KREUZADER (Posts tagged encryption)

1.5M ratings
277k ratings

See, that’s what the app is perfect for.

Sounds perfect Wahhhh, I don’t wanna
Entanglement-based secure quantum cryptography over 1,120 kilometres
Quantum key distribution (QKD) is a theoretically secure way of sharing secret keys between remote users. It has been demonstrated in a laboratory over a coiled optical fibre up to...

Entanglement-based secure quantum cryptography over 1,120 kilometres

Quantum key distribution (QKD) is a theoretically secure way of sharing secret keys between remote users. It has been demonstrated in a laboratory over a coiled optical fibre up to 404 kilometres long In the field, point-to-point QKD has been achieved from a satellite to a ground station up to 1,200 kilometres away. However, real-world QKD-based cryptography targets physically separated users on the Earth, for which the maximum distance has been about 100 kilometres. The use of trusted relays can extend these distances from across a typical metropolitan area to intercity and even intercontinental distances. However, relays pose security risks, which can be avoided by using entanglement-based QKD, which has inherent source-independent security. Long-distance entanglement distribution can be realized using quantum repeaters, but the related technology is still immature for practical implementations. The obvious alternative for extending the range of quantum communication without compromising its security is satellite-based QKD, but so far satellite-based entanglement distribution has not been efficient enough to support QKD. Here we demonstrate entanglement-based QKD between two ground stations separated by 1,120 kilometres at a finite secret-key rate of 0.12 bits per second, without the need for trusted relays. Entangled photon pairs were distributed via two bidirectional downlinks from the Micius satellite to two ground observatories in Delingha and Nanshan in China. The development of a high-efficiency telescope and follow-up optics crucially improved the link efficiency. The generated keys are secure for realistic devices, because our ground receivers were carefully designed to guarantee fair sampling and immunity to all known side channels. Our method not only increases the secure distance on the ground tenfold but also increases the practical security of QKD to an unprecedented level.

Source: nature.com
encryption cryptography physics quantum cryptography market
Flaw crippling millions of crypto keys is worse than first disclosed“The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.
Millions of high-security crypto keys...

Flaw crippling millions of crypto keys is worse than first disclosed

The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents.

Millions of high-security crypto keys crippled by newly discovered flawThe critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key.

Source: Ars Technica
encryption security cybersecurity

Turkish authorities were able to trace thousands of people they accuse of participating in an underground network linked to last month’s failed military coup by cracking the weak security features of a little-known smartphone messaging app.

Security experts who looked at the app, known as ByLock, at the request of Reuters said it appeared to be the work of amateur software developers and had left important information about its users unencrypted.

A senior Turkish official said Turkish intelligence cracked the app earlier this year and was able to use it to trace tens of thousands of members of a religious movement the government blames for last month’s failed coup.

Members of the group stopped using the app several months ago after realising it had been compromised, but it still made it easier to swiftly purge tens of thousands of teachers, police, soldiers and justice officials in the wake of the coup.

don’t roll your own crypto, jesus

encryption turkey surveillance

At this point we’re going to take you to Bletchley, to the modern-day Bletchley Park site and the National Museum Of Computing which occupies one corner of it. The museum has a fascinating collection, of which two galleries are of interest to us here. The first is their Tunny gallery, which explains the context and sequence of events which led to Colossus, and the second is their Colossus gallery, which contains their fully functional replica of a MkII Colossus computer.

[…]

Their Colossus is a replica of a MkII machine completed in 2007, and it stands alone in the centre of the room with the only intrusion a set of discreetly placed safety barriers to keep the public away from high voltages. There are two long parallel racks that would be close to ceiling height if they were not in a wartime hut without a flat ceiling, both studded with the thousands of octal tubes. At the far end is a paper tape reader similar to that of the Heath Robinson, close to the middle are the plugboards and switches through which the machine is programmed, and at the end closest to you is the teleprinter which records the result.

bletchley park computing cryptanalysis encryption
It was well-known that PGP is vulnerable to short-ID collisions, and many experiments were done to demonstrate that. [0] Nevertheless, real attacks started in June, some developers found their fake keys with same name, email, and even “same” fake signatures by more fake keys in the wild, on the keyservers. [1]

All these keys have same short-IDs, created by collision attacks, led with some discussions about the danger of short-IDs. Now, it is worth to mention this issue again, since fake keys of Linus Torvalds, Greg Kroah-Hartman, and other kernel devs are found in the wild recently.

