James

Administrators
  • Content Count

    96
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by James

  1. The message was... !!! Happy Birthday LCS !!! (seed value b for p = 712238904468723561162000937465778229877598711342253664788091132335) Source: https://www.mersenneforum.org/showthread.php?p=516879#post516879
  2. Apple has released a video to promote End-to-End Encryption
  3. Self-taught Belgian bloke cracks crypto conundrum that was supposed to be uncrackable until 2034 By Katyanna Quach 30 Apr 2019 at 06:04 https://www.theregister.co.uk/2019/04/30/cryptography_conundrum_cracked/ 'It was easy, for some definition of easy,' solver tells El Reg A cryptographic puzzle proposed two decades ago that involves roughly 80 trillion squarings has been cracked much earlier than expected - in just three and a half years. On Monday, the puzzle was solved by Bernard Fabrot, a self-taught independent Java developer from Belgium. The time capsule will, thus, be cracked open by Rivest for the world to see on May 15, and the secret message revealed.
  4. Description of the LCS35 Time Capsule Crypto-Puzzle by Ronald L. Rivest April 4, 1999 As part of the celebration of the 35th birthday of MIT's Laboratory for Computer Science, LCS Director Michael Dertouzos will present an "LCS Time Capsule of Innovations" to architect Frank Gehry. The Time Capsule will reside in the new building, designed by Gehry, that will house LCS. The time capsule will be unsealed on the earlier of 70 years from the inception of the Laboratory (on or about 2033), or upon solution of a cryptographic puzzle, described herein. This puzzle is designed to take approximately 35 years to solve. It uses the ideas described in the paper "Time-lock puzzles and timed-release Crypto" by myself, Adi Shamir, and David Wagner. A copy of this paper can be found at http://theory.lcs.mit.edu/~rivest/RivestShamirWagner-timelock.ps. The puzzle is designed to foil attempts of a solver to exploit parallel or distributed computing to speed up the computation. The computation required to solve the puzzle is "intrinsically sequential". https://people.csail.mit.edu/rivest/lcs35-puzzle-description.txt
  5. The European Commission has issued a product recall for the ENOX Safe-KID-One. The device is a smartwatch designed for children. The EC recall states: the mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed. A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS. The product does not comply with the Radio Equipment Directive. Further information: https://ec.europa.eu/consumers/consumers_safety/safety_products/rapex/alerts/?event=viewProduct&reference=A12/0157/19&lng=en
  6. Microsoft has revealed details of an incident where an automated process, designed to trigger when custom keys are removed from KeyVault, caused TDE databases to be dropped from Azure on 29 January 2019. Microsoft tried to restore customer data from a five-minutes-ago snapshot resulting in empty databases and new database names for some. Transactions, product orders, and other updates during that five minute period were lost. Compensation is available to affected customers. For more information see https://www.theregister.co.uk/2019/01/30/azure_sql_delete/
  7. James

