Linux Cryptography - Page 21

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

How Passkey Solutions Enhance Open-Source Security

Security in open-source projects has always been a challenge. The very nature of open-source software encourages collaboration, transparency, and improvement, all of which make the system potentially more exposed to risks. ...
Nov 28, 2024
  0

Abyss Locker Ransomware Targets Linux & Windows Users

A ransomware variant dubbed "Abyss Locker" has been obs...
Mar 02, 2024
  0
24.Key Code Esm H115

Linux Foundation Joins Post-Quantum Cryptography Alliance

The Linux Foundation recently launched its partnership ...
Feb 07, 2024
  182
24.Key Code Esm H115

Discover Cryptography News

SSL for free - Step By Step

SSL for free - Step By Step

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Owning a web server that has its own SSL certificate from a registered Certificate Authority (so it won't trigger any browser warnings) does have its advantages. However, the price of a certificate issued by Verisign or a similar vendor usually tends to put a quick end to such fanciful ideas. Israeli vendor StartSSL offers free SSL server certificates that are valid for a year.

Free and Open Source Encryption Software for Linux

Free and Open Source Encryption Software for Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the best ways to protect sensitive computer data like credit card numbers and social security information is to use encryption software. Encryption software executes an algorithm that is designed to encrypt data in such a way that it cannot be recovered (decrypted) without access to the key. It is a main component of all aspects of file protection and computer communication. Files on hard drives and other removable media, email messages, and packets sent over computer networks can be made secure by encryption software.

IETF Fix For SSL Protocol Complete

IETF Fix For SSL Protocol Complete

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Internet Engineering Task Force (IETF) has completed a security extension to the Secure Sockets Layer (SSL) protocol that fixes a flaw affecting browsers, servers, smart cards, and VPN products, as well as many lower-profile devices, such as Webcams, that contain the protocol embedded in their firmware.

A Second GSM Cipher Falls

A Second GSM Cipher Falls

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-hey attack, but experts say it is not the end of the world for Kasumi.

26C3: Encryption code for DECT mobile phones cracked

26C3: Encryption code for DECT mobile phones cracked

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In addition to the crypto algorithm of the GSM mobile telephony standard, security researchers have also cracked the encryption code for calls from cordless phones that are based on the widely used Digital Enhanced Cordless Telecommunication (DECT) standard. This was announced by members of the deDECTed.org project group at the 26th Chaos Communication Congress (26C3) in Berlin on Tuesday. According to the researchers, the respective key used can be extracted from intercepted data traffic with a reasonable amount of effort. The experts think that such prep work will make the DECT Standard Cipher (DSC) "increasingly easier and faster to crack".

Manage your secure shell connections from the GNOME panel

Manage your secure shell connections from the GNOME panel

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

I work with secure shell all the time. Day in and day out I am administering personal machines and client machines with the help of ssh. After a while opening up a terminal window and entering the command to connect to all of these clients gets old. And we all know saving time and effort equates to saving money. So any tool that can help make your daily administrative life easier is a good thing.

GnuPG 2.0.14 released

GnuPG 2.0.14 released

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.14. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards.

Cybercriminals Bypassing Two-Factor Authentication

Cybercriminals Bypassing Two-Factor Authentication

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two-factor authentication -- used to protect online bank accounts with both a password and a computer-generated one-time passcode -- is supposed to be more secure than relying on a single password. But Gartner Research VP Avivah Litan warns that cyber criminals have had success defeating two-factor authentication systems in Web browsing sessions using Trojan-based man-in-the-middle attacks.

Strong Authentication Not Strong Enough

Strong Authentication Not Strong Enough

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two-factor authentication -- used to protect online bank accounts with both a password and a computer-generated one-time passcode -- is supposed to be more secure than relying on a single password. But Gartner Research VP Avivah Litan warns that cyber criminals have had success defeating two-factor authentication systems in Web browsing sessions using Trojan-based man-in-the-middle attacks.

Getting Started With Full Disk Encryption

Getting Started With Full Disk Encryption

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Today, full-system encryption in software is feasible and practical. Here's how to get up and running using solutions from PGP, McAfee, Sophos, and open-source options TrueCrypt and DiskCryptor. There was a time, not all that long ago, when a fully-encrypted system disk was something only for people with money to burn.

Libgcrypt 1.4.5 released

Libgcrypt 1.4.5 released

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementation of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use Libgcrypt.

Security Features: What Does Windows 7 Have That Linux Doesnt?

Security Features: What Does Windows 7 Have That Linux Doesn't?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Here is a nice overview of the security features on Linux and Windows, particularly focusing on the disk and system encryption functionality this time.How well do popular Linux distributions such as Ubuntu, Fedora and OpenSUSE stack up against Microsoft's new desktop flagship, Windows 7? eWEEK Labs identified 10 features new in Windows 7 and put them head-to-head with popular Linux distros to see how the platforms compete. Labs Analysts Jason Brooks and Andrew Garcia found that Version 7 makes big strides on the Windows front with its new features, but that Linux is competitive by most counts.

Expert calls SSL protocol vulnerability a non issue

Expert calls SSL protocol vulnerability a non issue

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Two security researchers are calling for an industry-wide response to fix a serious vulnerability they discovered in the SSL protocol, used widely on the Internet for secure data transfers. But a noted network security researcher says the vulnerability has very little impact on most users and will not result in data loss.

Full Disk Encryption Dos and Donts

Full Disk Encryption Dos and Don'ts

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Full disk encryption (FDE) systems use strong encryption algorithms to automatically protect all data stored on the hard drives of PCs and laptop computers. Users can access the data via an authentication device, such as a password, token or smart card. This enables the system to retrieve the key that decrypts the disk. On many systems, functions such as key management, access control, lock-outs, reporting and recovery are all managed centrally.

SSL Still Mostly Misunderstood

SSL Still Mostly Misunderstood

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Most users ensure their Web sessions are using Secure Sockets Layer (SSL) before entering their credit card information, but less than half do so when typing their passwords onto a Web page, according to a new survey.

Forged PayPal certificate fools IE, Chrome and Safari

Forged PayPal certificate fools IE, Chrome and Safari

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The posting of a trick SSL certificate for https://www.paypal.com/us/home and its pertaining private key on the Full Disclosure security mailing list should finally force Microsoft, Google and Apple into releasing updates to fix the NULL prefix vulnerability. Phishers, for example, could use the certificate to disguise their servers as legitimate banking servers

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved