If your cryptography predates The Fresh Prince, you need better cryptography. With recognition of the need for secure communication standards finally going mainstream, crypto researcher and Johns Hopkins University professor Matthew Green takes a hard look at the de facto standard everyone is jumping on, and suggests that we can and should do a lot better. [more inside]
While Jacob Appelbaum grabbed headlines with his NSA revelations at this year's Chaos Communication Congress, other presentations provided equally fascinating insight into how the world works. Learn how data mining is bringing perpetrators of genocide to justice (alt), how an artist uses different concepts of secrecy landscapes (alt) to keep tabs on clandestine activities, and how India's surveillance state continues to grow (alt). previously [more inside]
"Few false ideas have more firmly gripped the minds of so many intelligent men than the one that, if they just tried, they could invent a cipher that no one could break."
On May 13, security advisories published by Debian and Ubuntu revealed that, for over a year, their OpenSSL libraries have had a major flaw in their CSPRNG, which is used by key generation functions in many widely-used applications, which caused the "random" numbers produced to be extremely predictable. [lolcat summary] [more inside]
AES may have been broken. The new standard in crypto, AES, and other algorithms, appear to be vulnerable to xsl. This is not a practical attack, yet, but if you're interested in crypto it's fascinating (and shocking) news.
Crypto guru getting blamed for his software. PGP writer Phil Zimmermann's hate mail goes a little something like this, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." If Phil is guilty of anything so is everyone who has ever used their credit card online, including Mr. Hate Mail.
War on Civil Liberties Watch: Usable encryption is in deep doo-doo. A new poll finds 72% of Americans now supporting a ban on unbreakable encryption. (Apparantly breakable, and thus useless, encryption is just fine.) Besides the obvious fact that this stuff is already out there and cannot be taken back, particularly from non-US citizens who don't give a damn about our laws (such as, say, the exact people we're trying to defeat), is there any hope that the courts will find any such new laws unconstitutional?
Terrorism's first win? Bye-Bye crypto. The rubble is still burning and the Republicans are ready to strip of our right to use crypto products. Opportunists feeding off fear. That's how you win at the terrorist game.
The battle for unrestricted encryption continues. Professor Bernstein won't rest; he's not going to let this go. More power to him and let's hope he ultimately wins. [He's challenging the US government restrictions on private encryption on free-speech grounds, and so far he's won in every court where the case has been heard. The government has been using delaying actions, and their relaxation of restrictions may partially have been in hopes he'd give up, leaving them still capable of some control. He's not going to, though. He's got blood in his eye, so to speak.]