A collection of stories tagged 'cryptographic' from Slashdot. http://www.roomformilk.com/ Copyright 2006 RoomforMilk.com. RoomforMilk is not affiliated with Slashdot.org. Sat, 22 Nov 2008 03:15:24 EST John Lam was one of many readers to send in news that on Thursday, "at a conference in Vienna, Austria, as reported by the BBC, a European Community science working group built a quantum backbone using 200-km of standard commercial optical fiber running among seven sites and successfully demonstrated the first secure quantum cryptographic key distribution network. In addition, each of the seven links used a different kind of quantum encryption, demonstrating interoperability between the technologies. To paraphrase, the project focused on the trusted repeater paradigm and developed an architecture allowing seamless integration of heterogeneous quantum-key distribution-link devices in a unified framework. Network node-modules managing all classical communication tasks provide the underlying quantum devices with authentic classical channels. The node-module architecture uses a layered model to provision network-wide, end-to-end, provably secure key distribution."Read more of this story at Slashdot. http://www.roomformilk.com/launch/25404 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/zC1vKd21fog/article.pl Fri, 10 Oct 2008 09:05:04 EDT An anonymous reader sends word of a paper presented a few days back by Adi Shamir, the S in RSA, that promises a new form of mathematical attack against a broad range of cryptographic ciphers. The computerworld.com.au report leans heavily on Schneier's blog entry from the Crypto 2008 conference and the attached comments. Shamir's paper has not been published yet. "[The new attack could affect] hash functions (such as MD5, SHA-256), stream ciphers (such as RC4), and block ciphers (such as DES, Triple-DES, AES) at the Crypto 2008 conference. The new method of cryptanalysis has been called a 'cube attack' and formed part of Shamir's invited presentation at Crypto 2008 — 'How to solve it: New Techniques in Algebraic Cryptanalysis.' The new attack method isn't necessarily going to work against the exact ciphers listed above, but it offers a new generic attack method that can target basically formed ciphers irrespective of the basic cipher method in use, provided that it can be described in a 'low-degree polynomial equation'... What may be the biggest outcome from this research is the range of devices in widespread use that use weaker cryptographic protection, due to power or size limitations, that are now vulnerable to a straightforward mathematical attack."Read more of this story at Slashdot. http://www.roomformilk.com/launch/24298 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/371941545/article.pl Fri, 22 Aug 2008 12:05:13 EDT schliz writes in with research out of Sweden in which researchers showed that, looking at a quantum cryptographic system as a whole, it was possible for an eavesdropper to extract some information about the QC key, thus reducing the security of the overall system. The team then proposed a cheap and simple fix for the problem. "The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed. But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to [get around the limitations] without being discovered. In a research paper, published in the international engineering journal IEEE Transactions on Information Theory (abstract), the researchers propose a change in the quantum cryptography process that they expect will restore the security of the technology."Read more of this story at Slashdot. http://www.roomformilk.com/launch/22364 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/289770946/article.pl Tue, 13 May 2008 21:05:02 EDT Debian package maintainers tend to very often modify the source code of the package they are maintaining so that it better fits into the distribution itself. However, most of the time, their changes are not sent back to upstream for validation, which might cause some tension between upstream developers and Debian packagers. Today, a critical security advisory has been released: a Debian packager modified the source code of OpenSSL back in 2006 so as to remove the seeding of OpenSSL random number generator, which in turns makes cryptographic key material generated on a Debian system guessable. The solution? Upgrade OpenSSL and re-generate all your SSH and SSL keys. This problem not only affects Debian, but also all its derivatives, such as Ubuntu." Reader RichiH also points to Debian's announcement and Ubuntu's announcement.Read more of this story at Slashdot. http://www.roomformilk.com/launch/22353 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/289535994/article.pl Tue, 13 May 2008 13:05:06 EDT Tools for removing DRM from iTunes-purchased songs (myFairTunes7, QtFairUse6) have been available from the Hymn Project Web site for some time. These are legal in many countries. But on the 20th Apple sent a Cease and Desist note to Hymn's ISP, forcing the site admins to remove all download links. It is speculated that this is due to a new tool being created (Requiem) that attacks Apple's FairPlay DRM through cryptographic means instead of by copying the unprotected music from memory while it is being played. But since the tools are no longer available (after several days there are still no public mirrors), discussion around this topic has died out. Many users buy music from the iTunes store and rely on DRM removal to be able to play the content on their mobile phones. Apple may be on dangerous ground here, since those users might now start checking out competing services."Read more of this story at Slashdot. http://www.roomformilk.com/launch/20793 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/240071277/article.pl Sat, 23 Feb 2008 17:05:03 EST Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them."Read more of this story at Slashdot. http://www.roomformilk.com/launch/20750 