Linux Cryptography - Page 27
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
ext2hide is a proof-of-concept program that seeks to magically hide confidential data and files where nobody will look for them. It accomplishes its magic by making use of otherwise abandoned space in the superblocks in ext2/ext3 filesystems. Even though Jason McManus, the author of the code, has been testing and using ext2hide on his own machines without catastrophic results, I urge you to use the utmost caution both in testing and using it. If you don't grok superblocks and filesystems, you probably should not experiment with ext2hide, at least until it's out of beta testing.
Seagate Technology is about to release a HDD with hardware based encryption. These Full Disc Encryption (FDE) drives use 3DES algorithm in EDE (encrypt-decrypt-encrypt) mode using 3 different 64 bit keys. The effective key-length is 192 bit. Before the operating system boots, the user will be prompted to enter a password that will unlock the drive. You can always use 2-factor authentication instead of static password. Seagate's FDE drives can use biometric, RSA token, or smartcards. This was demo at CeBIT using TiDoCoMi from Secude.
Protecting customer records is a magnitude less expensive than paying for cleanup after a data breach or massive records loss, a research company said Tuesday. Gartner analyst Avivah Litan said in a research note that data protection is cheaper than a data breach. She recently testified on identity theft at a Senate hearing held after the Department of Veterans Affairs lost 26.5 million vet identities.
"Who wants to pay for Stanford's Crypto Course, when University of Washington has made the whole Cryptography Course available online for free. Yes, all the presentations, videos (mp3, WMV), homework, quizzes etc. are available online. The material seems pretty decent, and is intended for an advanced audience."
Last month I reviewed Voltage Security's secure email product, a worthy exercise since email is the most common method of transmitting documents from one department to another.
In this article I'm going to cover password hashing, a subject which is often poorly understood by newer developers. Recently I've been asked to look at several web applications which all had the same security issue - user profiles stored in a database with plain text passwords
The University of Washington Computer Science department has made CSEP 590 cryptography lectures available in PDF, PPT, video, and audio format. Those interested in learning more about cryptography from an academic perspective will surely find this interesting.
There are various types and methods of data encryption. Some of the most popular forms of data encryption include single file encryption, folder encryption, volume encryption, whole disk encryption, and of course email encryption. The Windows XP operating system has the ability to perform file and folder encryption.
The use of strong public encryption has always been popular among geeks. Perhaps the most commonly used and most beloved encryption for e-mail is Pretty Good Privacy (PGP); started as a free method for protecting emails or other sensitive information, later turned into a cornerstone for a large company. As PGP became more corporate, costly and used patented algorithms, another project, GnuPG, sprung up to continue to offer strong encryption to the masses.
Studying cryptanalysis is difficult because there is no standard textbook, and no way of knowing which cryptanalytic problems are suitable for different levels of students. This paper attempts to organize the existing literature of block-cipher cryptanalysis in a way that students can use to learn cryptanalytic techniques and ways to break new algorithms.
Researchers at Mitsubishi Electric, NEC and the University of Tokyo claim to have made a breakthrough in a new technique for very secure data communications. The parties have implemented a technique known as quantum cryptography, which codes the data optically and have for the first time transmitted information between systems uses this technique.
This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part two continues the discussion of armored viruses and then looks at a Bradley worm - a worm that uses cryptography in such a way that it cannot be analyzed. Then it is shown how Skype can be used for malicious purposes, with a crypto-virus that is very difficult to detect.
I was at CardTech/SecurTech 2006 recently and had a meeting with Cryptography Research, a company focused on securing smartcards. I spoke to Kit Rodgers, VP, and Ken Warren, Manager, about smartcard tamper resistance with differential power analysis countermeasures. Listen to the interview with Cryptography Research Listen Now
PGP, or Pretty Good Privacy, is a security program that allows users to encrypt and decrypt e-mail, as well as incorporating the added protection of digital signatures for user verification. OpenPGP builds upon PGP with enhanced PGP standards, military-grade security and an increased number of encryption algorithms. Michael W. Lucas, author of PGP & GPG: E-mail for the Practical Paranoid recommends that IT managers take advantage of easy-to-use OpenPGP to add an extra layer of internal security that can prevent tampering from within an organization. The most difficult part is not installation or using OpenPGP but educating users.
Cryptology is everywhere these days. Most users make good use of it even if they do not know they are using cryptographic primitives from day to day. This two-part article series looks at how cryptography is a double-edged sword: it is used to make us safer, but it is also being used for malicious purposes within sophisticated viruses. Part one introduces the concepts behind cryptovirology and offers examples of malicious potential with the SuckIt rookit and a possible SSH worm. It then introduces armored viruses that use shape shifting (polymorphism and metamorphism) to avoid detection.
To those who grew up in the electronic age, notarization of documents has the odor of antiquity and obsolescence. It is an ancient practice, but ironically it serves purposes directly analogous to many of high priority for modern electronic documents. And now modern security techniques are bringing notarization to the electronic realm, to the benefit of both. Think of notaries as an old-world authentication and accreditation system.
Encrypting every piece of data at rest within an organization could be expensive overkill. According to Al Kirkpatrick, chief security officer at information services firm First American Corp., many users may not need as much encryption as some industry sources are advocating. Kirkpatrick, whose firm provides services such as document processing to the real estate industry, explained that he is responsible for "billions of records stored on terabytes of data," during his Interop keynote Tuesday. According to the exec, this includes the world's largest Microsoft SQL Server database.
Nobody ever said implementing a public-key infrastructure would be easy, but a pair of experts at the 2006 International Conference on Network Security said last week that using PKI is often harder than it needs to be. “We haven’t been as successful as I wish we had been,
In a press release today, Redspin, an independent auditing firm based in Carpinteria, CA, suggests that the recent mandated upgrades of ATMs to support triple DES encryption of PINs has introduced new vulnerabilities into the ATM network environment - because of other changes that were typically made concurrently with the triple DES upgrades.
Raw code for "unbreakable" encryption, based on the principles of quantum physics, has been generated at record speed over optical fiber at the Commerce Department’s National Institute of Standards and Technology. The work, reported today at the SPIE Defense & Security Symposium in Orlando, Fla.,* is a step toward using conventional high-speed networks such as broadband Internet and local-area networks to transmit ultra-secure video for applications such as surveillance.