Articles about cryptography

grave

Unlocked: The hidden love note on the grave of America's first crypto power-couple

Shmoocon 2018 Among the 400,000 graves at the Arlington National Cemetery – a solemn US military graveyard in Virginia – lies the final resting place of cryptography pioneers William and Elizebeth Friedman. And hidden in code on their tombstone is a touching tribute from a wife to her husband. A code that's only now just been cracked, …
Iain Thomson, 20 Jan 2018
Shutterstock 666

Facebook has open-sourced encrypted group chat

Updated Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool. It's hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 …

We need to talk about mathematical backdoors in encryption algorithms

Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of …
John Leyden, 15 Dec 2017
Mobile banking, image via Shutterstock

Hackers' delight: Mobile bank app security flaw could have smacked millions

Security researchers from the University of Birmingham, UK, last week went public about security shortcomings in mobile banking apps that leave millions of users at a heightened risk of hacking. The researchers developed a tool called "Spinner" to perform semi-automated security testing of mobile phone apps. After running the …
John Leyden, 11 Dec 2017
A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …
Rebecca Hill, 14 Nov 2017
Mobile banking, image via Shutterstock

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Analysis High street banks should be exemplars of good security but many are letting the side down when it comes to following cryptographic best practice. Tests by security researcher Scott Helme and The Register showed a marked divergence in performance. We assessed the security of online login sites run by six UK high street banks …
John Leyden, 3 Nov 2017

RIP HPKP: Google abandons public key pinning

Google is abandoning a next-generation web crypto technology it initially championed. HTTP Public Key Pinning (HPKP) is a standard that allows a host to instruct browsers to only accept certain public keys when communicating with it for a given period of time. While HPKP can offer a lot of protection, the technology was open …
John Leyden, 30 Oct 2017

Holy DUHK! Boffins name bug that could crack crypto wide open

Crypto researchers from the University of Pennsylvania, working with Johns Hopkins cryptographer Matthew Green, have discovered a serious security blunder and branded it DUHK, which stands for Don't Use Hardcoded Keys. The vulnerability – described in depth at this “silly logo” website here – lies within an ancient pseudo- …
casino_security_648

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak …
John Leyden, 23 Oct 2017
Weapon of the information wars from Shutterstock

Dev writes Ethereum code for insecure SHA-1 crypto hash function

Using Ethereum's programming language Solidity, a dev has controversially written code for making data authentication signatures with the insecure SHA-1 cryptographic hash function. Nick Johnson, the London-based Ethereum developer who authored the code, told The Register: "SHA1 is still used by a lot of legacy systems, …
Andrew Silver, 20 Oct 2017
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks. …
John Leyden, 16 Oct 2017
Random numbers

Give a boffin a Xeon and a big GPU, get a new big prime number

Humanity's collection of the very large prime numbers just grew by one member: 9194441048576 + 1. The newly-found number lands in twelfth place on the list of largest prime numbers and, set down in full, would be 6,253,210 digits long (number one on the large primes list, 274207281 -1, is 22,338,618 digits long). The number …
Bitcoin, photo via Shutterstock

For fork's sake! Bitcoin Core braces for another cryptocurrency split

Bitcoin faces the possibility of yet another fork, a divergence anticipated by a code change proposal accepted by the developers of the Bitcoin Core client software. A week ago, Bitcoin split in two: legacy Bitcoin and Bitcoin Cash, an alternative cryptocurrency. Holders of existing Bitcoin saw a windfall, the option to …
Cat with a surprised expression. Photo by Shutterstock

Wait. What? The IBM cloud's APIs use insecure TLS1 crypto?

An email has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encrypted with the ancient TLS 1.0. It's not quite a surprise that the 1990s-era protocol was still accepted: a great many services are still midway through their deprecation plans. To give just one …

Let's harden Internet crypto so quantum computers can't crack it

In case someone manages to make a general purpose quantum computer one day, a group of IETF authors have put forward a proposal to harden Internet key exchange. It's a handy reminder that in spite of a stream of headlines telling us that quantum computers will break cryptography, there's a substantial amount of research going …

Dev to El Reg: Making web pages pretty is harder than building crypto

+Comment An Australian computer scientist working in Thailand has offered his contribution to Australia's cryptography debate by creating a public-key crypto demonstrator in less than a day, using public APIs and JavaScript. Brandis.io not a useful encryption implementation (the site itself says as much), but is a useful public …

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2018