Articles about cryptography

man holding dice

Boffin: Dump hardware number generators for encryption and instead look within

Hardware-based random number generators (HWRNGs) for encryption could be superseded after a Philippines-based researcher found that side-channel measurement of the timing of CPU operations provide enough entropy to seed crypto systems with the necessary randomness. In a paper presented on Saturday at the International …
Ruth Bourne in front of reconstructed Bombe [photo credit: Charles Coultas]

WWII Bombe operator Ruth Bourne: I'd never heard of Enigma until long after the war

Interview El Reg had the honour of speaking with a war hero last Friday when the UK's National Museum of Computing fired up its replica Enigma code-breaker to decrypt messages sent from Poland. Ruth Bourne was among hundreds of Wrens who worked on the front line of code-breaking on 200 or so Bombe machines1 at sites in and around …
John Leyden, 25 Sep 2018
Encryption

ETSI crypto-based access control standards land

Worried about enterprise security, access control, and GDPR? Relax, the standards bods at European Telecommunications Standards Institute (ETSI) have you covered. Covered, that is, if you implement its latest encryption standards. ETSI's Technical Committee on Cybersecurity announced it has released two Attribute-Based …

IEEE joins the ranks of non-backdoored strong cryptography defenders

The Institute of Electrical and Electronics Engineers (IEEE) has joined the ranks of objectors to proposed law enforcement measures that would compromise access to strong cryptography. The august engineering body went beyond merely opposing the popular understanding of what constitutes a “backdoor”, instead framing its …
Encryption

Cisco backs test to help classical crypto outlive quantum computers

Cisco and quantum security outfit Isara reckon they've got at least as far as alpha stage in one problem of the future: securing public key certificates against quantum computers. “Quantum computers will break cryptography” is a popular mass media trope, but the big brains of crypto have been aware of the risk for some time. …

FBI chief asks tech industry to build crypto-busting not-a-backdoor

FBI director Christopher Wray has addressed a cyber-security conference and again called for technologists to innovate their way around strong cryptography. Wray spoke at the Boston College / FBI Boston Conference on Cyber Security on March 7. He told the audience the issue of crypto can be solved because the industry's …
Fingers crossed

IBM's cloud faces a test on Thursday: Turning something off without turning users off too

IBM's cloud faces a big test this week: turning something off without botching the job. The "something" in this case is TLS 1.0 and 1.1, the known-to-be-ineffective cryptographic protocols that the world's abandoning just as fast as it can. In 2017 IBM gave its cloudy customers just a few days' notice of its intention to turn …
Simon Sharwood, 28 Feb 2018
grave

OpenSSL alpha adds TLS 1.3 support

Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday. Getting TLS 1.3 into users hands and working with infrastructure has been a long, slow process: the first version of its Internet-Draft dates back to April 2014, it reached version 23 in …
dodson

Hey American business, here's how to use blockch ... sorry – we've been shut down

Shmoocon The political maneuvering that has shut much of the US government this month has delayed the National Institute of Standards and Technology's planned release of guidance about the risks and rewards of blockchain technology. “We have ... a publication that’s coming out on Monday on the fundamentals of blockchain to help people …
Iain Thomson, 21 Jan 2018
grave

Unlocked: The hidden love note on the grave of America's first crypto power-couple

Shmoocon Among the 400,000 graves at the Arlington National Cemetery – a solemn US military graveyard in Virginia – lies the final resting place of cryptography pioneers William and Elizebeth Friedman. And hidden in code on their tombstone is a touching tribute from a wife to her husband. A code that's only now just been cracked, …
Iain Thomson, 20 Jan 2018
Shutterstock 666

Facebook has open-sourced encrypted group chat

Updated Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool. It's hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 …

We need to talk about mathematical backdoors in encryption algorithms

Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of …
John Leyden, 15 Dec 2017
Mobile banking, image via Shutterstock

Hackers' delight: Mobile bank app security flaw could have smacked millions

Security researchers from the University of Birmingham, UK, last week went public about security shortcomings in mobile banking apps that leave millions of users at a heightened risk of hacking. The researchers developed a tool called Spinner to perform semi-automated security testing of mobile phone apps. After running the …
John Leyden, 11 Dec 2017

Devs working to stop Go math error bugging crypto software

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big …
A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …
Rebecca Hill, 14 Nov 2017
Mobile banking, image via Shutterstock

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Analysis High street banks should be exemplars of good security but many are letting the side down when it comes to following cryptographic best practice. Tests by security researcher Scott Helme and The Register showed a marked divergence in performance. We assessed the security of online login sites run by six UK high street banks …
John Leyden, 3 Nov 2017

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2018