Linux Cryptography - Page 42
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Concerns that improvements in factoring technology might make it easier to break large key length encryption codes are misplaced, according to noted cryptographer Bruce Schneier. Last year mathematician Dan Bernstein circulated a paper discussing improvements in integer factorization, . . .
PureTLS is a free Java-only implementation of the SSLv3 and TLSv1 (RFC2246) protocols. PureTLS was developed by Eric Rescorla for Claymore Systems, Inc. but is being distributed for free because we believe that basic network security is a public good and . . .
"A bug exists in the channel code of OpenSSH versions 2.0 - 3.0.2 Users with an existing user account can abuse this bug to gain root privileges. Exploitability without an existing user account has not been proven but is not considered impossible. A malicious ssh server could also use this bug to exploit a connecting vulnerable client.". . .
A week ago, on Feb. 26, Network Associates (NAI) sent an e-mail to some of its customers announcing that it had killed the PGP Desktop Security product line. This, ladies and gentlemen, is very grim news indeed. Why do I care about PGP Desktop? Because it's a critical software package for me, and presumably for many of you as well.. . .
In this third article in a series, Daniel Robbins shows you how to take advantage of OpenSSH agent connection forwarding to enhance security. He also shares recent improvements to the keychain shell script. If you can't run ssh-agent on untrusted hosts, then how do you establish secure, passwordless ssh connections from these systems?. . .
The wonderful CodeCon conference that took place in San Francisco last weekend is now available as an audio stream. And in keeping with the true hackish nature of the event, the audio stream is a cross-platform DIY project in its own right.. . .
Accelerated Encryption Processing (AEP) will show off two new encryption-processing products at the RSA Security conference to be held in San Jose, California next week (18 February). Web servers used for e-commerce, financial services and other tasks that make intensive use . . .
By some estimates, well over 900 million people -- nearly one out of every seven people on Earth -- have access to e-mail. Most of them are, or should be, familiar by now with the saying, "Sending e-mail is like sending . . .
Secretary of Commerce, Don Evans, announced the National Institute of Standards and Technology?s (NIST; https://www.nist.gov/), approval of a new information technology encryption standard for the federal government. The Advanced Encryption Standard (AES; is expected to be widely used in the private sector, as well, to protect sensitive computerized information and financial transactions. The announcement marked the culmination of a four-year effort by computer scientists at the NIST to achieve a highly secure algorithm for the AES. The effort was conducted through a competition that started in 1997. Researchers from 12 different countries submitted encryption algorithms. Each of the algorithms submitted was required to support key sizes of 128, 192 and 256 bits. For a 128-bit key size, there are approximately 340 undecillion (340 followed by 36 zeros) possible keys. The link for this article located at ISP World is no longer available.
Do people in your company send confidential information to business partners or remote employees via Internet email? Are they using some form of digital ID system to secure their communications? If they're not, any sensitive information contained in those messages is at risk as the email travels across the Internet.. . .
A nice summary of all the issues pertaining to AES and how it has replaced DES as the encryption standard. "Nothing moves fast in the world of encryption, which may help explain why the U.S. is only now about to leave 56-bit DES behind for new encryption schemes.. . .
For all the pro-Web services enthusiasm here at Forrester's conference, serious security-and trust-related concerns emerged as a common theme. Citing worries about investing trust in third-party identity providers such as RSA and VeriSign, conference attendees and speakers at the conference . . .
Ironically, winning possession of computer equipment on the battlefield may be the easy part; terrorists today have the capacity to protect data with encryption schemes that not even America's high-tech big guns can crack. The number of possible keys in the . . .
AS MYSTICS SEARCH for the lost island of Atlantis and UFO buffs seek out alien spacecraft, cryptologists are continuing their own quest to create an unbreakable code. Michael Rabin, a Harvard University computer science professor, believes he has moved cryptology . . .
Within days of the September 11 attacks U.S. intelligence agencies were being blamed in many quarters for their failure to detect the terrorists' plans in advance. Mistakes in the formulation and execution of intelligence policy were no doubt made. Yet there . . .
Knowledge of cryptographic techniques used to belong almost exclusively to governments, which use cryptography to protect political, diplomatic and military secrets against the prying eyes of other governments. Historically, governments took steps to restrict the spread of cryptographic knowledge. Cryptographic activities . . .
The U.S. Court of Appeals for the Sixth Circuit has ruled that computer source code is protected by the First Amendment. The ruling could have significant implications on the United States' encryption policies. This article discusses the case and the lessons it teaches about encryption.. . .
Norwegian prosecutors have indicted Jon Johansen for his role in creating the DeCSS program that unlocked a DVD copy protection system and unleashed a series of lawsuits by the motion picture industry.
A computer science professor is renewing a constitutional challenge to U.S. encryption laws, arguing that the government's policy on restricting the export of domestic cryptographic research violates the First Amendment. Daniel Bernstein, the University of Illinois computer science professor who resurrected . . .
The key generation idea is likely to see opposition from law enforcement and government, especially during the current war on terrorism. Last week, a U.S. District Court told the Justice Department that it could keep its keystroke-logging technology under . . .