Linux Cryptography - Page 28

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

How Passkey Solutions Enhance Open-Source Security

Security in open-source projects has always been a challenge. The very nature of open-source software encourages collaboration, transparency, and improvement, all of which make the system potentially more exposed to risks. ...
Nov 28, 2024
  0

Abyss Locker Ransomware Targets Linux & Windows Users

A ransomware variant dubbed "Abyss Locker" has been obs...
Mar 02, 2024
  0
24.Key Code Esm H115

Linux Foundation Joins Post-Quantum Cryptography Alliance

The Linux Foundation recently launched its partnership ...
Feb 07, 2024
  182
24.Key Code Esm H115

Discover Cryptography News

How to encrypt email with PGP or GPG

How to encrypt email with PGP or GPG

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

One of the best ways to protect the privacy of email communications is to use PGP (pretty good privacy) and the Open Source GPG. Unfortunately, even hardcore geeks sometimes find PGP difficult to set up, configure, use, and troubleshoot. Recognizing this problem, No Starch Press has published a simple guide to using PGP and GPG. In "PGP & GPG: Email for the Practical Paranoid" (No Starch Press, April 2006), author Michael Lucas offers an easy-to-read, informal tutorial for communicating securely with PGP.

Password Recovery Speeds

Password Recovery Speeds

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This document shows the approximate amount of time required for a computer or a cluster of computers to guess various passwords. The figures shown are approximate and are the maximum time required to guess each password using a simple brute force "key-search" attack, it may (and probably will) be possible to guess correctly without trying all the combinations shown using other methods of attack or by having a "lucky guess".

A Pretty Good Way to Foil the NSA

A Pretty Good Way to Foil the NSA

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

How easy is it for the average internet user to make a phone call secure enough to frustrate the NSA's extrajudicial surveillance program? Wired News took Phil Zimmermann's newest encryption software, Zfone, for a test drive and found it's actually quite easy, even if the program is still in beta. Zimmermann, the man who released the PGP e-mail encryption program to the world in 1991 -- only to face an abortive criminal prosecution from the government -- has been trying for 10 years to give the world easy-to-use software to cloak internet phone calls.

Steganography FAQ

Steganography FAQ

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Steganography is a subject which is rarely touched upon by most IT Security Enthusiasts. Most people don't see Steganography has a potential threat, some people don't even know what Steganography is. With this FAQ I hope to answer any questions anyone may want to ask about Steganography, and to educate people so they can understand what exactly Steganography is. Is Steganography a potential threat? Well your about to find out.

Encrypt filesystems with EncFS and Loop-AES

Encrypt filesystems with EncFS and Loop-AES

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Encrypted filesystems may be overkill for family photos or your résumé, but they make sense for network-accessible servers that hold sensitive business documents, databases that contain credit-card information, offline backups, and laptops. EncFS and Loop-AES, which are both released under the GNU General Public License (GPL), are two approaches to encrypting Linux filesystems. I'll compare the two and then look at other alternatives.

Tunnels in Hash Functions - MD5 Collisions Within a Minute

Tunnels in Hash Functions - MD5 Collisions Within a Minute

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In this paper we introduce a new idea of tunneling of hash functions. In some sense tunnels replace multi-message modification methods and exponentially accelerate collision search. We describe in one minute on a standard notebook PC (Intel Pentium 1.6 GHz). The method works for any intializing value. Tunneling is a general idea, which can be used for finding collisions of other hash functions, such as SHA-1, 2. We show several capabilities of tunnels. A program, which source code is available on a project homepage, experimentally verified the method.

An introduction to Elliptic Curve Cryptography

An introduction to Elliptic Curve Cryptography

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Elliptic Curve Cryptography (ECC) has been gaining momentum as a replacement for RSA public key cryptography largely based on its efficiency, but also because the US National Security Agency (NSA) included it, while excluding RSA, from its Suite B cryptography recommendations. Suite B is a set of algorithms that the NSA recommends for use in protecting both classified and unclassified US government information and systems. Public key cryptography is the basis for tools like ssh as well as Secure Sockets Layer (SSL) for encrypting web traffic. For readers who would like more information, a nice introduction to public key cryptography and the RSA algorithm can be found on Wikipedia.

Philip Zimmermann releases Zfone for Linux

Philip Zimmermann releases Zfone for Linux

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Phil Zimmermann thinks Zfone is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world.

