• Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by James

  1. Flaws with the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) were found in 2007. Dan Shumow and Niels Ferguson, pointed out that using it with elliptic curve points generated by the NSA could allow encryption to be broken. Juniper Networks discovered unauthorized VPN-decryption code inside its NetScreen firewall firmware in 2015. It was attributed to Juniper’s decision to use the NSA-designed Dual EC Pseudorandom Number Generator. The backdoor had likely been added to Juniper products as far back as 2008 at the request of a ‘customer’. In 2018, US Senator Ron
  2. Zoom announced today that it will offer End-to-End Encryption https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/ Extract: Zoom meetings and webinars by default use AES 256-bit GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s serv
  3. James


    VeraCrypt uses the Kuznyechik algorithm with 10 rounds and a 256-bit key operating in XTS mode. The Latest Stable Release: 1.24-Update7 (Friday August 7, 2020) is available from https://www.veracrypt.fr/en/Downloads.html
  4. Ring has announced that it's doorbell cameras will soon offer End-to-End Encryption (E2E) https://en-uk.ring.com/blogs/alwayshome/ring-announces-end-to-end-encryption-privacy-security-and-user-control-updates Extract: Beginning today, you can visit the new Video Encryption page in Control Centre for more information about how your videos are currently being protected. Once End-to-End Encryption is available, you will be able to enable the feature for one or multiple compatible Ring devices from Control Centre - at no additional cost. It’s been our core belief that only you
  5. The new IBM Power10 chip will be manufactured by Samsung and based on its new seven-nanometer process. It features 18 billion transistors, 30 cores, a Matrix Math Accelerator to speed up artificial intelligence performance, and multiple AES engines for performing data encryption. The Power10 chip has four times as many AES engines as the Power9. https://newsroom.ibm.com/2020-08-17-IBM-Reveals-Next-Generation-IBM-POWER10-Processor
  6. Zoom has acquired Keybase, the people behind Saltpack https://saltpack.org/ The acquisition is expected to help deliver end-to-end encryption for Zoom. It also made a commitment not to build a backdoor into its security. https://blog.zoom.us/wordpress/2020/05/07/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering/ https://keybase.io/blog/keybase-joins-zoom
  7. The Zoom version 5.0 update improves the encryption used to protect call data. Zoom is upgrading from 128-bit Advanced Encryption Standard (AES) keys to AES 256-bit GCM encryption. https://mashable.com/article/zoom-encryption-update/
  8. James


    hCaptcha protects user privacy, rewards websites, and helps companies get their data labelled. It is a drop-in replacement for reCAPTCHA: you can switch within minutes. hCaptcha is free to use for publishers of any size. When you use hCaptcha, companies bid on the work your users do as they prove their humanity. You get the rewards. hCaptcha also offers an option to support the charities of your choice with the earnings you gain from using it. The hCaptcha marketplace is powered by the HUMAN Protocol, an open decentralized protocol for human review that runs on the Ethereum blockchain. We
  9. Google, Microsoft and Mozilla have re-enabled support for Transport Layer Security (TLS) 1.0 and 1.1, because of the COVID-19 pandemic. Browser makers restore support for obsolete TLS 1.0 and 1.1 encryption https://www.computerworld.com/article/3535806/browser-makers-cite-coronavirus-restore-support-for-obsolete-tls-10-and-11-encryption.html
  10. Web servers that haven’t disabled TLS 1.0 and TLS 1.1 will be downgraded in https testing results. Qualys advises: TLS 1.0 and TLS 1.1 protocols will be removed from browsers at the beginning of 2020. As there are no fixes or patches that can adequately fix SSL or deprecated TLS, it is critically important that organizations upgrade to a secure alternative as soon as possible. https://blog.qualys.com/ssllabs/2018/11/19/grade-change-for-tls-1-0-and-tls-1-1-protocols?fbclid=IwAR2VBdySrhbtuz28N6c0wb9c3axB7-6nY4ANHhuB3e7wKelQ9_q_szmr944
  11. Emmanuel Thomé and his colleagues at the National Institute for Research in Computer Science and Automation (Inria) have cracked the largest key so far. The team factored RSA-240, an RSA key with 240 decimal digits. The total computing time took was equivalent to a single computer core running for almost 4000 years. https://www.newscientist.com/article/2226458-number-crunchers-set-new-record-for-cracking-online-encryption-keys/ https://www.popularmechanics.com/science/math/a30149512/longest-encryption-ever-cracked/ https://www.darkreading.com/vulnerabilities---threats/scientists
  12. Mastercard, Visa, eBay and Stripe have also withdrawn from the Libra Association. https://www.bbc.co.uk/news/technology-50023008
  13. The Libra Association co-founded by Facebook aims to serve as a monetary authority for the Libra cryptocurrency. It says Libra's purpose is to "empower billions of people," citing 1.7 billion adults without bank accounts who could use the currency. The Libra Association is a group of 28 companies and non-profits helping to develop Libra. The Libra blockchain is implemented using Rust. The coding guidelines for the Libra Core Rust codebase are at https://developers.libra.org/docs/community/coding-guidelines On Friday 4th October, PayPal announced its withdrawal from the project. It sa
  14. NIST has a section for Threshold Encryption and says it has areas of relevant related research including secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design... https://csrc.nist.gov/Projects/Threshold-Cryptography
  15. James


