recentpopularlog in

mcherm : encryption   33

Private by Design: How we built Firefox Sync - Mozilla Hacks - the Web developer blog
Firefox sync keeps data secure from Mozilla by using the passphrase to generate 2 keys - one authenticates to Mozilla's servers and the other is used to encrypt/decrypt *in the client*. Article discusses why they thought this approach was better for users than several alternatives used by other browsers.
privacy  security  encryption  firefox  via:HackerNews  design  architecture  chrome  browsers 
november 2018 by mcherm
Understanding the prevalence of web traffic interception
Around 4% - 10% of web traffic is man-in-the-middle attacked (mostly by virus checkers and corporate firewalls).
via:boingboing  security  internet  encryption 
september 2017 by mcherm
UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor • The Register
UK passes law that says the government can demand back doors from any UK company. Stop using security products from all UK companies.
law  security  encryption  via:HackerNews 
november 2016 by mcherm
Security experts have cloned all seven TSA master keys | TechCrunch
The master keys to TSA's special locks are like key escrow, and neither one is secure. TSA says "who cares?"
security  TSA  encryption  techcrunch  via:HackerNews 
july 2016 by mcherm
Official Tally of Wiretaps Belies Government Scare Stories About Encryption
Official government numbers say only a tiny handful of legally authorized wiretaps were stymied by encryption.
encryption  4thAmmendment  security  via:reddit 
july 2016 by mcherm Friday Q&A 2016-02-19: What Is the Secure Enclave?
Details about how the iPhone's secure enclave works. And I've read stuff elsewhere that basically makes me believe Apple can released (signed) code updates for the secure enclave.
security  encryption  apple  via:HackerNews 
february 2016 by mcherm
Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach You. - The Intercept
Some of the story as told by a person working for the EFF who helped to set up the secure communications channels that Edward Snowden used to communicate his leak.
snowden  eff  encryption  security  privacy 
october 2014 by mcherm
Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents
A right not to be forced to decrypt your data. (As long as the government doesn't ALREADY know that there's something incriminating there. If they do know, then you CAN be forced to decrypt.)
law  via:slashdot  encryption 
february 2012 by mcherm
Paswords - You Can't Do It Right
Why passwords are no longer an acceptable security mechanism. (1) people are dumb with them, (2) people who TRY to be smart with them fail, (3) cracking is amazingly fast. My current scheme takes only 4 yrs to crack w/ just one machine.
security  programming  hacking  encryption  cryptography  via:JamesIry  blogworthy 
december 2011 by mcherm
Deep packet inspection used to stop censorship in new "Telex" scheme
Very clever scheme. Countries that control the internet to suppress their citizens can't inspect an SSL session, they can only block who you connect to. So put routers in the middle (at backbone providers) that re-direct to a different place. To signal them undetectably, generate the nonce for the SSL in a way that's detectable only by the holder of a certain private key.
security  cryptography  censorship  steganography  privacy  ArsTechnica  via:ArsTechnica  encryption 
july 2011 by mcherm
RSA finally comes clean: SecurID is compromised
RSA hardware tokens were ALL compromised because someone managed to steal the seeds.
security  ArsTechnica  hacking  encryption  via:HackerNews 
june 2011 by mcherm
Vanish: Increasing Data Privacy with Self-Destructing Data (pdf)
How do you build something that will reliably destroy your data after a time limit, even if the FBI grabs your hard drive? Encrypt with a random key, then Shamir secret share the key to a P2P network but without guaranteeing long-term storage.
computerscience  cryptography  privacy  encryption  p2p  via:reddit  blogworthy 
january 2011 by mcherm
HTTPS Everywhere | Electronic Frontier Foundation
This is a great idea: a Firefox extension that automatically uses HTTPS instead of HTTP on a configurable list of sites that allow either. Prevent anyone from spying on you; run the net the way it should have been designed. And it's from the ever-wonderful EFF.
security  eff  cryptography  encryption  firefox  extension  via:boingboing 
june 2010 by mcherm
A New Law that Will Change the Way You Build Database Applications
No, this can't really be true... claims that the state of MA just passed a law that any use of data on a MA resident must be encrypted over the wire and in the DB. So you can't enter your name on a non-SSL form?
security  privacy  law  encryption  via:slashdot  programming 
april 2010 by mcherm
Intercepting Predator Video: Schneier on Security
Bruce Schneier defends the lack of encryption on the video channel for predator drones. He says the key management would be horrible, and the risk of NOT giving the data to someone in the field who needs it is greater than the risk that bad guys can benefit from it. He proposes perhaps the military needs a new protocol that is less stringent for applications like this - perhaps you would be allowed to say keys over the telephone, for instance.
BruceSchneier  via:BruceSchneier  security  usability  encryption  cryptography 
december 2009 by mcherm
