Linux Cryptography - Page 22 - Results from #420

Discover Cryptography News

Truth, lies and fiction about encryption

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

It's a security practitioners dream to deploy a technology that ensures perfect data protection 100 percent of the time. Short of unplugging a computer and locking it in a vault, few technologies come as close as encryption to nearly unbreakable data security; take the data, run it through an encryption algorithm, and it's unreadable to anyone who doesn't possess the right key to reverse the process. It can be mathematically demonstrated that retrieval of encrypted data without the encryption keys is computationally impossible within the expected lifetime of the universe.

LinuxSecurity.com Team
Sep 27, 2009

Hacking Two-Factor Authentication

Schneier talks about two new attacks he is seeing to two-factor authentication. Back in 2005, I wrote about the failure of two-factor authentication to mitigate banking fraud: Man-In-The-Middle and a Trojan attack. Read on to See how two-factor authentication doesn't solve anything? In the first case, the attacker can pass the ever-changing part of the password to the bank along with the never-changing part. And in the second case, the attacker is relying on the user to log in.

LinuxSecurity.com Team
Sep 22, 2009

Testing email encryption

For diagnostic purposes, it can be very useful to talk directly to your SMTP or IMAP server. Things get a little more complicated when encryption rears its ugly head, but with the right tools, it doesn't have to be a black art.

LinuxSecurity.com Team
Sep 22, 2009

SLIDESHOW: CIO Blast from the Past - 60 years of cryptography

CIO magazine has a slideshow showing the 60 years of crypto, starting with the Enigma, an electric rotor machine that was used by Germany to encrypt and decrypt messages during World War II. Arthur Scherbius developed the Enigma around 1920. It goes through RSA, info on Schneier and Phil Zimmerman, and more.

LinuxSecurity.com Team
Sep 21, 2009

Encrypted Is Not A Boolean Variable

Nice comment from the Bitarmor folks on how the media and others think of "encryption" and that it's often equated with "secure" and "insecure".Let's face it, encryption is a new thing, and you have to keep things simple so people can understand it. But it frustrates me that most of the talk about encryption technology, law, policy, compliance, etc is always in terms of "encrypted" vs "unencrypted". Yeah, all your data should be encrypted. But that's the beginning of the discussion, not the end. Encryption is easy. Protecting data is hard.

LinuxSecurity.com Team
Aug 31, 2009

Lockpicking and the Internet

As a security technologist, I worry that if we don't fully understand these technologies and the new sorts of vulnerabilities they bring, we may be trading a flawed technology for an even worse one. Electronic locks are vulnerable to attack, often in new and surprising ways. Start with keypads, more and more common on house doors. These have the benefit that you don't have to carry a physical key around, but there's the problem that you can't give someone the key for a day and then take it away when that day is over.

LinuxSecurity.com Team
Aug 13, 2009

iPhone 3GS Hardware Encryption Easy to Circumvent

A mere three days after I published an article touting the enhanced security of the iPhone 3GS - see "iPhone 3GS Offers Enterprise-Class Security for Everyone", 2009-07-20 - security researcher Jonathan Zdziarski revealed a simple, only moderately technical technique for completely circumventing the iPhone's passcode lock and encryption. As a result, the iPhone 3GS encryption can no longer be considered a security control for consumers or enterprises until Apple releases a fix.

LinuxSecurity.com Team
Aug 12, 2009

Another New AES Attack

Read Bruce Schneier's always on-target analysis of cryptography, this time with information on the new attack against AES.A new and very impressive attack against AES has just been announced. Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the paper are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same. This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating. It is a completely practical attack against ten-round AES-256:

LinuxSecurity.com Team
Aug 03, 2009

Practical AES attacks get closer

Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.

LinuxSecurity.com Team
Aug 02, 2009

Researchers exploit flaws in SSL, domain authentication system

Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

LinuxSecurity.com Team
Jul 30, 2009

Researchers To Release Tool That Silently Hijacks EV SSL Sessions

If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.

