Entries Tagged "cryptography"
Page 23 of 55
Liveblogging the Financial Cryptography Conference
Ross Anderson liveblogged Financial Cryptography 2014. Interesting stuff.
How NIST Develops Cryptographic Standards
This document gives a good overview of how NIST develops cryptographic standards and guidelines. It’s still in draft, and comments are appreciated.
Given that NIST has been tainted by the NSA’s actions to subvert cryptographic standards and protocols, more transparency in this process is appreciated. I think NIST is doing a fine job and that it’s not shilling for the NSA, but it needs to do more to convince the world of that.
Decoding the Voynich Manuscript
The Voynich Manuscript has been partially decoded. This seems not to be a hoax. And the manuscript seems not to be a hoax, either.
Here’s the paper.
New Results in Software Obfuscation
Amit Sahai and others have some new results in software obfuscation. The papers are here. An over-the top Wired.com story on the research is here. And Matthew Green has a great blog post explaining what’s real and what’s hype.
NSA/GCHQ Accused of Hacking Belgian Cryptographer
There has been a lot of news about Belgian cryptographer Jean-Jacques Quisquater having his computer hacked, and whether the NSA or GCHQ is to blame. There have been a lot of assumptions and hyperbole, mostly related to the GCHQ attack against the Belgian telecom operator Belgacom.
I’m skeptical. Not about the attack, but about the NSA’s or GCHQ’s involvement. I don’t think there’s a lot of operational value in most academic cryptographic research, and Quisquater wasn’t involved in practical cryptanalysis of operational ciphers. I wouldn’t put it past a less-clued nation-state to spy on academic cryptographers, but it’s likelier this is a more conventional criminal attack. But who knows? Weirder things have happened.
PowerLocker uses Blowfish
There’s a new piece of ransomware out there, PowerLocker (also called PrisonLocker), that uses Blowfish:
PowerLocker could prove an even more potent threat because it would be sold in underground forums as a DIY malware kit to anyone who can afford the $100 for a license, Friday’s post warned. CryptoLocker, by contrast, was custom built for use by a single crime gang. What’s more, PowerLocker might also offer several advanced features, including the ability to disable the task manager, registry editor, and other administration functions built into the Windows operating system. Screen shots and online discussions also indicate the newer malware may contain protections that prevent it from being reverse engineered when run on virtual machines.
PowerLocker encrypts files using keys based on the Blowfish algorithm. Each key is then encrypted to a file that can only be unlocked by a 2048-bit private RSA key. The Malware Must Die researchers said they had been monitoring the discussions for the past few months. The possibility of a new crypto-based ransomware threat comes as developers continue to make improvements to the older CryptoLocker title. Late last month, for instance, researchers at antivirus provider Trend Micro said newer versions gave the CryptoLocker self-replicating abilities that allowed it to spread through USB thumb drives.
Edward Elgar's Ciphers
Elgar’s cryptography puzzles from the late 1890s.
Cryptographic Blunders Revealed by Adobe's Password Leak
Adobe lost 150 million customer passwords. Even worse, they had a pretty dumb cryptographic hash system protecting those passwords.
Elliptic Curve Crypto Primer
This is well-written and very good.
Sidebar photo of Bruce Schneier by Joe MacInnis.