Articles about cryptography

A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017
Image by beccarra

Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …
Rebecca Hill, 14 Nov 2017
Mobile banking, image via Shutterstock

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Analysis High street banks should be exemplars of good security but many are letting the side down when it comes to following cryptographic best practice. Tests by security researcher Scott Helme and The Register showed a marked divergence in performance. We assessed the security of online login sites run by six UK high street banks …
John Leyden, 3 Nov 2017

RIP HPKP: Google abandons public key pinning

Google is abandoning a next-generation web crypto technology it initially championed. HTTP Public Key Pinning (HPKP) is a standard that allows a host to instruct browsers to only accept certain public keys when communicating with it for a given period of time. While HPKP can offer a lot of protection, the technology was open …
John Leyden, 30 Oct 2017

Holy DUHK! Boffins name bug that could crack crypto wide open

Crypto researchers from the University of Pennsylvania, working with Johns Hopkins cryptographer Matthew Green, have discovered a serious security blunder and branded it DUHK, which stands for Don't Use Hardcoded Keys. The vulnerability – described in depth at this “silly logo” website here – lies within an ancient pseudo- …

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak …
John Leyden, 23 Oct 2017
Weapon of the information wars from Shutterstock

Dev writes Ethereum code for insecure SHA-1 crypto hash function

Using Ethereum's programming language Solidity, a dev has controversially written code for making data authentication signatures with the insecure SHA-1 cryptographic hash function. Nick Johnson, the London-based Ethereum developer who authored the code, told The Register: "SHA1 is still used by a lot of legacy systems, …
Andrew Silver, 20 Oct 2017
Wi-fi symbol made out of clouds. Photo by Shutterstock

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Updated Users are urged to continue using WPA2 pending the availability of a fix, experts have said, after security researchers went public with more information about a serious flaw in the wireless encryption protocol. So-called Key Reinstallation Attacks, aka KRACK, potentially work against all modern protected Wi-Fi networks. …
John Leyden, 16 Oct 2017
Random numbers

Give a boffin a Xeon and a big GPU, get a new big prime number

Humanity's collection of the very large prime numbers just grew by one member: 9194441048576 + 1. The newly-found number lands in twelfth place on the list of largest prime numbers and, set down in full, would be 6,253,210 digits long (number one on the large primes list, 274207281 -1, is 22,338,618 digits long). The number …
Bitcoin, photo via Shutterstock

For fork's sake! Bitcoin Core braces for another cryptocurrency split

Bitcoin faces the possibility of yet another fork, a divergence anticipated by a code change proposal accepted by the developers of the Bitcoin Core client software. A week ago, Bitcoin split in two: legacy Bitcoin and Bitcoin Cash, an alternative cryptocurrency. Holders of existing Bitcoin saw a windfall, the option to …
Cat with a surprised expression. Photo by Shutterstock

Wait. What? The IBM cloud's APIs use insecure TLS1 crypto?

An email has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encrypted with the ancient TLS 1.0. It's not quite a surprise that the 1990s-era protocol was still accepted: a great many services are still midway through their deprecation plans. To give just one …

Let's harden Internet crypto so quantum computers can't crack it

In case someone manages to make a general purpose quantum computer one day, a group of IETF authors have put forward a proposal to harden Internet key exchange. It's a handy reminder that in spite of a stream of headlines telling us that quantum computers will break cryptography, there's a substantial amount of research going …

Dev to El Reg: Making web pages pretty is harder than building crypto

+Comment An Australian computer scientist working in Thailand has offered his contribution to Australia's cryptography debate by creating a public-key crypto demonstrator in less than a day, using public APIs and JavaScript. not a useful encryption implementation (the site itself says as much), but is a useful public …

Former GCHQ boss backs end-to-end encryption

Former GCHQ director Robert Hannigan has spoken out against building backdoors into end-to-end encryption (e2) schemes as a means to intercept communications by terrorists and other ne'er do wells. UK Home Secretary Amber Rudd has criticised mobile messaging services such as WhatsApp, that offer end-to-end encryption in the …
John Leyden, 10 Jul 2017
Wizard, photo via Shutterstock

Eurocrats prep white-box crypto capture-the-flag

Defender or attacker, it's less than a fortnight away from the WhibOx Challenge, a capture-the-flag (CTF) competition operated by the EU-supported ECRYPT. If you're on the defensive side, the CTF asks for white-box implementations of AES-128 (using keys of your own choice), to see how long you last against an attacker. The …

WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto

Sir Tim Berners-Lee has criticised plans to weaken encryption or extend surveillance in the wake of recent terrorist attacks. Days after the attack on Westminster that claimed the lives of three pedestrians and a police officer, Home Secretary Amber Rudd said there should be no safe space for terrorists to communicate online. …
John Leyden, 4 Apr 2017

Boffins show Intel's SGX can leak crypto keys

A researcher who in January helped highlight possible flaws in Intel's Software Guard Extensions' input-output protection is back, this time with malware running inside a protected SGX enclave. Instead of protecting the system, Samuel Weiser and four collaborators of Austria's Graz University of Technology write that the proof …

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2017