LinuxSecurity.com Team
Jul 14, 2009

IBM develops a way to process encrypted data

A researcher at IBM has developed a way to analyze encrypted data without decoding it, according to a statement from IBM. The breakthrough method leverages a concept called

LinuxSecurity.com Team
Jun 29, 2009

LJ Discusses The Risks of Not Encrypting Information

This is a good article on the risks of not encrypting information on laptops, backup tapes, and other media, and the implications of having that data stolen. It would have been nice to have some solutions to these issues too, but perhaps that's for another article. Anyone have a favorite encryption strategy? GnuPG just released a new version. Does everyone have their key?For many companies, the data is the crown jewels. Millions of bytes are circulated every day on networks that, but for a little bit of probing, are as frail as a strand of hair and less well protected. We spend millions of dollars securing and reducing the risk of penetration from the outside, yet very few companies take the basic steps to secure their data internally. There are simple things that we can all do - such as IPSec on the wire, encryption in the backend and proper security on the desktops. We must think about more than a simple username and password scheme when it comes to securing our data from the bad guys, because, quite often, the bad guys are none other than that cute redhead who just asked you to reset her password. And it wasn

LinuxSecurity.com Team
Jun 22, 2009

[Announce] GnuPG 2.0.12 released

The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards.

LinuxSecurity.com Team
Jun 17, 2009

"Lost" Puzzle in Wired Magazine

Bruce Schneier has details on the puzzle he created for Wired. Read on to see the puzzle and try and solve it! For the April 09 issue Wired Magazine, I was asked to create a cryptographic puzzle based on the television show Lost. Specifically, I was given a "clue" to encrypt. Here are details of the puzzle and solving attempts. Near as I can tell, no one has published a solution.

LinuxSecurity.com Team
May 20, 2009

RSA Offers Encryption Toolkit Free To Developers

RSA, the Security Division of EMC, here today launched a program that for the first time gives developers its encryption technology tools for free. RSA traditionally had licensed only its BSAFE encryption technology, which can cost customers tens of thousands of dollars, but company officials say the timing is right to give developers easier access to tools for building more security features into applications from the ground up, rather than tacking them on later.

LinuxSecurity.com Team
Apr 27, 2009

Linux BIND 9 Security: Transaction Signatures (TSIG) Configuration

Vivek Gite submitted a nice article on implementing TSIG in BIND: Transaction signatures (TSIG) is a mechanism used to secure DNS messages and to provide secure server-to-server communication. This includes zone transfer, notify, and recursive query messages. TSIG uses shared secrets and a one-way hash function to authenticate DNS messages, particularly responses and updates.This tutorial discusses the security mechanisms implemented in BIND v8.2+ / v9.x to secure DNS messages and name servers Click-through to read more!

LinuxSecurity.com Team
Jan 27, 2009

Set Up A Fully Encrypted Raid1 LVM System

For this Howto I use Debian Lenny (still testing and not "stable" for the simple reason as - contrary to Debian Etch and/or Ubuntu 8.04/8.10 - the install routine does setup the initrd correctly so that you can set up encrypted swap and also an encrypted raid1 lvm during install). This Howto will be heavy on screen shots again - a lot of them are repetitive as I setup multiple partitions at once. If you are interested in setting up an encrypted RAID1 LVM system take a look at this article. It will show you step by step how to do this on your Linux machine.

LinuxSecurity.com Team
Dec 08, 2008

Data Encryption and Ubuntu

In a continuing series of articles highlighting that GNU/Linux is a viable replacement operating system, today we're exploring how to encrypt emails using the popular Ubuntu distribution. In the previous article we looked at the basics of using PGP, creating and backing up PGP keys and using them to encrypt files locally. Now we'll look at how to send someone an encrypted email. This article will show you ways to encrypt your email communication. Do you use any software to keep your email private?

LinuxSecurity.com Team
Dec 03, 2008

Automatically mount Encrypted Filesystems at Login With pam_mount

The pam_mount project lets you unlock an encrypted filesystem automatically when you log in. The same password used to log in is used as the key to unlock the encrypted filesystem, so you only need to type it once. Using this method, you can easily share a laptop and have only a single user's home directory unlocked and mounted when he logs in. And pam_mount can mount any filesystem, not just encrypted filesystems, so you can use it, for example, with an NFS share that you are interested in but which you might not like to leave mounted when you are not logged in. Did you ever wanted to know how to mount an encrypted filesystem automatically? This article will show you how.

LinuxSecurity.com Team
Nov 07, 2008

Linux Cryptography - Page 22

How Passkey Solutions Enhance Open-Source Security

Abyss Locker Ransomware Targets Linux & Windows Users

Linux Foundation Joins Post-Quantum Cryptography Alliance