The Barbie Typewriter has a hidden built-in cryptographic capability. Specifically, four alphabet substitution cipher modes that were explained in the manual for the original Mehano electronic typewriter that served as the basis for the Barbie Typewriter. However: As it was probably thought that secret writing would not appeal to girls, the coding/decoding facilities were omitted from the [Barbie Typewriter] manual. Nevertheless, these facilities can still be accessed if you know how to activate them. Via Bruce Schneier.
After a long wait, Set 8 of the Cryptopals Crypto Challenges has been announced. Designed to be approachable by neophytes and newbies, one Hacker News commenter describes them as "...a much more interesting version of those silly string manipulation tasks you get in CS101, except that instead of passing a course you break harder and harder crypto." Filippo Valsorda, a very well-known and respected cryptographer has announced that he will be doing a live speedrun of the challenges on Twitch.
The Anarchist Sailor “Imagine if there were an alternate dystopian reality where law enforcement was 100 percent effective, such that any potential offenders knew they would be immediately identified, apprehended, and jailed,” he wrote. “How could people have decided that marijuana should be legal, if nobody had ever used it? How could states decide that same-sex marriage should be permitted?”
So what are the chances of encryption technologies being viewed as a "bearable arm" under the Second Amendment?
Mr Wright has provided technical proof to back up his claim using coins known to be owned by Bitcoin's creator. Prominent members of the Bitcoin community and its core development team have also confirmed Mr Wright's claim.Previously.
"My immediate reaction upon discovering this connection was a sudden and irrational fear: Le Roux was something new, a self-made cartel boss whose origins were not in family connections but in code. Not just any code, but encryption software that would play a role in world events a dozen years after he created it. I stared at the address on the screen, a post-office box in Manila, left now with a still larger mystery: What had turned the earnest, brilliant programmer into an international criminal, with a trail of bodies in his wake?" [more inside]
Ars Technica reports that the tainted ads may have exposed tens of thousands of people over the past 24 hours alone. According to a blog post published Monday by Trend Micro, the new campaign started last week when "Angler," a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network. Spiderlabs has found ads with more than 1200 lines of obfuscated code designed to slip past security software. Malwarebytes reports that the surge started this weekend, and includes sites like msn, nytimes, bbc, aol, my.xfinity, nfl, realtor.com, theweathernetwork.com, thehill, and newsweek. Affected networks included those owned by Google, AppNexis, AOL, and Rubicon. [more inside]
If your cryptography predates The Fresh Prince, you need better cryptography. With recognition of the need for secure communication standards finally going mainstream, crypto researcher and Johns Hopkins University professor Matthew Green takes a hard look at the de facto standard everyone is jumping on, and suggests that we can and should do a lot better. [more inside]
DissidentX is a new steganography tool by Bram Cohen of BitTorrent fame designed to “vastly simplify the implementation of new steganographic techniques, and allow a universal decoder and encoding of multiple messages to different keys in the same file.” In particular, DissidentX allows encoding multiple plain texts into the same cover text with different keys, so called deniable encryption.
While Jacob Appelbaum grabbed headlines with his NSA revelations at this year's Chaos Communication Congress, other presentations provided equally fascinating insight into how the world works. Learn how data mining is bringing perpetrators of genocide to justice (alt), how an artist uses different concepts of secrecy landscapes (alt) to keep tabs on clandestine activities, and how India's surveillance state continues to grow (alt). previously [more inside]
"Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."
“They can promise strong encryption. They just need to figure out how they can provide us plain text.” The administration plans to submit legislation to Congress in 2011 which would mandate any communications technology operating in the United States to include technical measures to comply with wiretap orders. [more inside]
Karsten Nohl and a team of fellow researchers has cracked the 64-bit encryption used in 80% of the world's GSM phones. Nohl had previously cracked the encryption in the MIFARE smartcard system, demonstrating that the encryption on that device can be cracked in approximately no time whatsoever. These, of course, aren't the first gaping holes in cellphone security to come to light; indeed, lack of security seems to be part of the design spec. Perhaps all new cellphones should be just be distributed with a deck of cards.
On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
NSA@home is a fast FPGA-based SHA-1 and MD5 bruteforce cracker. Based on HDTV equipment from eBay, "It is capable of searching the full 8-character keyspace (from a 64-character set) in about a day in the current configuration for 800 hashes concurrently." Previous well-publicized brute-force attacks include the EFF breaking DES in 56 hours and 1.6TB of md5 hashes you can search online.
AES may have been broken. The new standard in crypto, AES, and other algorithms, appear to be vulnerable to xsl. This is not a practical attack, yet, but if you're interested in crypto it's fascinating (and shocking) news.
Crypto guru getting blamed for his software. PGP writer Phil Zimmermann's hate mail goes a little something like this, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." If Phil is guilty of anything so is everyone who has ever used their credit card online, including Mr. Hate Mail.
War on Civil Liberties Watch: Usable encryption is in deep doo-doo. A new poll finds 72% of Americans now supporting a ban on unbreakable encryption. (Apparantly breakable, and thus useless, encryption is just fine.) Besides the obvious fact that this stuff is already out there and cannot be taken back, particularly from non-US citizens who don't give a damn about our laws (such as, say, the exact people we're trying to defeat), is there any hope that the courts will find any such new laws unconstitutional?
Terrorism's first win? Bye-Bye crypto. The rubble is still burning and the Republicans are ready to strip of our right to use crypto products. Opportunists feeding off fear. That's how you win at the terrorist game.
An all encompassing crypto application sounds great, but is it really feasible? If you try to do too much we'll just end up with another halfass program no one really trusts.
The battle for unrestricted encryption continues. Professor Bernstein won't rest; he's not going to let this go. More power to him and let's hope he ultimately wins. [He's challenging the US government restrictions on private encryption on free-speech grounds, and so far he's won in every court where the case has been heard. The government has been using delaying actions, and their relaxation of restrictions may partially have been in hopes he'd give up, leaving them still capable of some control. He's not going to, though. He's got blood in his eye, so to speak.]