Tag: encrypted | Page 11

Encrypted communications could have an undetectable backdoor

October 11, 2016/in Computer Security

Researchers warn that many 1024-bit keys used to secure communications on the internet today might be based on prime numbers that have been intentionally backdoored in an undetectable way.

Many public-key cryptography algorithms that are used to secure web, email, VPN, SSH and other types of connections on the internet derive their strength from the mathematical complexity of discrete logarithms — computing discrete logarithms for groups of large prime numbers cannot be efficiently done using classical methods. This is what makes cracking strong encryption computationally impractical.

Most key-generation algorithms rely on prime parameters whose generation is supposed to be verifiably random. However, many parameters have been standardized and are being used in popular crypto algorithms like Diffie-Hellman and DSA without the seeds that were used to generate them ever being published. That makes it impossible to tell whether, for example, the primes were intentionally “backdoored” — selected to simplify the computation that would normally be required to crack the encryption.

To read this article in full or to leave a comment, please click here

Network World Security

Feds secretly subpoenaed encrypted chat app Signal

October 5, 2016/in Internet Security

They came away empty-handed, thanks to Open Whisper System’s barebones logs on customers.
Naked Security – Sophos

Riseup, providing encrypted comms for over 15 years, could run out of money next month

September 5, 2016/in Computer Security

Riseup.net, the non-profit collective which has been providing dissidents a way to encrypt their communications since 1999, without revealing your location or logging your IP address, is running out of money:

The news is not good

We hate to be bad news birds, but we need to tell you that Riseup will run out of money next month. We had a number of unexpected hardware failures, lower-than-expected regular donations, and a record year of new Riseup users which puts more financial pressure on us than ever before.

We need your help to keep things going this year, so we are starting a campaign to ask Riseup users to give us just one dollar!

Can you give us a dollar? There are a lot of easy ways to do it: https://riseup.net/donate

It seems that Riseup.net saw a boom in new users in the wake of the Edward Snowden revelations, but has not managed to match that growth with sufficient regular donations.

If Riseup.net shuts down, that also means the end for 150,000 email accounts and over 18,000 mailing lists that depend on the service for their privacy and security.

It would be sad to see Riseup.net close its doors. I hope people who value online liberty will support this noble cause.

(Yes, I already donated.)

Graham Cluley

If you care about your encrypted data, get rid of your iPhone 5c

March 29, 2016/in Mobile Security

If the FBI can hack the iPhone, others can, too, which means the encrypted content on countless phones is no longer secure.

Owners of these phones who care about securing their content should think about upgrading to something else. Newer iPhones, for example, might not have the same weakness and so would be less vulnerable, at least for a while.

The FBI has dropped its court action that might have forced Apple to help undermine security that blocked a brute-force attack against the passcode on the iPhone 5c used by a terrorist in San Bernardino. That’s because the FBI found someone else – reportedly Israeli mobile-forensics company Cellebrite – to do it for them.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Tag Archive for: encrypted