Articles about cryptography

IEEE joins the ranks of non-backdoored strong cryptography defenders

The Institute of Electrical and Electronics Engineers (IEEE) has joined the ranks of objectors to proposed law enforcement measures that would compromise access to strong cryptography. The august engineering body went beyond merely opposing the popular understanding of what constitutes a “backdoor”, instead framing its …
Encryption

Cisco backs test to help classical crypto outlive quantum computers

Cisco and quantum security outfit Isara reckon they've got at least as far as alpha stage in one problem of the future: securing public key certificates against quantum computers. “Quantum computers will break cryptography” is a popular mass media trope, but the big brains of crypto have been aware of the risk for some time. …

FBI chief asks tech industry to build crypto-busting not-a-backdoor

FBI director Christopher Wray has addressed a cyber-security conference and again called for technologists to innovate their way around strong cryptography. Wray spoke at the Boston College / FBI Boston Conference on Cyber Security on March 7. He told the audience the issue of crypto can be solved because the industry's …
Fingers crossed

IBM's cloud faces a test on Thursday: Turning something off without turning users off too

IBM's cloud faces a big test this week: turning something off without botching the job. The "something" in this case is TLS 1.0 and 1.1, the known-to-be-ineffective cryptographic protocols that the world's abandoning just as fast as it can. In 2017 IBM gave its cloudy customers just a few days' notice of its intention to turn …
Simon Sharwood, 28 Feb 2018
grave

OpenSSL alpha adds TLS 1.3 support

Developers working with OpenSSL can finally start to work with TLS 1.3, thanks to the alpha version of OpenSSL 1.1.1 that landed yesterday. Getting TLS 1.3 into users hands and working with infrastructure has been a long, slow process: the first version of its Internet-Draft dates back to April 2014, it reached version 23 in …
dodson

Hey American business, here's how to use blockch ... sorry – we've been shut down

Shmoocon The political maneuvering that has shut much of the US government this month has delayed the National Institute of Standards and Technology's planned release of guidance about the risks and rewards of blockchain technology. “We have ... a publication that’s coming out on Monday on the fundamentals of blockchain to help people …
Iain Thomson, 21 Jan 2018
grave

Unlocked: The hidden love note on the grave of America's first crypto power-couple

Shmoocon Among the 400,000 graves at the Arlington National Cemetery – a solemn US military graveyard in Virginia – lies the final resting place of cryptography pioneers William and Elizebeth Friedman. And hidden in code on their tombstone is a touching tribute from a wife to her husband. A code that's only now just been cracked, …
Iain Thomson, 20 Jan 2018
Shutterstock 666

Facebook has open-sourced encrypted group chat

Updated Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool. It's hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 …

We need to talk about mathematical backdoors in encryption algorithms

Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going towards the search for mathematical backdoors, two cryptography professors have argued. Governments and intelligence agencies strive to control and bypass or circumvent cryptographic protection of …
John Leyden, 15 Dec 2017
Mobile banking, image via Shutterstock

Hackers' delight: Mobile bank app security flaw could have smacked millions

Security researchers from the University of Birmingham, UK, last week went public about security shortcomings in mobile banking apps that leave millions of users at a heightened risk of hacking. The researchers developed a tool called Spinner to perform semi-automated security testing of mobile phone apps. After running the …
John Leyden, 11 Dec 2017

Devs working to stop Go math error bugging crypto software

Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big …
A piggy bank in a pile of pound coins

Does UK high street banks' crappy crypto actually matter?

The Register's recent story about the failure of most UK high street banks to follow web security best practices has provoked a lively debate among security experts. Tests of six banks revealed sketchy support for HTTP Strict Transport Security (HSTS), a cryptographic technology introduced in October 2012 and designed to …
John Leyden, 16 Nov 2017
Monty Python sketch: Nobody expects the Spanish Inquisition

Confusion reigns over crypto vuln in Spanish electronic ID smartcards

The impact of a recently discovered cryptographic vulnerability involving smartcards is causing issues in Spain similar to those previously experienced in Estonia. RSA keys produced by smartcards, security tokens, laptops and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and …
John Leyden, 15 Nov 2017
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Privacy Pass protocol promises private perusing

Boffins have harnessed privacy-preserving crypto to create a browser extension that allows users to authenticate to services without being tracked. The extension, Privacy Pass, offers people another way to authenticate themselves without having to repeatedly solve internet challenge-response tests like CAPTCHAs. Alex Davidson …
Rebecca Hill, 14 Nov 2017
Mobile banking, image via Shutterstock

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Analysis High street banks should be exemplars of good security but many are letting the side down when it comes to following cryptographic best practice. Tests by security researcher Scott Helme and The Register showed a marked divergence in performance. We assessed the security of online login sites run by six UK high street banks …
John Leyden, 3 Nov 2017

RIP HPKP: Google abandons public key pinning

Google is abandoning a next-generation web crypto technology it initially championed. HTTP Public Key Pinning (HPKP) is a standard that allows a host to instruct browsers to only accept certain public keys when communicating with it for a given period of time. While HPKP can offer a lot of protection, the technology was open …
John Leyden, 30 Oct 2017
Boot crushes duckling - pic Shutterstock

Holy DUHK! Boffins name bug that could crack crypto wide open

Crypto researchers from the University of Pennsylvania, working with Johns Hopkins cryptographer Matthew Green, have discovered a serious security blunder and branded it DUHK, which stands for Don't Use Hardcoded Keys. The vulnerability – described in depth at this “silly logo” website here – lies within an ancient pseudo- …
casino_security_648

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA. Security researchers went public last week with research that revealed that RSA keys produced for smartcards, security tokens, and other devices by crypto-chips made by Infineon Technologies were weak …
John Leyden, 23 Oct 2017

Create a news alert about cryptography, or find more stories about cryptography.

Biting the hand that feeds IT © 1998–2018