Tag: cryptography

Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Aurich Lawson Ever since the National Security Agency’s secret surveillance program came to light three weeks ago, implicated companies have issued carefully worded statements denying that government snoops have direct or wholesale access to e-mail and other sensitive customer data. The most strenuous denial came 10 days ago, when Apple said it took pains to protect personal information stored on its servers , in many cases by not collecting it in the first place. “For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them,” company officials wrote . “Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.” Some cryptographers and civil liberties advocates have chafed at the claim that even Apple is unable to bypass the end-to-end encryption protecting them. After all, Apple controls the password-based authentication system that locks and unlocks customer data. More subtly, but no less important, cryptographic protections are highly nuanced things that involve huge numbers of moving parts. Choices about the types of keys that are used, the ways they’re distributed, and the specific data that is and isn’t encrypted have a huge effect on precisely what data is and isn’t protected and under what circumstances. Read 15 remaining paragraphs | Comments

View post:
Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Los Alamos National Lab has had quantum-encrypted internet for over two years

Nothing locks down data better than a laser-based quantum-encrypted network, where the mere act of looking at your data causes it to irrevocably change. Although such systems already exist, they’re limited to point-to-point data transfers since a router would kill the message it’s trying to pass along just by reading it. However, Los Alamos National Labs has been testing an in-house quantum network, complete with a hub and spoke system that gets around the problem thanks to a type of quantum router at each node. Messages are converted at those junctures to conventional bits, then reconverted into a new encrypted message, which can be securely sent to the next node, and so on. The researchers say it’s been running in the lab for the last two and a half years with few issues, though there’s still a security hole — it lacks quantum integrity at the central hub where the data’s reconverted, unlike a pure quantum network. However, the hardware would be relatively simple to integrate into any fiber-connected device, like a TV set-top box, and is still more secure than any current system — and infinitely better than the 8-character WiFi code you’re using now. Filed under: Science , Internet , Alt Comments Source: Cornell University Library

View article:
Los Alamos National Lab has had quantum-encrypted internet for over two years

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place. It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second. By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic “salt” to each password, preventing crackers from tackling large numbers of hashes at once. Read 7 remaining paragraphs | Comments

Continue reading here:
Cisco switches to weaker hashing scheme, passwords cracked wide open

Which Encryption Apps Are Strong Enough to Help You Take Down a Government?

It seems like these days I can’t eat breakfast without reading about some new encryption app that will (supposedly) revolutionize our communications — while making tyrannical regimes fall like cheap confetti. More »

More:
Which Encryption Apps Are Strong Enough to Help You Take Down a Government?

SkypeHide promises to hide secret messages in silent Skype packets, even when authorities are listening

Buzzing around the internet this week: Polish security researcher and professor Wojciech Mazurczyk (left) claims to be developing a way to hide secret, un-eavesdroppable messages in “silent” packets transmitted within Skype conversations . He and his team plan to present SkypeHide at a steganography conference in Montpellier, France, this coming June. VentureBeat has a writeup here . The ease with which Skype can be snooped by law enforcement is well-known . I’ll be interested to hear what other security researchers make of Mazurczyk’s project, when and if it is eventually released.

See original article:
SkypeHide promises to hide secret messages in silent Skype packets, even when authorities are listening