Articles about cryptography

Random numbers

Give a boffin a Xeon and a big GPU, get a new big prime number

Humanity's collection of the very large prime numbers just grew by one member: 9194441048576 + 1. The newly-found number lands in twelfth place on the list of largest prime numbers and, set down in full, would be 6,253,210 digits long (number one on the large primes list, 274207281 -1, is 22,338,618 digits long). The number …
Bitcoin, photo via Shutterstock

For fork's sake! Bitcoin Core braces for another cryptocurrency split

Bitcoin faces the possibility of yet another fork, a divergence anticipated by a code change proposal accepted by the developers of the Bitcoin Core client software. A week ago, Bitcoin split in two: legacy Bitcoin and Bitcoin Cash, an alternative cryptocurrency. Holders of existing Bitcoin saw a windfall, the option to …
Cat with a surprised expression. Photo by Shutterstock

Wait. What? The IBM cloud's APIs use insecure TLS1 crypto?

An email has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encrypted with the ancient TLS 1.0. It's not quite a surprise that the 1990s-era protocol was still accepted: a great many services are still midway through their deprecation plans. To give just one …

Let's harden Internet crypto so quantum computers can't crack it

In case someone manages to make a general purpose quantum computer one day, a group of IETF authors have put forward a proposal to harden Internet key exchange. It's a handy reminder that in spite of a stream of headlines telling us that quantum computers will break cryptography, there's a substantial amount of research going …

Dev to El Reg: Making web pages pretty is harder than building crypto

+Comment An Australian computer scientist working in Thailand has offered his contribution to Australia's cryptography debate by creating a public-key crypto demonstrator in less than a day, using public APIs and JavaScript. Brandis.io not a useful encryption implementation (the site itself says as much), but is a useful public …

Former GCHQ boss backs end-to-end encryption

Former GCHQ director Robert Hannigan has spoken out against building backdoors into end-to-end encryption (e2) schemes as a means to intercept communications by terrorists and other ne'er do wells. UK Home Secretary Amber Rudd has criticised mobile messaging services such as WhatsApp, that offer end-to-end encryption in the …
John Leyden, 10 Jul 2017
Wizard, photo via Shutterstock

Eurocrats prep white-box crypto capture-the-flag

Defender or attacker, it's less than a fortnight away from the WhibOx Challenge, a capture-the-flag (CTF) competition operated by the EU-supported ECRYPT. If you're on the defensive side, the CTF asks for white-box implementations of AES-128 (using keys of your own choice), to see how long you last against an attacker. The …

WWW daddy Sir Tim Berners-Lee stands up for end-to-end crypto

Sir Tim Berners-Lee has criticised plans to weaken encryption or extend surveillance in the wake of recent terrorist attacks. Days after the attack on Westminster that claimed the lives of three pedestrians and a police officer, Home Secretary Amber Rudd said there should be no safe space for terrorists to communicate online. …
John Leyden, 4 Apr 2017

Boffins show Intel's SGX can leak crypto keys

A researcher who in January helped highlight possible flaws in Intel's Software Guard Extensions' input-output protection is back, this time with malware running inside a protected SGX enclave. Instead of protecting the system, Samuel Weiser and four collaborators of Austria's Graz University of Technology write that the proof …

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Google researchers and academics have today demonstrated it is possible – following years of number crunching – to produce two different documents that have the same SHA-1 hash signature. This proves what we've long suspected: that SHA-1 is weak and can't be trusted. This is bad news because the SHA-1 hashing algorithm is used …

Crypto-curious? Wickr's opened its kimono for code review

Ephemeral messaging application Wickr has opened up the core crypto software of its Wickr Professional app so others can review it. The repository is at GitHub. At this stage, the company is not offering the code for re-use. It's published under a purpose-written “review license” only, although the company says an open-source …

Google floats prototype Key Transparency to tackle secure swap woes

Google has released an open-source technology dubbed Key Transparency, which is designed to offer an interoperable directory of public encryption keys. Key Transparency offers a generic, secure way to discover public keys. The technology is built to scale up to internet size while providing a way to establish secure …
John Leyden, 13 Jan 2017

Oh, for F...acebook: WhatsApp, critics spar over alleged 'backdoor'

Updated WhatsApp’s end-to-end encryption can be potentially exploited by determined snoops to intercept and read encrypted messages, it was claimed today. Essentially, if an attacker can reroute a redelivered encrypted message, it is possible to decrypt the text. Facebook-owned WhatsApp stresses this is not a serious flaw nor a …
John Leyden, 13 Jan 2017

Testing times: Can your crypto-code survive the Google gauntlet?

Google has unleashed Project Wycheproof, a set of security tests to check cryptographic libraries for susceptibility to known weaknesses. The toolkit, maintained by Google’s security engineers, is named after Mount Wycheproof, the smallest mountain in the world, and has set out with commendably modest goals. The aim is to look …
John Leyden, 20 Dec 2016

How to confuse a Euro-cop: Survey reveals the crypto they love to hate

European Union (EU) citizens can now get an idea of what their governments want – and are doing about – cryptography regulation. The new opportunity comes courtesy of an freedom of information request by Bits of Freedom, summarised by privacy researcher Lukas Olejnik here. The news is bleak: the responses to a survey sent to …
BOSS map of universe

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

While it's reasonable to assume that a world with real quantum computers will ruin traditional asymmetric encryption, perhaps surprisingly hash functions might survive. That's the conclusion of a group of boffins led by Matthew Amy of Canada's University of Waterloo, in a paper at the International Association of Cryptologic …

Crypto needs more transparency, researchers warn

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes can no longer be …
Sweet32 logo

Citrix swats Sweet32 bug by just turning off old ciphers

Citrix has pushed back a little against the dangers posed to its users by the Sweet32 “birthday attack” against old ciphers. The attack, published in late August, is a birthday attack against 64-bit ciphers like Blowfish and Triple DES. That's prompted various vendors to get patching, but as Citrix explains in this blog post …

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2017