Cryptography
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The Senate Judiciary Committee recently held ahearingon encryption and “lawful access.” That’s the fanciful idea that encryption providers can somehow allow law enforcement access to users’ encrypted data while otherwise preventing the “bad guys” from accessing this very same data. Learn more:
This time last year, the Australian Labor Party waved through the government's encryption Bills, formally known as the Assistance and Access Bill, and threw out the line that it was to keep the nation safe. The Labor Party now says it will fix encryption laws it voted for last year, but legislation is unlikely to pass the House of Representatives. What are your thoughts on this proposed legislation and the implications it would have for citizens' privacy? Learn more:
We've been taught to look out for that little padlock to ensure a website is secure. But it's dangerous to rely on just one detail. Learn more:
The growing battle over end-to-end encryption took another turn last week, when EU officials warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology. What is your opinion on this issue? We are in favor of strong encryption. Learn more:
Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications,using arguments that have barely changed since the 1990’s. But we’ve also seensuggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child exploitation imagery (CEI). What are your thoughts on client-side scanning and its privacy implications? Learn more in a great EFF article:
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. Learn more about Delegated Credentials for TLS in an informative The Hacker News article:
Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections. What are your thoughts? Learn more in a great CSO article:
In anextraordinary essay, the former FBI general counsel Jim Baker makes the case for strong encryption over government-mandated backdoors. What is your opinion on this? Learn more in a great Schneier on Security article:
"NIST hascompleted a study-- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard." Learn Bruce Schneier's opinion on AES in an interesting article:
Have you heard that while Ubuntu developers are busyadding experimental ZFS support to their installer, the SUSE developers working on their YaST installer are working on offering better security options for their platform by beefing up the encryption capabilities at install-time? Learn more:
The road to routing all Domain Name System lookups through HTTPS is pocked with disagreements over just how much it will help. What is your opinion on this? Learn the details in an informative Wired article:
Have you heard that Russian hackers are infecting systems with RATs and using them to modify Chrome and Firefox browsers, adding a fingerprint to every TLS action and passively track encrypted traffic? Learn more in an interesting Engadget article:
You would be forgiven for thinking that encrypting PDFs, before they are stored or sent via email, keeps their contents away from prying eyes. But according to researchers in Germany, it might be time to revisit that assumption after they discovered weaknesses in PDF encryption which could be exploited to reveal the contents of a file to an attacker. Learn more:
Have you heard about the new attack that German academics have developed that can extract and steal data from encrypted PDF files, sometimes without user interaction? Learn more:
Are you running Lightning Network nodes? If so, you should upgrade ASAP. Learn more:
Interested in what the future has in store for blockchain? Check out this interesting HelpNetSecurity article:
Industry stakeholders are considering reducing the lifespan of HTTPS certificates to just 13 months, around half of the current duration, in order to improve security.
Criminals are using ransomware-like tactics and poisoned websites to get your employees’ computers to mine cryptocurrencies. Here’s what you can do to stop it.
One of the most common uses of public-key cryptography is securing data on the move. The process used to produce the code that scrambles that data as it travels over the internet has been labor intensive. That's changed, however, with anew system developed by MIT researchersfor creating that code.
Have you considered what the future of cryptocurrency looks like? Loss of crypto coins through hacks, fake trading and volatility destroy trust in cryptocurrency, but those aren't its only problems.