James

Administrators
  • Content Count

    108
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by James

  1. Emmanuel Thomé and his colleagues at the National Institute for Research in Computer Science and Automation (Inria) have cracked the largest key so far. The team factored RSA-240, an RSA key with 240 decimal digits. The total computing time took was equivalent to a single computer core running for almost 4000 years. https://www.newscientist.com/article/2226458-number-crunchers-set-new-record-for-cracking-online-encryption-keys/ https://www.popularmechanics.com/science/math/a30149512/longest-encryption-ever-cracked/ https://www.darkreading.com/vulnerabilities---threats/scientists-break-largest-encryption-key-yet-with-brute-force/d/d-id/1336560
  2. Mastercard, Visa, eBay and Stripe have also withdrawn from the Libra Association. https://www.bbc.co.uk/news/technology-50023008
  3. The Libra Association co-founded by Facebook aims to serve as a monetary authority for the Libra cryptocurrency. It says Libra's purpose is to "empower billions of people," citing 1.7 billion adults without bank accounts who could use the currency. The Libra Association is a group of 28 companies and non-profits helping to develop Libra. The Libra blockchain is implemented using Rust. The coding guidelines for the Libra Core Rust codebase are at https://developers.libra.org/docs/community/coding-guidelines On Friday 4th October, PayPal announced its withdrawal from the project. It said it remained supportive of Libra's aspirations but had chosen to focus on its own core businesses. https://www.bbc.co.uk/news/world-australia-49944421
  4. NIST has a section for Threshold Encryption and says it has areas of relevant related research including secure multi-party computation, intrusion tolerant distributed systems, and threshold circuit design... https://csrc.nist.gov/Projects/Threshold-Cryptography
  5. VeraCrypt is now available from https://www.veracrypt.fr/en/Home.html VeraCrypt 1.22 was released in March 2018. It included Kuznyechik speedup, new cascades cipher algorithms, and TRIM support for SSD. VeraCrypt 1.23 was released in September 2018. It added a default SecureBoot for the Windows EFI system.
  6. Tesla has confirmed that it will carry out an over-the-air software update to fix a security flaw in key fobs for the Tesla S. The key fob, manufactured by Pektron, was previously based on 40-bit encryption, and upgraded to 80-bit encryption after it was found that fobs could be easily cloned. Unfortunately the latest fobs have a bug which allows two 40-bit keys to be cracked instead of the expected 80-bit key. Further information about the hack is at https://carbuzz.com/news/turns-out-the-tesla-model-s-is-still-easy-to-hack
  7. There is an interesting discussion of the cryptographic strength of Data's password at https://orbitalflower.github.io/tv/startrek/datas-password.html The password has 52 characters - 173467321476c32789777643t732v73117888732476789764376 You will need to memorise this password if you want to sing along to Data & Picard by Pogo
  8. I have always been interested in Steganography but this process would rely upon the security of the message board, and their network connections. An interesting concept nonetheless.
  9. A couple of thoughts... if you have repeated characters and you can choose different positions then when you re-run the encryption you could reveal which characters are the same. If the plain text is English then we could expect the most duplicated characters to be the letter E, and the least duplicated to be letters such as Q and Z, and then just test out different character mapping arrangements. However I don't fully understand the decryption process... if you give me the key of XYZ and positions 2,1,4,3,5 how do I know which letter a position relates to unless it is in the key. How do I come up with A, B or C? Or does the key have to contain all the unique letters of the plain text? Also, with the key embedded, I am just wondering about forward secrecy implications.
  10. Why not submit it for a competition or for peer review first? https://competitions.cr.yp.to/
  11. You are very welcome to post here. Forum guidelines are here but basically are just about being polite to one another. For video/files etc I recommend hosting off-site with YouTube/DropBox etc and linking to them so that your copy stays safe. Looking forward to hearing more about your concept.
  12. One area it might be useful is for a blind auction. I think this method would rely upon a per-document key rather than a per-user key, similar to https://github.com/owncloud The process is outlined in more detail here... https://security.stackexchange.com/a/78933 However this only covers multi-user encryption, rather than your lockdown until all users have completed. Perhaps that aspect is better covered by file access after the encrypting stages?
  13. The message was... !!! Happy Birthday LCS !!! (seed value b for p = 712238904468723561162000937465778229877598711342253664788091132335) Source: https://www.mersenneforum.org/showthread.php?p=516879#post516879
  14. Apple has released a video to promote End-to-End Encryption
  15. Self-taught Belgian bloke cracks crypto conundrum that was supposed to be uncrackable until 2034 By Katyanna Quach 30 Apr 2019 at 06:04 https://www.theregister.co.uk/2019/04/30/cryptography_conundrum_cracked/ 'It was easy, for some definition of easy,' solver tells El Reg A cryptographic puzzle proposed two decades ago that involves roughly 80 trillion squarings has been cracked much earlier than expected - in just three and a half years. On Monday, the puzzle was solved by Bernard Fabrot, a self-taught independent Java developer from Belgium. The time capsule will, thus, be cracked open by Rivest for the world to see on May 15, and the secret message revealed.
  16. Description of the LCS35 Time Capsule Crypto-Puzzle by Ronald L. Rivest April 4, 1999 As part of the celebration of the 35th birthday of MIT's Laboratory for Computer Science, LCS Director Michael Dertouzos will present an "LCS Time Capsule of Innovations" to architect Frank Gehry. The Time Capsule will reside in the new building, designed by Gehry, that will house LCS. The time capsule will be unsealed on the earlier of 70 years from the inception of the Laboratory (on or about 2033), or upon solution of a cryptographic puzzle, described herein. This puzzle is designed to take approximately 35 years to solve. It uses the ideas described in the paper "Time-lock puzzles and timed-release Crypto" by myself, Adi Shamir, and David Wagner. A copy of this paper can be found at http://theory.lcs.mit.edu/~rivest/RivestShamirWagner-timelock.ps. The puzzle is designed to foil attempts of a solver to exploit parallel or distributed computing to speed up the computation. The computation required to solve the puzzle is "intrinsically sequential". https://people.csail.mit.edu/rivest/lcs35-puzzle-description.txt
  17. The European Commission has issued a product recall for the ENOX Safe-KID-One. The device is a smartwatch designed for children. The EC recall states: the mobile application accompanying the watch has unencrypted communications with its backend server and the server enables unauthenticated access to data. As a consequence, the data such as location history, phone numbers, serial number can easily be retrieved and changed. A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS. The product does not comply with the Radio Equipment Directive. Further information: https://ec.europa.eu/consumers/consumers_safety/safety_products/rapex/alerts/?event=viewProduct&reference=A12/0157/19&lng=en
  18. Microsoft has revealed details of an incident where an automated process, designed to trigger when custom keys are removed from KeyVault, caused TDE databases to be dropped from Azure on 29 January 2019. Microsoft tried to restore customer data from a five-minutes-ago snapshot resulting in empty databases and new database names for some. Transactions, product orders, and other updates during that five minute period were lost. Compensation is available to affected customers. For more information see https://www.theregister.co.uk/2019/01/30/azure_sql_delete/
  19. James

