It was well-known that PGP is vulnerable to short-ID collisions, and many experiments were done to demonstrate that. [0] Nevertheless, real attacks started in June, some developers found their fake keys with same name, email, and even “same” fake signatures by more fake keys in the wild, on the keyservers. [1]

All these keys have same short-IDs, created by collision attacks, led with some discussions about the danger of short-IDs. Now, it is worth to mention this issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman, and other kernel devs are found in the wild recently.

> We don’t know who is behind this, or what his purpose is. We just know this
> looks very evil.

Operated by the China Academy of Sciences, this 500 kg satellite – announced as the name “Mozi” in honor of a fifth century BC Chinese scientist – contains a quantum key communicator, quantum entanglement emitter, entanglement source, processing unit, and a laser communicator.

[…]

One of the major objectives of the mission is to set a Quantum Key Distribution from satellite to ground, setting an ultra-long-range quantum channel between ground and satellite with the assistance of high-precision acquisition, tracking and pointing system, implement a quantum key distribution between the satellite and the ground stations, and carry out unconditional secure quantum communication experiments.

missed this prior to launch, but more detail in this Nature article:

So far, scientists have managed to demonstrate quantum communication up to about 300 kilometres. Photons travelling through optical fibres and the air get scattered or absorbed, and amplifying a signal while preserving a photon’s fragile quantum state is extremely difficult. The Chinese researchers hope that transmitting photons through space, where they travel more smoothly, will allow them to communicate over greater distances.

At the heart of their satellite is a crystal that produces pairs of entangled photons, whose properties remain entwined however far apart they are separated. The craft’s first task will be to fire the partners in these pairs to ground -stations in Beijing and Vienna, and use them to generate a secret key.

During the two-year mission, the team also plans to perform a statistical measurement known as a Bell test to prove that entanglement can exist between particles separated by a distance of 1,200 kilometres. Although quantum theory predicts that entanglement persists at any distance, a Bell test would prove it.

Quantum computers exist today but, for the moment, they are small and experimental, containing only a handful of quantum bits. It’s not even certain that large machines will ever be built, although Google, IBM, Microsoft, Intel and others are working on it. (Adiabatic quantum computers, like the D-Wave computer that Google operates with NASA, can have large numbers of quantum bits, but currently solve fundamentally different problems.)

However, a hypothetical, future quantum computer would be able to retrospectively decrypt any internet communication that was recorded today, and many types of information need to remain confidential for decades. Thus even the possibility of a future quantum computer is something that we should be thinking about today.

[…]

Today we’re announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google’s servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. By adding a post-quantum algorithm on top of the existing one, we are able to experiment without affecting user security. The post-quantum algorithm might turn out to be breakable even with today’s computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer. Alternatively, if the post-quantum algorithm turns out to be secure then it’ll protect the connection even against a future, quantum computer.

cool and good

We show that modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation. An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone’s USB cable, and a USB sound card. Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS’s CommonCrypto.

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

We show that the secret decryption keys can be extracted from PCs running the the ECDH encryption algorithm, using the electromagnetic emanations generated during the decryption process.

By measuring the target’s electromagnetic emanations, the attack extracts    the secret decryption key within seconds, from a target located in an adjacent room across a wall.

ECDH (Elliptic Curve Diffie Hellman) is a standard public-key encryption algorithm used in OpenPGP, as specified in RFC 6637 and NIST SP800-56A. We attack the ECDH implementation of GnuPG’s Libgcrypt 1.6.3 (which is the latest version at the time the paper was written).

The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, in order to extract from the electromagnetic leakage emitted by the target laptop during performance of ECDH decryptions.

To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional – you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone – maybe a foreign government – was able to decrypt Juniper traffic in the U.S. and around the world.

[…]

For the past several months I’ve been running around with various groups of technologists, doing everything I can to convince important people that the sky is falling. Or rather, that the sky will fall if they act on some of the very bad, terrible ideas that are currently bouncing around Washington – namely, that our encryption systems should come equipped with “backdoors” intended to allow law enforcement and national security agencies to access our communications.

One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.

The problem with cryptographic backdoors isn’t that they’re the only way that an attacker can break into our cryptographic systems. It’s merely that they’re one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.

If you’re looking for a nice dose of crypto conspiracy theorizing and want to read a paper by some very knowledgeable cryptographers, I have just the paper for you. Titled “A Riddle Wrapped in an Enigma” by Neal Koblitz and Alfred J. Menezes, it tackles one of the great mysteries of the year 2015. Namely: why did the NSA just freak out and throw its Suite B program down the toilet?