> We don’t know who is behind this, or what his purpose is. We just know this
> looks very evil.
linux security encryption pgp

Operated by the China Academy of Sciences, this 500 kg satellite – announced as the name “Mozi” in honor of a fifth century BC Chinese scientist – contains a quantum key communicator, quantum entanglement emitter, entanglement source, processing unit, and a laser communicator.

[…]

One of the major objectives of the mission is to set a Quantum Key Distribution from satellite to ground, setting an ultra-long-range quantum channel between ground and satellite with the assistance of high-precision acquisition, tracking and pointing system, implement a quantum key distribution between the satellite and the ground stations, and carry out unconditional secure quantum communication experiments.

missed this prior to launch, but more detail in this Nature article:

So far, scientists have managed to demonstrate quantum communication up to about 300 kilometres. Photons travelling through optical fibres and the air get scattered or absorbed, and amplifying a signal while preserving a photon’s fragile quantum state is extremely difficult. The Chinese researchers hope that transmitting photons through space, where they travel more smoothly, will allow them to communicate over greater distances.

At the heart of their satellite is a crystal that produces pairs of entangled photons, whose properties remain entwined however far apart they are separated. The craft’s first task will be to fire the partners in these pairs to ground -stations in Beijing and Vienna, and use them to generate a secret key.

During the two-year mission, the team also plans to perform a statistical measurement known as a Bell test to prove that entanglement can exist between particles separated by a distance of 1,200 kilometres. Although quantum theory predicts that entanglement persists at any distance, a Bell test would prove it.

quantum entanglement encryption physics

Quantum computers exist today but, for the moment, they are small and experimental, containing only a handful of quantum bits. It’s not even certain that large machines will ever be built, although Google, IBM, Microsoft, Intel and others are working on it. (Adiabatic quantum computers, like the D-Wave computer that Google operates with NASA, can have large numbers of quantum bits, but currently solve fundamentally different problems.)

However, a hypothetical, future quantum computer would be able to retrospectively decrypt any internet communication that was recorded today, and many types of information need to remain confidential for decades. Thus even the possibility of a future quantum computer is something that we should be thinking about today.

[…]

Today we’re announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google’s servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. By adding a post-quantum algorithm on top of the existing one, we are able to experiment without affecting user security. The post-quantum algorithm might turn out to be breakable even with today’s computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer. Alternatively, if the post-quantum algorithm turns out to be secure then it’ll protect the connection even against a future, quantum computer.

encryption quantum computing google
image

We show that modern cryptographic software on mobile phones, implementing the ECDSA digital signature algorithm, may inadvertently expose its secret keys through physical side channels: electromagnetic radiation and power consumption which fluctuate in a way that depends on secret information during the cryptographic computation. An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone’s USB cable, and a USB sound card. Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS’s CommonCrypto.

security encryption ios android iphone
image

We show that the secret decryption keys can be extracted from PCs running the the ECDH encryption algorithm, using the electromagnetic emanations generated during the decryption process.

By measuring the target’s electromagnetic emanations, the attack extracts    the secret decryption key within seconds, from a target located in an adjacent room across a wall.

ECDH (Elliptic Curve Diffie Hellman) is a standard public-key encryption algorithm used in OpenPGP, as specified in RFC 6637 and NIST SP800-56A. We attack the ECDH implementation of GnuPG’s Libgcrypt 1.6.3 (which is the latest version at the time the paper was written).

The attack utilizes a single carefully chosen ciphertext, and tailored time-frequency signal analysis techniques, in order to extract from the electromagnetic leakage emitted by the target laptop during performance of ECDH decryptions.

security encryption
image


To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional – you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone – maybe a foreign government – was able to decrypt Juniper traffic in the U.S. and around the world.

[…]


For the past several months I’ve been running around with various groups of technologists, doing everything I can to convince important people that the sky is falling. Or rather, that the sky will fall if they act on some of the very bad, terrible ideas that are currently bouncing around Washington – namely, that our encryption systems should come equipped with “backdoors” intended to allow law enforcement and national security agencies to access our communications.

One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.

The problem with cryptographic backdoors isn’t that they’re the only way that an attacker can break into our cryptographic systems. It’s merely that they’re one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.

security encryption vpn cybersecurity juniper

The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) – something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.

microsoft windows microsoft windows encryption nsa

If you’re looking for a nice dose of crypto conspiracy theorizing and want to read a paper by some very knowledgeable cryptographers, I have just the paper for you. Titled “A Riddle Wrapped in an Enigma” by Neal Koblitz and Alfred J. Menezes, it tackles one of the great mysteries of the year 2015. Namely: why did the NSA just freak out and throw its Suite B program down the toilet?

encryption cryptography nsa