recentpopularlog in


« earlier   
Welcome — Magic-Wormhole 0.11.2+75.ga5e011f.dirty documentation
Get things from one computer to another, safely.

This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical “wormhole codes”: in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
file-transfer  cryptography  command_line 
3 days ago by 8sNtXb2WMVuL4FWFzdBop4jFFWRQDf
python - How do I install PyCrypto on Windows? - Stack Overflow
A: If you don't already have a C/C++ development environment installed that is compatible with the Visual Studio binaries distributed by, then you should stick to installing only pure Python packages or packages for which a Windows binary is available.

Fortunately, there are PyCrypto binaries available for Windows:
2012  2017  forumthread  stackexchange  python  cryptography  downloads  windows  x86  amd64  links  winecompatible  software  libraries 
3 days ago by ezequiel
Number571/CNINET: CNINET = Cryptographic Non-Indexable Network.
CNINET = Cryptographic Non-Indexable Network. Contribute to Number571/CNINET development by creating an account on GitHub.
golang  cryptography 
4 days ago by geetarista
Shamir's Secret Sharing Scheme
by Eric Rafaloff. How to split cryptographic keys up among multiple parties, so that the key can be used by a quorum of members. Basically, it works through polynomial interpolation — the order of the polynomial is the number of people in the quorum.
5 days ago by DGrady
Attack of the week: searchable encryption and the ever-expanding leakage function
In all seriousness: database encryption has been a controversial subject in our field. I wish I could say that there’s been an actual debate, but it’s more that different researchers have fallen into different camps, and nobody has really had the data to make their position in a compelling way. There have actually been some very personal arguments made about it. The schools of thought are as follows:

The first holds that any kind of database encryption is better than storing records in plaintext and we should stop demanding things be perfect, when the alternative is a world of constant data breaches and sadness.

To me this is a supportable position, given that the current attack model for plaintext databases is something like “copy the database files, or just run a local SELECT * query”, and the threat model for an encrypted database is “gain persistence on the server and run sophisticated statistical attacks.” Most attackers are pretty lazy, so even a weak system is probably better than nothing.

The countervailing school of thought has two points: sometimes the good is much worse than the perfect, particularly if it gives application developers an outsized degree of confidence of the security that their encryption system is going to provide them.

If even the best encryption protocol is only throwing a tiny roadblock in the attacker’s way, why risk this at all? Just let the database community come up with some kind of ROT13 encryption that everyone knows to be crap and stop throwing good research time into a problem that has no good solution.

I don’t really know who is right in this debate. I’m just glad to see we’re getting closer to having it.

(via Jerry Connolly)
cryptography  attacks  encryption  database  crypto  security  storage  ppi  gdpr  search  databases  via:ecksor 
5 days ago by jm

Copy this bookmark:

to read