys. The key can be any any length alpha, numeric or symbol. It can show frequency of random distributions of rocks in a stream to show natural or man made positioning. A secure method of encryption. The cipher text charecters have no traceable meaning without the key, meaning that you may have 5 g's but each one could represent any character. By scalable i mean any size of documentation. Would be glad to work through each example but for reasons above......it would go with out being noticed.
  14. NIST has a section for Threshold Encryption and says it has areas of relevant related research including secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design... https://csrc.nist.gov/Projects/Threshold-Cryptography
  15. VeraCrypt is now available from https://www.veracrypt.fr/en/Home.html VeraCrypt 1.22 was released in March 2018. It included Kuznyechik speedup, new cascades cipher algorithms, and TRIM support for SSD. VeraCrypt 1.23 was released in September 2018. It added a default SecureBoot for the Windows EFI system.
  16. Tesla has confirmed that it will carry out an over-the-air software update to fix a security flaw in key fobs for the Tesla S. The key fob, manufactured by Pektron, was previously based on 40-bit encryption, and upgraded to 80-bit encryption after it was found that fobs could be easily cloned. Unfortunately the latest fobs have a bug which allows two 40-bit keys to be cracked instead of the expected 80-bit key. Further information about the hack is at https://carbuzz.com/news/turns-out-the-tesla-model-s-is-still-easy-to-hack
  17. There is an interesting discussion of the cryptographic strength of Data's password at https://orbitalflower.github.io/tv/startrek/datas-password.html The password has 52 characters - 173467321476c32789777643t732v73117888732476789764376 You will need to memorise this password if you want to sing along to Data & Picard by Pogo
  18. I have always been interested in Steganography but this process would rely upon the security of the message board, and their network connections. An interesting concept nonetheless.
  19. This is threshold encryption. You say it's different but don't specify how. Threshold encryption is a very much studied field.
  20. Alice and Bob post at random intervals inside a thread on an anonymous message board The thread of posts is interpreted as a string of bits Posts by Alice represent a 1 Posts by Bob represent a 0 The security of this key in bits is the length of the thread in posts, minus 1 So 100 posts make for 99-bit security Alice and Bob are the only ones who know the key, even though the posts which comprise it are hosted publically. All Eve sees when she browses their thread is a series of blank posts made by anonymous users. She knows what Alice and Bob are doing, but can't distinguish Alice's posts from Bob's. But Alice knows which posts belong to her, as does Bob, and so they can interpret the thread as a string of bits. True, Mallory could interrupt the process by anonymously spamming the thread. That would crash the protocol. However, it would not enable Mallory to decrypt anything, so anything encrypted by Alice or Bob using that corrupted thread could not by decrypted by Mallory (or anyone except the person who encrypted it). As long as Alice and Bob are able to make themselves indistinguishable from each other from the perspective of eavesdroppers, this protocol could be modified to work with other mediums of communication. I can't actually think of a realistic use for this, given asymmetric cryptography, but maybe you will find it interesting nonetheless. 😄
  1. Load more activity