    kleopatra

    The reference guide is here... https://docs.kde.org/stable5/en/pim/kleopatra/index.html The support forum is here... https://forum.kde.org/index.php
  20. Every day this week, Cloudflare will be announcing support for a new technology that uses cryptography to make the Internet better. https://blog.cloudflare.com/crypto-week-2018/
  21. Server Name Indication (SNI) transmits a virtual domain name during the TLS negotiation process so that a server with a single IP address can support multiple virtual domains, instead of requiring a unique IP address for each TLS host. SNI does not conceal the requested hostname so it can be used for network filtering which is a privacy concern. ESNI - Encrypted SNI - replaces the server name in the ClientHello message with an encrypted equivalent. It is placed in the DNS records as a TXT record. It has a checksum which uses the first 4 octets of the SHA-256 message digest, padding, and a validity period. However the specifications suggest the expiry date should not be used for caching to allow servers to rotate the encryption keys.
  22. Intel has disclosed details of security flaw in the math processing units of Intel Core and Xeon processors. Malware can be crafted to discern numbers held in FPU registers, for example when used for AES encryption and decryption keys. Patches are being prepared for affected systems.
  23. The AMD Epyc server chips, and processors from the Ryzen Pro line have an encryption feature called Secure Encrypted Virtualization (SEV). In theory the SEV is protected by encryption on the fly. However the page-wise encryption lacks integrity protection. An adjacent host-level administrator can craft a web environment that returns plaintext of memory locations. By observing encrypted usage of the memory locations by the target user it is possible to identify and then re-map the memory to a new user. Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel have published their findings at https://arxiv.org/pdf/1805.09604.pdf
  24. VeraCrypt 1.21, released in July 2017, added support for FreeBSD.
  25. The Lloyds Banking Group (Lloyds Bank, Bank of Scotland, Halifax and MBNA) has blocked the ability for its customers to purchase crypto-currencies with a credit card (according to a report in The Telegraph). It is concerned about the level of customer debt set against falling values in cryptocurrency. However debit card purchases are not excluded.