Cryptography in the Database: The Last Line of Defense

Cryptography in the Database: The Last Line of Defense

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Excerpt: This chapter discusses how cryptography can address the concerns raised in the previous chapter. After explaining what cryptography is and providing a general idea of how it works, we dig into the various types of cryptographic algorithms and see where the strengths and weaknesses of each lie.

Distributed Computing Cracks Enigma Code

Distributed Computing Cracks Enigma Code

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

More than 60 years after the end of World War II, a distributed computing project has managed to crack a previously uncracked message that was encrypted using the Enigma machine. The M4 Project began in early January, as an attempt to break three original Enigma messages that were intercepted in 1942 and are thought never to have been broken by the Allied forces.

US boffins tune up optical quantum cryptography

US boffins tune up optical quantum cryptography

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A team of Los Alamos National Laboratory scientists, in collaboration with researchers from the National Institute of Standards and Technology in Boulder, Colo., and Albion College, in Albion, Mich., have achieved quantum key distribution (QKD) at telecommunications industry wavelengths in a 50-kilometer (31 mile) optical fiber. According to the researchers, the work could accelerate the development of QKD for secure communications in optical fibers at distances far beyond current technological limits.

Decrypting Encryption Myths

Decrypting Encryption Myths

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Some of the more prominent headlines over the past year were dominated by incidents of data theft, where corporation after corporation had fallen victim to information theft on a large scale. While many victims had hackers and devious insiders to blame, other instances were simply due to human error such as lost data tapes and stolen laptops. In these cases, CIOs may think their information is not at risk because of encryption. But is this really enough?

NIST updates cryptography guidelines for U.S. Federal Agencies

NIST updates cryptography guidelines for U.S. Federal Agencies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

In a bid to help U.S. federal agencies protect sensitive, but unclassified information, the National Institute of Standards and Technology (NIST) has updated guidelines for selecting and implementing cryptographic methods. Originally published in 1999, Guideline for Implementing Cryptography in the Federal Government (NIST Special Publication 800-21-1) is intended primarily for federal employees who design computer systems and procure, install and operate security products to meet specific needs.

OpenSSL receives FIPS certification

OpenSSL receives FIPS certification

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Cryptographic Module Validation Program (CMVP), a joint effort of the US and Canadian governments, approved the validation of the OpenSSL open source security toolkit for implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols on Friday.

Encryption: A nice idea that few want to implement?

Encryption: A nice idea that few want to implement?

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2% of companies responding to our survey say their organizations have an enterprisewide encryption plan. However, the study also reveals that encryption is viewed by many as an important security tool that enhances the IT professionals' overall sense of trust or comfort in data-protection efforts. The primary reasons cited for not encrypting sensitive or confidential information were concern about system performance (69%), complexity (44%) and cost (25%). (See "Securing Card Data Isn't An Easy Sell.")

OpenSSH cutting edge

OpenSSH cutting edge

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Federico Biancuzzi interviews OpenSSH developer Damien Miller to discuss features included in the upcoming version 4.3, public key crypto protocols details, timing based attacks and anti-worm measures.

Hold the Photons!

Hold the Photons!

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

How would you feel if you invested millions of dollars in quantum cryptography, and then learned that you could do the same thing with a few 25-cent Radio Shack components? I'm exaggerating a little here, but if a new idea out of Texas A&M University turns out to be secure, we've come close.

Encryption is not enough for DRM

Encryption is not enough for DRM

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Now let’s be clear right from the start that if you want to have any kind of control over the content of an electronic document you have first of all got to use encryption. But encryption is only the start of implementing a DRM service. Poorly packaged encryption, badly thought out licensing, integration that exposes weaknesses in the packaging of the method for displaying the document, are all ways in which even the most powerful encryption system can be made useless. And, of course, there is the very important question about what is actually encrypted, and what, if anything, is not.

Deciphering laptop encryption

Deciphering laptop encryption

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

During the past two weeks, I started up a disk encryption project, one of the technology initiatives under my company's intellectual asset protection program. Our goal with the disk encryption effort is to prevent the loss of intellectual property stemming from the theft of a laptop. On several occasions, executives' laptops have gone missing or been stolen. One of those missing laptops contained intellectual property and sensitive data, including information on a pending acquisition, product strategy and road maps. Luckily, it was recovered.

RSA-640 Factored

RSA-640 Factored

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A team at the German Federal Agency for Information Technology Security (BSI) recently announced the factorization of the 193-digit number known as RSA-640. The team responsible for this factorization is the same one that previously factored the 174-digit number known as RSA-576 and the 200-digit number known as RSA-200.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved