Articles about cryptography

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Google researchers and academics have today demonstrated it is possible – following years of number crunching – to produce two different documents that have the same SHA-1 hash signature. This proves what we've long suspected: that SHA-1 is weak and can't be trusted. This is bad news because the SHA-1 hashing algorithm is used …

Crypto-curious? Wickr's opened its kimono for code review

Ephemeral messaging application Wickr has opened up the core crypto software of its Wickr Professional app so others can review it. The repository is at GitHub. At this stage, the company is not offering the code for re-use. It's published under a purpose-written “review license” only, although the company says an open-source …

Google floats prototype Key Transparency to tackle secure swap woes

Google has released an open-source technology dubbed Key Transparency, which is designed to offer an interoperable directory of public encryption keys. Key Transparency offers a generic, secure way to discover public keys. The technology is built to scale up to internet size while providing a way to establish secure …
John Leyden, 13 Jan 2017

Oh, for F...acebook: WhatsApp, critics spar over alleged 'backdoor'

Updated WhatsApp’s end-to-end encryption can be potentially exploited by determined snoops to intercept and read encrypted messages, it was claimed today. Essentially, if an attacker can reroute a redelivered encrypted message, it is possible to decrypt the text. Facebook-owned WhatsApp stresses this is not a serious flaw nor a …
John Leyden, 13 Jan 2017

Testing times: Can your crypto-code survive the Google gauntlet?

Google has unleashed Project Wycheproof, a set of security tests to check cryptographic libraries for susceptibility to known weaknesses. The toolkit, maintained by Google’s security engineers, is named after Mount Wycheproof, the smallest mountain in the world, and has set out with commendably modest goals. The aim is to look …
John Leyden, 20 Dec 2016

How to confuse a Euro-cop: Survey reveals the crypto they love to hate

European Union (EU) citizens can now get an idea of what their governments want – and are doing about – cryptography regulation. The new opportunity comes courtesy of an freedom of information request by Bits of Freedom, summarised by privacy researcher Lukas Olejnik here. The news is bleak: the responses to a survey sent to …
BOSS map of universe

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

While it's reasonable to assume that a world with real quantum computers will ruin traditional asymmetric encryption, perhaps surprisingly hash functions might survive. That's the conclusion of a group of boffins led by Matthew Amy of Canada's University of Waterloo, in a paper at the International Association of Cryptologic …

Crypto needs more transparency, researchers warn

Researchers with at the French Institute for Research in Computer Science and Automation (INRIA) and the University of Pennsylvania have called for security standards-setters to publish the seeds for the prime numbers on which their standards rely. The boffins also demonstrated again that 1,024-bit primes can no longer be …
Sweet32 logo

Citrix swats Sweet32 bug by just turning off old ciphers

Citrix has pushed back a little against the dangers posed to its users by the Sweet32 “birthday attack” against old ciphers. The attack, published in late August, is a birthday attack against 64-bit ciphers like Blowfish and Triple DES. That's prompted various vendors to get patching, but as Citrix explains in this blog post …

How do you securely exchange encrypted-decrypted-recrypted data? Ask Microsoft

Microsoft researchers are working to enable secure data exchange in the cloud for applications. The work is designed to resolve the dilemma that to store data in the cloud it needs to be encrypted but to process this data it needs to be decrypted, leaving it potentially open to attack. This tradeoff between data usability and …
John Leyden, 12 Aug 2016

European privacy body slams shut backdoors everywhere

Europe's privacy body has reiterated its pro-privacy, anti-backdoor stance. The European Data Protection Supervisor (EDPS) Giovanni Buttarelli has long expressed the view that “privacy versus security” is a false dichotomy. In 2015, he told a conference in Brussels that “the objective of cyber-security may be misused to …
Strike a match

Cryptography vs. bigotry: The debate Australia needs to have

Australia's newly-elected senator Pauline Hanson has called for a ban on muslim immigration on national security grounds. But her position is ignorant and bigoted because it takes an idea to turn someone to terror and it's now impossible to stop the flow of ideas. Once Hanson realises that stopping immigration won't of itself …
Simon Sharwood, 24 Jul 2016

UK gov says new Home Sec will have powers to ban end-to-end encryption

IPBill During a committee stage debate in the UK's House of Lords yesterday, the government revealed that the Investigatory Powers Bill will provide any Secretary of State with the ability to force communication service providers (CSPs) to remove or disable end-to-end encryption. Earl Howe, a minister of state for defence and deputy …
SMAP water scanning satellite

Boffins send encrypted quantum messages to spaaaace – and back

It may be possible to send quantum-encrypted messages through space, after physicists showed a beam of light sent to a satellite could return to Earth with its quantum properties intact, according to new research published in Physical Review Letters. Quantum cryptography relies on the properties of quantum mechanics to encode …

NIST readies 'post-quantum' crypto competition

Your mission, should you choose to accept it, is to help the National Institute of Standards and Technology (NIST) defend cryptography against the onslaught of quantum computers. It hasn't happened yet, but it's pretty widely agreed that quantum computers pose a significant risk to cryptography. All that's needed is either a …
Canary

Belgian boffins breed 'digital canaries' to test your random numbers

Belgian boffins have proposed adding what they call “Canary Numbers” to random number generators (RNGs), in the hope and expectation they will fall off the twig if something goes wrong. In this International Association for Cryptologic Research (IACR) paper, Vladimir Rozic, Bohan Yang, Nele Mentens and Ingrid Verbauwhede write …

William Hague: Brussels attacks mean we must destroy crypto ASAP

William Hague, the Conservative former Foreign Secretary in the UK, has claimed that the latest Brussels terrorist attacks “show the need to crack terrorist communications.” Writing in The Telegraph, Hague claimed that the stand-out detail from the attacks in Brussels was “the communications discipline of those responsible.” …

Confused by crypto? Here's what that password hashing stuff means in English

Cryptography is dead hard. But being conversant in the key aspects of cryptography – to the extent that you could even explain some of it to colleagues and management – puts you one step ahead of most. Here are five things that'll make you sound like you know what you're talking about. 1. Digital certificates The most common …
Dave Cartwright, 25 Mar 2016

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2017