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/238894253/article.pl Thu, 21 Feb 2008 13:05:03 EST Scott Aaronson has posted a draft of his article from this month's Scientific American on the limitations of quantum computers (PDF) discussing the question: Will quantum computers let us transcend the human condition and become as powerful as gods, or are they a physical absurdity destined to be exposed as the twenty-first century's perpetual-motion machine? Aaronson says that while a quantum computer could quickly factor large numbers, and thereby break most of the cryptographic codes used on the Internet today, there's reason to think that not even a quantum computer could solve the crucial class of NP-complete problems efficiently. Aaronson contends that any method for solving NP-complete problems in polynomial time may violate the laws of physics and that this may be a fundamental limitation on technology no different than the second law of thermodynamics or the impossibility of faster-than-light communication."Read more of this story at Slashdot. http://www.roomformilk.com/launch/20701 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/237493102/article.pl Tue, 19 Feb 2008 06:05:01 EST First we learn from Bruce Schneier that the NSA may have left itself a secret back door in an officially sanctioned cryptographic random-number generator. Now Adi Shamir is warning that a math error unknown to a chip makers but discovered by a tech-savvy terrorist could lead to serious consequences, too. Remember the Intel blunder of 1996? 'Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be "trivially broken with a single chosen message." Executing the attack would require only knowledge of the math flaw and the ability to send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.'"Read more of this story at Slashdot. http://www.roomformilk.com/launch/18958 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/186937501/article.pl Sun, 18 Nov 2007 22:05:01 EST Bruce Schneier has a story on Wired about the new official standard for random-number generators the NIST released this year that will likely be followed by software and hardware developers around the world. There are four different approved techniques (pdf), called DRBGs, or 'Deterministic Random Bit Generators' based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. The generator based on elliptic curves called Dual_EC_DRBG has been championed by the NSA and contains a weakness that can only be described as a backdoor. In a presentation at the CRYPTO 2007 conference (pdf) in August, Dan Shumow and Niels Ferguson showed that there are constants in the standard used to define the algorithm's elliptic curve that have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG."Read more of this story at Slashdot. http://www.roomformilk.com/launch/18895 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/185358941/article.pl Thu, 15 Nov 2007 14:05:01 EST The National Institute of Standards and Technology has opened a public competition for the development of a new cryptographic hash algorithm, which will be called Secure Hash Algorithm-3 (SHA-3), and will augment the current algorithms specified in the Federal Information Processing Standard (FIPS) 180-2. This is in response to serious attacks reported in recent years against cryptographic hash algorithms, including SHA-1, and because SHA-1 and the SHA-2 family share a similar design. Submissions are being accepted through October 2008, and the competition timeline indicates that a winner will be announced in 2012."Read more of this story at Slashdot. http://www.roomformilk.com/launch/18783 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/182332397/article.pl Fri, 09 Nov 2007 16:05:36 EST Windows XP SP3 build 3205 is the first official & authorized release of the next Windows XP service pack; and has been made available to testers as a part of the Windows Server 2008/Windows Vista SP1 beta program. NeoSmart Technologies has the run-down on the included 1,073 patches/hotfixes including security updates. Contrary to popular belief, Windows XP SP3 does ship with new features/components, most of which have been backported from Windows Vista. Some included features: 'New Windows Product Activation model: no need to enter product key during setup. Network Access Protection modules and policies have been brought to XP after being one of the more-well-received features in Windows Vista. New Microsoft Kernel Mode Cryptographic Module - the Windows XP SP3 kernel now includes an entire module that provides easy access to multiple cryptographic algorithms and is available for use in kernel-mode drivers and services. New "Black Hole Router" detection - Windows XP SP3 can detect and protect against rogue routers that are discarding data.'"Read more of this story at Slashdot. http://www.roomformilk.com/launch/18118 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/166823372/article.pl Mon, 08 Oct 2007 04:06:12 EDT An anonymous reader alerts us to research out of Belgium and Israel that claims a practical attack on the KeeLoq auto anti-theft cipher. Here are slides from a talk (PDF) at CRYPTO 2007. From the researchers' site: "KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or a Jaguar. The cipher is included in the remote control device that opens and locks your car and that controls the anti-theft mechanisms. The 64-bit key block cipher was widely believed to be secure. In a recent research, a method to identify the key in less than a day was found. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). The attacker than runs the implemented software, finds the secret cryptographic key, and drives away in your car after copying the key." Update: 07/23 15:27 GMT by KD : One of the researchers, Sebastiaan Indesteege, pointed out that the link to the paper was incorrect; their paper has not yet been released to the public. I also managed to mis attribute his nationality. He is Belgian, not Dutch. My apologies.Read more of this story at Slashdot. http://www.roomformilk.com/launch/17232 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/147357443/article.pl Thu, 23 Aug 2007 12:05:17 EDT While research from PEW Internet (PDF) shows that few users really are bothered by spam, IETF is supporting a public key cryptographic based e-mail authentication mechanism called DomainKeys Identified Mail (DKIM) Signatures . The new spec is supposed to help in fighting both spam and fraud. From Ars Technica: 'DKIM's precursor, DomainKeys, was originally developed by Yahoo. The specifications for DKIM were then extended by an informal group of IT organizations that included companies like Yahoo, Cisco, EarthLink, Microsoft, and VeriSign, among others. It was first submitted by the group to the IETF in mid-2005, but only recently published by the IETF. The spec is still to be incorporated into a more formal draft and submitted for approval, however.'"Read more of this story at Slashdot. http://www.roomformilk.com/launch/15529 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/119425685/article.pl Thu, 24 May 2007 20:05:12 EDT Earlier today we discussed the possibility that Debian Etch might be released soon. Well, according to debian.org, it has already happened. Etch has been released: 'The Debian Project is pleased to announce the official release of Debian GNU/Linux version 4.0, codenamed etch, after 21 months of constant development. Debian GNU/Linux is a free operating system which supports a total of eleven processor architectures and includes the KDE, GNOME and Xfce desktop environments. It also features cryptographic software and compatibility with the FHS v2.3 and software developed for version 3.1 of the LSB.'" http://www.roomformilk.com/launch/14550 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/107641633/article.pl Mon, 09 Apr 2007 02:05:01 EDT Bruce Schneier has a commentary in Wired titled An American Idol for Crypto Geeks on the US government's competition for a new cryptographic hash function to become the national standard, covered here recently. He talks about how much the competition, slated to wrap up by 2011, will advance the cryptographic state of the art. And how much fun he expects to have. http://www.roomformilk.com/launch/13389 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/89763338/article.pl Mon, 12 Feb 2007 10:05:12 EST VeriSign and NetMesh are making the case for OpenID, the grass-roots, decentralized digital identity system already supported by LiveJournal, Six Apart, Technorati, VeriSign and many startups, reportedly growing 5% every single week. They say OpenID 'is fundamentally different from other identity technologies' because it is a 'fully decentralized system' and has a 'much lighter cost structure' than any alternative, like Microsoft Passport, CardSpace or Liberty Alliance. Time to remove username and password from your site and add OpenID libraries instead, so visitors can authenticate with their blog URL?" From the article: "If tomorrow, for example, you decide you don't like the Diffie-Hellman cryptographic key exchange at the root of OpenID authentication, you can develop your own way of authenticating, and deploy it within the OpenID framework. If you have an idea for a new identity-related service that nobody else ever thought of, you can deploy it into the OpenID framework as soon as your code is ready. This radical decentralization on all levels of the stack, both technically and organizationally, is a very strong catalyst for attracting innovators and their innovations. This makes OpenID a superior choice for identity-related innovation." http://www.roomformilk.com/launch/12035 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/57426993/article.pl Tue, 05 Dec 2006 10:05:04 EST Researchers at the University of Washington have published a report detailing many easy and cheap ways the Nike+ iPod Sport Kit previously discussed on Slashdot can be used to track individuals, even when they are not carrying their iPod. They have even implemented a Google Maps application to display surveillance data in real time." From the article: "'Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit,' the group reports. 'Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets,' the group reports. 'We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study.'" http://www.roomformilk.com/launch/11973 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/56403211/article.pl Sat, 02 Dec 2006 02:05:00 EST romiz writes, "Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements to get information on the bits in the private key. However, the method is not very practical because it requires many attempts to obtain meaningful information, and the current OpenSSL implementation now includes protections against those attacks. However, German cryptographer Jean-Pierre Seifert has announced a new method called Simple Branch Prediction Analysis that is at the same time much more efficient that the previous ones, only needs a single attempt, successfully bypasses the OpenSSL protections, and should prove harder to avoid without a very large execution penalty." From the article: "The successful extraction of almost all secret key bits by our SBPA attack against an openSSL RSA implementation proves that the often recommended blinding or so called randomization techniques to protect RSA against side-channel attacks are, in the context of SBPA attacks, totally useless." Le Monde interviewed Seifert (in French, but Babelfish works well) and claims that the details of the SBPA attack are being withheld; however, a PDF of the paper is linked from the ePrint abstract. http://www.roomformilk.com/launch/11698 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/51111769/article.pl Sat, 18 Nov 2006 18:05:00 EST An anonymous reader writes, "Cryptographer David Chaum and his research team have invented a new voting protocol which allows voters to verify