    VeraCrypt is now available from https://www.veracrypt.fr/en/Home.html VeraCrypt 1.22 was released in March 2018. It included Kuznyechik speedup, new cascades cipher algorithms, and TRIM support for SSD. VeraCrypt 1.23 was released in September 2018. It added a default SecureBoot for the Windows EFI system.
  16. Tesla has confirmed that it will carry out an over-the-air software update to fix a security flaw in key fobs for the Tesla S. The key fob, manufactured by Pektron, was previously based on 40-bit encryption, and upgraded to 80-bit encryption after it was found that fobs could be easily cloned. Unfortunately the latest fobs have a bug which allows two 40-bit keys to be cracked instead of the expected 80-bit key. Further information about the hack is at https://carbuzz.com/news/turns-out-the-tesla-model-s-is-still-easy-to-hack
  17. There is an interesting discussion of the cryptographic strength of Data's password at https://orbitalflower.github.io/tv/startrek/datas-password.html The password has 52 characters - 173467321476c32789777643t732v73117888732476789764376 You will need to memorise this password if you want to sing along to Data & Picard by Pogo
  18. I have always been interested in Steganography but this process would rely upon the security of the message board, and their network connections. An interesting concept nonetheless.
  19. A couple of thoughts... if you have repeated characters and you can choose different positions then when you re-run the encryption you could reveal which characters are the same. If the plain text is English then we could expect the most duplicated characters to be the letter E, and the least duplicated to be letters such as Q and Z, and then just test out different character mapping arrangements. However I don't fully understand the decryption process... if you give me the key of XYZ and positions 2,1,4,3,5 how do I know which letter a position relates to unless it is in the key. How do
  20. Why not submit it for a competition or for peer review first? https://competitions.cr.yp.to/
  21. You are very welcome to post here. Forum guidelines are here but basically are just about being polite to one another. For video/files etc I recommend hosting off-site with YouTube/DropBox etc and linking to them so that your copy stays safe. Looking forward to hearing more about your concept.
  22. One area it might be useful is for a blind auction. I think this method would rely upon a per-document key rather than a per-user key, similar to https://github.com/owncloud The process is outlined in more detail here... https://security.stackexchange.com/a/78933 However this only covers multi-user encryption, rather than your lockdown until all users have completed. Perhaps that aspect is better covered by file access after the encrypting stages?
  23. The message was... !!! Happy Birthday LCS !!! (seed value b for p = 712238904468723561162000937465778229877598711342253664788091132335) Source: https://www.mersenneforum.org/showthread.php?p=516879#post516879
  24. Apple has released a video to promote End-to-End Encryption
  25. Self-taught Belgian bloke cracks crypto conundrum that was supposed to be uncrackable until 2034 By Katyanna Quach 30 Apr 2019 at 06:04 https://www.theregister.co.uk/2019/04/30/cryptography_conundrum_cracked/ 'It was easy, for some definition of easy,' solver tells El Reg A cryptographic puzzle proposed two decades ago that involves roughly 80 trillion squarings has been cracked much earlier than expected - in just three and a half years. On Monday, the puzzle was solved by Bernard Fabrot, a self-taught independent Java developer from Belgium. The time capsule will, thus, be c