    kleopatra

    The reference guide is here... https://docs.kde.org/stable5/en/pim/kleopatra/index.html The support forum is here... https://forum.kde.org/index.php
  8. Every day this week, Cloudflare will be announcing support for a new technology that uses cryptography to make the Internet better. https://blog.cloudflare.com/crypto-week-2018/
  9. Server Name Indication (SNI) transmits a virtual domain name during the TLS negotiation process so that a server with a single IP address can support multiple virtual domains, instead of requiring a unique IP address for each TLS host. SNI does not conceal the requested hostname so it can be used for network filtering which is a privacy concern. ESNI - Encrypted SNI - replaces the server name in the ClientHello message with an encrypted equivalent. It is placed in the DNS records as a TXT record. It has a checksum which uses the first 4 octets of the SHA-256 message digest, padding, and a validity period. However the specifications suggest the expiry date should not be used for caching to allow servers to rotate the encryption keys.
  10. Intel has disclosed details of security flaw in the math processing units of Intel Core and Xeon processors. Malware can be crafted to discern numbers held in FPU registers, for example when used for AES encryption and decryption keys. Patches are being prepared for affected systems.
  11. The AMD Epyc server chips, and processors from the Ryzen Pro line have an encryption feature called Secure Encrypted Virtualization (SEV). In theory the SEV is protected by encryption on the fly. However the page-wise encryption lacks integrity protection. An adjacent host-level administrator can craft a web environment that returns plaintext of memory locations. By observing encrypted usage of the memory locations by the target user it is possible to identify and then re-map the memory to a new user. Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel have published their findings at https://arxiv.org/pdf/1805.09604.pdf
  12. VeraCrypt 1.21, released in July 2017, added support for FreeBSD.
  13. The Lloyds Banking Group (Lloyds Bank, Bank of Scotland, Halifax and MBNA) has blocked the ability for its customers to purchase crypto-currencies with a credit card (according to a report in The Telegraph). It is concerned about the level of customer debt set against falling values in cryptocurrency. However debit card purchases are not excluded.
  14. Facebook has announced a change to its advertising policy restricting the advertising of cryptocurrency. It now says Facebook Ads must not promote ‘financial products and services that are frequently associated with misleading or deceptive promotional practices, such as binary options, initial coin offerings and cryptocurrency.’
  15. A vulnerability in RSA encryption affects about 3% of all web servers including leading web sites such as Facebook and PayPal. In 1998 Daniel Bleichenbacher, a Swiss cryptographer, identified a problem with the implementation of RSA PKCS #1 v1.5 and it was never fully fixed. Hanno Böck, Juraj Somorovsky, and Craig Young discovered the flaw, to be known as ROBOT, which stands for Return Of Bleichenbacher’s Oracle Threat. It can be used to exploit servers running older ciphers. Servers that are vulnerable to a DROWN attack, forcing a downgrade to older ciphers, are also vulnerable. The researchers recommend to fully deprecate RSA encryption based key exchanges in TLS (ciphers that start with TLS_RSA). Further information is available from https://eprint.iacr.org/2017/1189.pdf
  16. The US Air Force has a new encryption chip called Mini Crypto. It took two years to develop and is now ready for production. The chip is a self-contained encryption engine that generates its own session-based key. It is suitable for communications equipment that is usually carried by one person, such as scouts, and does not require safeguarding from falling into the wrong hands. Further information from http://www.aviationtoday.com/2017/10/04/usaf-encryption-chip-ready-production/
  17. ICANN has postponed the rollout until the first quarter of 2018 at the earliest.
  18. Burger King has launched its own crypto-currency, called WhopperCoin. They are offered in reward for purchases. 1700 WhopperCoins can be redeemed for a Whopper burger. The BlockChain is being managed by Waves: http://wavescommunity.com/blt-with-dlt-have-it-your-way-with-whoppercoin-on-waves/ (n.b. the Waves web site doesn’t use HTTPS, rather odd considering their area of expertise)
  19. KSK = Key Signing Key ZSK = Zone Signing Key RZM = Root Zone Maintainer DNS = Domain Name System (or Server) The KSK will be used to sign the root zone for the first time on October 11, 2017 at 1600 UTC. The KSK is used to sign the ZSK, which is used by the root zone maintainer (RZM) to DNSSEC-sign the root zone of the Domain Name System. The change will upgrade the ZSK to a 2048-bit RSA key to improve security for resolving domain names. For more information see https://automated-ksk-test.research.icann.org/
  20. IBM has announced new hardware that supports full encryption and said ‘IBM fully supports the need for governments to protect their citizens from evolving threats. Weakening encryption technology, however, is not the answer. Encryption is simply too prevalent and necessary in modern society.’
  21. A European Parliament committee is proposing that end-to-end encryption can be used by the public. They submitted a proposal for a regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications.
  22. VeraCrypt 1.20 comes with 64-bit processor optimizations for all supported operating systems. The developers have improved the implementation for SHA-512 and SHA-256 which results in a 33% speed increase on 64-bit systems. Additionally, a 64-bit optimized assembly implementation of Twofish and Camelia is included in VeraCrypt 1.20 which makes Camelia 2.5 times faster if AES-NI is supported by the processor, or 30% faster if it is not. Other major changes for all operating systems include the use of Address Space Layout Randomization (ASLR) for improved security, and the integration of a local HTML user guide instead of a PDF document. (source: ghacks.net)
  23. Let’s Encrypt has just issued its hundred millionth digital certificate. They estimate the number of web sites protected by Let’s Encrypt is between 17 million and 46 million.
  24. Fox‑IT has extracted AES-256 encryption keys using $200 of standard electronics parts to measure electromagnetic radiation. At a distance of one metre sniffing the keys over the air took five minutes. At 30cm the extraction time is cut down to just 50 seconds. By using a test rig for calibration they mapped out power consumption related to individual bytes, resulting in 8192 guesses at the encryption key. They said (PDF) their technique is suitable for attacking network encryption appliances.
  25. The US Computer Emergency Readiness Team (US-CERT) has published an Alert (TA17-132A) with the indicators associated with WannaCry ransomware. WannaCry, WCry, or Wanna Decryptor, was discovered on 12th May 2017. It is believed that WannaCry is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft has released a security update for the MS17-010 vulnerability. How it works…