background preloader

A (relatively easy to understand) primer on elliptic curve cryptography

A (relatively easy to understand) primer on elliptic curve cryptography
Author Nick Sullivan worked for six years at Apple on many of its most important cryptography efforts before recently joining CloudFlare, where he is a systems engineer. He has a degree in mathematics from the University of Waterloo and a Masters in computer science with a concentration in cryptography from the University of Calgary. This post was originally written for the CloudFlare blog and has been lightly edited to appear on Ars. Readers are reminded that elliptic curve cryptography is a set of algorithms for encrypting and decrypting data and exchanging cryptographic keys. Dual_EC_DRBG, the cryptographic standard suspected of containing a backdoor engineered by the National Security Agency, is a function that uses elliptic curve mathematics to generate a series of random-looking numbers from a seed. This primer comes two months after internationally recognized cryptographers called on peers around the world to adopt ECC to avert a possible "cryptopocalypse." A toy RSA algorithm

Related:  security_Crypto ToolsWeb Pages

In surveillance era, clever trick enhances secrecy of iPhone text messages A security researcher has developed a technique that could significantly improve the secrecy of text messages sent in near real time on iPhones. The technique, which will debut in September in an iOS app called TextSecure, will also be folded into a currently available Android app by the same name. The cryptographic property known as perfect forward secrecy has always been considered important by privacy advocates, but it has taken on new urgency following the recent revelations of widespread surveillance of Americans by the National Security Agency. Rather than use the same key to encrypt multiple messages—the way, say PGP- and S/MIME-protected e-mail programs do—applications that offer perfect forward secrecy generate ephemeral keys on the fly. In the case of some apps, including the OTR protocol for encrypting instant messages, each individual message within a session is encrypted with a different key. The use of multiple keys makes eavesdropping much harder.

Encryption Works: How to Protect Your Privacy in the Age of *** Surveillance. Download: [en] PDF, LibreOffice ODT • [pt] PDF, LibreOffice ODT Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.— Edward Snowden, answering questions live on the Guardian's website The NSA is the biggest, best funded spy agency the world has ever seen.

Cryptography Breakthrough Could Make Software Unhackable As a graduate student at the Massachusetts Institute of Technology in 1996, Amit Sahai was fascinated by the strange notion of a “zero-knowledge” proof, a type of mathematical protocol for convincing someone that something is true without revealing any details of why it is true. As Sahai mulled over this counterintuitive concept, it led him to consider an even more daring notion: What if it were possible to mask the inner workings not just of a proof, but of a computer program, so that people could use the program without being able to figure out how it worked? The idea of “obfuscating” a program had been around for decades, but no one had ever developed a rigorous mathematical framework for the concept, let alone created an unassailable obfuscation scheme. Over the years, commercial software companies have engineered various techniques for garbling a computer program so that it will be harder to understand while still performing the same function.

CryptoLocker Although CryptoLocker itself is readily removed, files remain encrypted in a way which researchers have considered infeasible to break. Many say that the ransom should not be paid, but do not offer any way to recover files; others say that paying the ransom is the only way to recover files that had not been backed up. Payment often, but not always, has been followed by files being decrypted. Operation[edit] The payload then proceeds to begin encrypting files across local hard drives and mapped network drives with the public key, and logs each file encrypted to a registry key. The process only encrypts data files with certain extensions, including Microsoft Office, OpenDocument, and other documents, pictures, and AutoCAD files.[4] The payload then displays a message informing the user that files have been encrypted, and demands a payment of 400 USD or Euro through an anonymous pre-paid cash voucher (i.e.

Qualys SSL Labs - Projects / SSL/TLS Deployment Best Practices SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works . . . except that it does not, really. The first part is true—SSL is easy to deploy—but it turns out that it is not easy to deploy correctly. The second operating system hiding in every mobile phone I've always known this, and I'm sure most of you do too, but we never really talk about it. Every smartphone or other device with mobile communications capability (e.g. 3G or LTE) actually runs not one, but two operating systems. Aside from the operating system that we as end-users see (Android, iOS, PalmOS), it also runs a small operating system that manages everything related to radio. Since this functionality is highly timing-dependent, a real-time operating system is required. This operating system is stored in firmware, and runs on the baseband processor.

Tools for Cryptography - An ECRYPT II initiative. Welcome to ECRYPT II Tools for Cryptography This website contains a collection of tools related to cryptography. See the overview page for a list of all tools. The about page contains more information on this initiative, and instructions for submitting your own tool. An Overview of Cryptography 1. INTRODUCTION Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens of millions of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography, which is the focus of this chapter.

Windows 8.1 includes seamless, automatic disk encryption—if your PC supports it Since Windows Vista, the upper-tier editions of Windows have supported local disk encryption via a feature called BitLocker Drive Encryption. Like the FileVault feature in newer versions of OS X or the “encrypt device” feature on many Android phones and tablets, you usually need to enable BitLocker manually to take advantage of it. Once enabled, it protects the data on your device from being accessed by someone who walks away with it. However, some mobile devices—including those running iOS, Windows Phone 8, and Windows RT—don’t require users to take device encryption into their own hands. These operating systems can all assume that the underlying hardware supports encryption, so they enable it by default in a way that’s entirely seamless and invisible to you as you use your phone or tablet day to day. Windows 8.1 finally brings this to x86 tablets and Ultrabooks in a feature Microsoft calls “device encryption.”

Encryption and Security Tutorial This page contains my godzilla crypto tutorial, totalling 973 slides in 12 parts, of which the first 10 (+ part 0) are the tutorial itself and the 12th is extra material which covers crypto politics. Part 12 isn't officially part of the technical tutorial itself, and much of it is now also rather dated (the material is extensively covered elsewhere so I haven't spent much time updating it). The tutorial is done at a reasonably high level, there are about two dozen books which cover things like DES encryption done at the bit-flipping level so I haven't bothered going down to this level. Instead I cover encryption protocols, weaknesses, applications, and other crypto security-related information. Data Broker Giants Hacked by ID Theft Service An identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at some of America’s largest consumer and business data aggregators, according to a seven-month investigation by KrebsOnSecurity. The Web site ssndob[dot]ms (hereafter referred to simply as SSNDOB) has for the past two years marketed itself on underground cybercrime forums as a reliable and affordable service that customers can use to look up SSNs, birthdays and other personal data on any U.S. resident. Prices range from 50 cents to $2.50 per record, and from $5 to $15 for credit and background checks.

Fact or Fiction: Encryption Prevents Digital Eavesdropping. Since the dawn of the Web and ubiquitous free e-mail services over the past two decades, the need to secure personal information online has been evident but often ignored. Last month’s exposure of the U.S. National Security Agency’s PRISM program for collecting data on individuals suspected of plotting terrorist attacks, spying or other forms of malfeasance (pdf) has helped bring privacy issues back into the spotlight. In fact, the news about PRISM even encouraged some prominent Internet pioneers to condemn the practice and call for renewed efforts among Internet users and their service providers to encrypt more data, to protect it from prying eyes.