Karsten Nohl and a team of fellow researchers has
cracked the 64-bit encryption used in 80% of the world's GSM phones.
Nohl had previously cracked the encryption in the
MIFARE smartcard system,
demonstrating that the encryption on that device can be cracked in approximately no time whatsoever. These, of course, aren't the first gaping holes in cellphone security to come to light; indeed,
lack of security seems to be part of the design spec. Perhaps all new cellphones should be just be
distributed with a deck of cards.
posted by kaibutsu
on Dec 28, 2009 -
51 comments
On May 13, security advisories published by
Debian and
Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their
CSPRNG, which is used by
key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable.
[lolcat summary] [more inside]
posted by finite
on May 16, 2008 -
81 comments
AES may have been broken. The new standard in crypto,
AES, and other algorithms, appear to be vulnerable to
xsl. This is not a practical attack, yet, but if you're interested in crypto it's fascinating (and shocking) news.
posted by andrew cooke
on Sep 16, 2002 -
7 comments
Crypto guru getting blamed for his software. PGP writer Phil Zimmermann's hate mail goes a little something like this, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." If Phil is guilty of anything so is everyone who has ever used their credit card online, including Mr. Hate Mail.
posted by skallas
on Sep 21, 2001 -
23 comments
War on Civil Liberties Watch: Usable encryption is in deep doo-doo.
A new poll finds 72% of Americans now supporting a ban on unbreakable encryption. (Apparantly breakable, and thus useless, encryption is just fine.) Besides the obvious fact that this stuff is already out there and cannot be taken back, particularly from non-US citizens who don't give a damn about our laws (such as, say, the exact people we're trying to defeat), is there any hope that the courts will find any such new laws unconstitutional?
posted by aaron
on Sep 18, 2001 -
36 comments
The battle for unrestricted encryption continues. Professor Bernstein won't rest; he's not going to let this go. More power to him and let's hope he ultimately wins. [He's challenging the US government restrictions on private encryption on free-speech grounds, and so far he's won in every court where the case has been heard. The government has been using delaying actions, and their relaxation of restrictions may partially have been in hopes he'd give up, leaving them still capable of some control. He's not going to, though. He's got blood in his eye, so to speak.]
posted by Steven Den Beste
on Jan 8, 2001 -
0 comments