that their vote has been correctly cast and counted. This is enabled using a surprisingly low-tech technique of cryptographic secret sharing. The secret — your marked ballot — is split into two halves using a hole punch" You take half home and can verify later via a Web interface how your particular ballot was counted. http://www.roomformilk.com/launch/11417 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/45591486/article.pl Sun, 05 Nov 2006 22:05:00 EST Public key crypto turned 30 last night, and the biggest names in crypto turned out to celebrate at an event hosted at the Computer History Museum. Voltage Security teamed with RSA to bring together some of the most famous cryptographers of yesterday (Whitfield Diffie and Martin Hellman) and today (Dan Boneh), along with luminaries Ray Ozzie, Brian Snow, and Jim Bidzos. From the ZDNet article: 'NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying that no technology has had a more profound impact than cryptography, and that the role of public-key cryptography has been under appreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.' You can view the podcast and pictures of the event at the Voltage Security site.." http://www.roomformilk.com/launch/11242 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/42685217/article.pl Sat, 28 Oct 2006 08:05:01 EDT An anonymous reader writes, "Microsoft insists that its Windows Genuine Advantage anti-piracy program is nearly flawless. But that's not the impression you get when you visit the company's WGA Validation Problems forum. Ed Bott at ZDNet went through 137 problem reports submitted there during a two-week period, each one accompanied by the output from the official Microsoft diagnostic utility, and found that 42% of the people reporting problems were actually running Genuine software. From the article: 'One large group consists of people who, for some unexplained reason, were displaying cryptographic errors related to digital signatures. The problem is so common, in fact, that Microsoft representatives have a canned response they paste into replies to forum visitors who appear to be showing false positives caused by these errors.' In a related story, the first WGA errors from Windows Vista and Office 2007 have appeared in the wild." http://www.roomformilk.com/launch/10601 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/28509086/article.pl Wed, 27 Sep 2006 18:05:01 EDT Schneier is reporting that a 3 year old freedom of information act request has finally come to fruition showing us indices from the NSA Technical Journal, Cryptographic Quarterly, Crytologic Spectrum, and Cryptologic Almanac. From the article: "The request took more than three years for them to process and declassify -- sadly, not atypical -- and during the process they asked if he would accept the indexes in lieu of the tables of contents pages: specifically, the cumulative indices that included all the previous material in the earlier indices. He agreed, and got them last month. Consider these bibliographic tools as stepping stones. If you want an article, send a FOIA request for it. Send a FOIA request for a dozen. There's a lot of stuff here that would help elucidate the early history of the agency and some interesting cryptographic topics." http://www.roomformilk.com/launch/10581 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/28018523/article.pl Tue, 26 Sep 2006 22:05:02 EDT Daniel Cray writes to tell us ZDNet is reporting that OpenSSL versions up to 0.9.7j and 0.9.8b are vulnerable to a signature forgery technique. OpenSSL has already released an update fixing the problem. From the article: "The flaw only affects a particular type of signature--PKCS #1 v1.5 signatures--but these are used by some certificate authorities. [...] The signature forgery technique was first demonstrated last month at the Crypto 2006 conference by Daniel Bleichenbacher, a cryptographer with Bell Labs, according to security firm Netcraft. OpenSSL credited Google Security with successfully forging various certificates and providing the fix." http://www.roomformilk.com/launch/10556 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/27334674/article.pl Mon, 25 Sep 2006 19:05:00 EDT jdubs writes to tell us ScienceDaily is reporting that scientists at Northwestern University and BBN Technologies have demonstrated the first truly quantum cryptographic data network. From the article: "Kumar's research team recently demonstrated a new way of encrypting data that relies on both traditional algorithms and on physical principles. This QDE method, called AlphaEta, makes use of the inherent and irreducible quantum noise in laser light to enhance the security of the system and makes eavesdropping much more difficult. Unlike most other physical encryption methods, AlphaEta maintains performance on par with traditional optical communications links and is compatible with standard fiber optical networks." http://www.roomformilk.com/launch/10009 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/17567193/article.pl Wed, 30 Aug 2006 03:05:01 EDT Slagged writes to mention the word that Linus Torvalds isn't a fan of the new GPL draft. News.com has the story, and someone purporting to be Linus is causing a ruckus in the Groklaw thread on the subject. From the News.com article: "Say I'm a hardware manufacturer. I decide I love some particular piece of open-source software, but when I sell my hardware, I want to make sure it runs only one particular version of that software, because that's what I've validated. So I make my hardware check the cryptographic signature of the binary before I run it ... The GPLv3 doesn't seem to allow that, and in fact, most of the GPLv3 changes seem to be explicitly designed exactly to not allow the above kind of use, which I don't think it has any business doing." http://www.roomformilk.com/launch/9388 http://rss.slashdot.org/~r/Slashdot/slashdot/~3/6616397/article.pl Fri, 28 Jul 2006 17:05:00 EDT