background preloader

Encryption and Back Doors

Facebook Twitter

Quipqiup - cryptoquip and cryptogram solver. How the NSA can break trillions of encrypted Web and VPN connections. For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies.

How the NSA can break trillions of encrypted Web and VPN connections

Now, researchers are renewing their warning that a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections. The cost for adversaries is by no means modest. #20 FBI Seeks Backdoors in New Communications Technology – Top 25 of 2014 – 2015. Responding to announcements by Apple and Google that they would make customers’ smartphone and computer data more secure, in October 2014 the Federal Bureau of Investigation’s director James Comey announced that the Bureau was seeking to enlarge its data collection capabilities to include direct access to cell phones, tablets, and computers through an expansion of the 1994 Communications Assistance for Law Enforcement Act (CALEA).

#20 FBI Seeks Backdoors in New Communications Technology – Top 25 of 2014 – 2015

Comey told an audience at the Brookings Institution that expanding surveillance was in the interest of “public safety” to protect the nation against “potential terrorist threats.” According to the FBI director, “Unfortunately, the law hasn’t kept pace with technology, and this disconnect has created a significant public-safety problem.” Specifically, Comey called on Congress to update CALEA to mandate all software and hardware providers to build interception methods into their products and services.  TrueCrypt, the final release, archive   Yes . . .

 TrueCrypt, the final release, archive  

TrueCrypt is still safe to use. Google is generating a false-positive alert Recent attempts to download the TrueCrypt files here, using Chrome or Firefox (Mozilla uses Google's technology), have been generating false-positive malware infection warnings. They must be false-positives because no change has been made to the files since this page was put up nearly a year ago (May 29th, 2014) and many people have confirmed that the downloaded binaries have not changed and that their cryptographic hashes still match.

Also, the well-known and respected “VirusTotal” site, which scans files through all virus scanners reports ZERO hits out of 57 separate virus scan tests: VirusTotal scan results. We have no idea where or why Google got the idea that there was anything wrong with these files. NSA can tap into BlackBerry, iOS, and Android systems. The US National Security Agency (NSA) can access data on smart phones using the world’s most popular systems including iOs, Android, and even BlackBerry – which markets itself to be highly secure, according to a new report.

NSA can tap into BlackBerry, iOS, and Android systems

The NSA has tapped into all the leading mobile operating systems to gain access to contact lists, SMS traffic, notes, and users’ current and past locations, Der Spiegel reported, citing internal NSA documents. On the NSA. Let me tell you the story of my tiny brush with the biggest crypto story of the year.

On the NSA

A few weeks ago I received a call from a reporter at ProPublica, asking me background questions about encryption. Meet the new hackers: Johnny Law. By Robert X.

Meet the new hackers: Johnny Law

Cringely It seems hackers have attained a new image. Forget scruffy 20-something males carrying backpacks and desperately in need of personal grooming. Think buzz cuts, gray suits, and Brylcreem. As feds and hackers eyed each other warily across the blackjack tables at last week's Black Hat conference, some were apparently busy attacking the Tor anonymity network . Was Secret Backdoor In New Encryption Standard Put There By The NSA? Earlier this year the U.S. government released a new official standard for random-number generators that is likely to be followed by software and hardware developers around the world called NIST Special Publication 800-90, a 130-page document (PDF) containing four different approved techniques called DRBGs, or "Deterministic Random Bit Generators.

Was Secret Backdoor In New Encryption Standard Put There By The NSA?

" All four are based on existing cryptographic primitives. Ferguson and Shumow raised concerns about the potential backdoor in the Dual_EC_DRBG algorithm which unlike the others, is based on elliptic curves, said to three orders of magnitude slower than the others. Dual_EC_DRBG. Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)[1] is a claimed cryptographically secure pseudorandom number generator (CSPRNG) standardized by the National Institute of Standards and Technology (NIST), ANSI, and ISO.

Dual_EC_DRBG

Dual_EC_DRBG is based on the elliptic curve discrete logarithm problem (ECDLP) and is one of the four CSPRNGs standardized in NIST SP 800-90A. Members of the ANSI standard group, to which Dual_EC_DRBG was first submitted, were aware of the exact mechanism of the potential backdoor and how to disable it,[5] but did not take sufficient steps to unconditionally disable the backdoor. The general cryptographic community was initially not aware of the potential backdoor, until of Dan Shumow and Niels Ferguson 2007 rediscovery, or of Certicom's Daniel R. L. Brown and Scott Vanstone's 2005 patent application describing the backdoor mechanism.

Timeline[edit] Security[edit] A security proof was later published for Dual_EC_DRBG by Daniel R.L. 1) Chosen Q Daniel R.