Cheap Cracks - Of dictionaries and rainbows - The H Security: News and Features
A lot of background about rainbow tables by the author of the crack of the GSM standard for encoding cell phone communications. Explains that the problem making GSM so vulnerable is that they didn't use a salt!
cryptography  security  via:reddit  encryption  salt 
december 2009 by mcherm
Tales from the encrypt: the secrets of data protection | Technology |
So you encrypt everything: good. But what if you die? How do you make sure your heirs can access your stuff once you're dead but can't get it now?
via:CoryDoctorow  CoryDoctorow  encryption  security 
june 2009 by mcherm
Internet crimes to be proud of | Security Central - InfoWorld
Story of someone who considered violating US crypto export laws as a protest, but was talked out of it by Phil Zimmermann (the maker of PGP).
encryption  via:reddit  PhilZimmermann  rights  politics 
june 2009 by mcherm
A clever idea -- a browser plug-in that takes your universal password and hashes it with the domain of a site to produce a per-site password. This avoids the problem where hackers crack one site and get your password to everywhere. (Also helps against phishing.) Web site available for cases where you can't install the plugin.
security  encryption  cryptography  via:CodingHorror  firefox  plugin 
may 2009 by mcherm
NSA offering 'billions' for Skype eavesdrop solution • The Register
NSA may just pay Skype big money to be able to eavesdrop on Skype calls. Rumor has it NSA can hack it now (IF they get access to the data which travels P2P) but it's too much work; bribery may be cheaper.
security  surveillance  via:BruceSchneier  TheRegister  skype  nsa  encryption 
march 2009 by mcherm
Disclosing a key to a GPG-encrypted file without exposing your private key » maniacmartin
Very interesting point: if you are required to decrypt a message sent encrypted, you can probably do so without revealing your key. In normal use, asymmetric encryption is used to encrypt the key to a symmetric cipher which encrypts the message itself. Reveal the symmetric cipher key instead of your actual password. Useful, for instance, against the UK rules on mandatory decryption.
security  encryption  cryptography  via:reddit 
september 2008 by mcherm
Ned Batchelder: Spore creature creator and steganography
Spore creature creator allows you to save images of your creature, and the image can be loaded in the game to get the creature. They're burying the data in the last few bits of the image. There's a data area in PNG, but this has a certain coolness factor.
spore  steganography  NedBatchelder  encryption  security 
june 2008 by mcherm
Compressed web phone calls are easy to bug - tech - 12 June 2008 - New Scientist Tech
Compress a phone call, then encrypt it. An attacker can just check packet size and partially determine what was said, because (1) the data is real-time, and (2) certain letter sounds compress more than others.
security  via:boingboing  encryption  hacking  phone  cryptography  skype  privacy 
june 2008 by mcherm
Secure Passwords Keep You Safer
Bruce Schneier on passwords... what users do, how good guesser programs work, and what you should do to make yours more secure.
BruceSchneier  via:BruceSchneier  encryption  security  passwords 
may 2008 by mcherm
Enclosed, but not encrypted - heise Security UK
This is why you have to really trust the provider of encryption technology... it's often done wrong and advertised falsely. These super-encrypted drives are trivial to crack, they just use XOR not AES as claimed.
security  encryption  via:BruceSchneier 
february 2008 by mcherm
Cold Boot Attacks Against Disk Encryption
The encryption keys are kept in DRAM, but if you cut the power the memory is retained for minutes (hours if you freeze the chip). This allows one to undermine pretty much ANY current encryption system if you have the hardware. Useful for device mods.
encryption  hardware  privacy  security  via:BruceSchneier 
february 2008 by mcherm
For years US eavesdroppers could read encrypted messages without the least difficulty
Swiss company that provided encryption tools to many countries was secretly installing back doors for the NSA.
security  via:BruceSchneier  cryptography  encryption 
january 2008 by mcherm
The Volokh Conspiracy - Magistrate Judge Finds Fifth Amendment Right Not to Enter Encryption Passphrase:
Legal case over whether one can be legally compelled to reveal one's password so the police can decrypt incriminating files on one's computer. This judge says no; many legal experts dispute that.
privacy  encryption  security  law  via:BruceSchneier  blogentry 
december 2007 by mcherm
Did NSA Put a Secret Backdoor in New Encryption Standard?
Bruce Schneier explains why he thinks the NSA put a backdoor into a published standard for random number generation.
security  encryption  cryptography  NSA  via:BruceSchneier  hacking  algorithms  programming 
december 2007 by mcherm
Judge: Man can't be forced to divulge encryption passphrase | The Iconoclast - politics, law, and technology - CNET
Interesting legal question: in US law, can a person be compelled to provide their password to be used to decrypt data to be used against them in court. This judge says no; many legal experts dispute that.
civilrights  security  privacy  law  encryption  via:BruceSchneier 
december 2007 by mcherm

Copy this bookmark:

to read