spraci.info

Search

Items tagged with: cryptography

Image/photo
Image/photo
Bringing back the OTB Technologies Tor Hidden Service once I get finished setting up the ZeroNet Site (https://ZeroNet.io) for the digital version of my book, The Ultimate Guide to Anonymity (copyright 2019.) Also I will bring back the OTB Technologies Eepsite shortly thereafter. Why you may ask? Well, to summarize, Biden is a Terrorist Lover and he supports Communist ideologies which makes me concerned for the future of this country...
I refuse to allow Communists and Socialists to take over this Great Nation of America!!! 😡😡😡

#Anonymity #TorNetwork #Tor #I2P #Eepsite #FreedomOfSpeech #FreedomOfPress #Censorship #MassSurveillance #Obama #Biden #Trump #QAnon #QAnons #Anons #WWG1WGA #America #Politics #Corruption #Cryptography #Bitcoin #Monero #Freedom #MakeAmericaFreeAgain
 
phew! wrote a part of cryptography for my utility today.
encoding of sensitive DB data and passwords.
took part of code from claws-mail, but significantly refactored it, because they heavily use gnome libraries and I don't. I use only GnuTLS. and I added processing of large binary blocks (in claws-mail only passwords were encrypted). so almost nothing has left from the original code piece. but it works fine. so I can store private keys and passwords in encrypted form in DB.
optimization and possible leaks hunt are postponed for tomorrow. cannot stay up the whole night long. tomorrow I have a vocals lesson and need some sleep.
#programming #cryptography #gnutls
 
Performance Improvements via Formally-Verified #Cryptography in Firefox https://blog.mozilla.org/security/2020/07/06/performance-improvements-via-formally-verified-cryptography-in-firefox/ #mozilla #firefox
Performance Improvements via Formally-Verified Cryptography in Firefox
 

Renewed Threat to the Internet Archive


Once again the Internet Archive is under threat. This time it is publishers who do not want an online public library that anyone with access to the Internet can use.

I worry about this, in particular, because the Internet Archive is now the primary repository for my software.

I think it will help to support institutions like the EFF that will fight in the legislatures and courtrooms for libraries everywhere, but I do not know what else we can do.

We can, of course, use censorship-resistant Internet overlay networks as backup repositories, and I do this by using ZeroNet and I2P, but I think it is important that the clearnet not be entirely taken away from us. The Internet Archive is also available as a Tor Onion Service, but everyone knows where its servers are, so that gives it little protection. There was talk of backing up the Archive in Canada, but government regulators in Canada do not seem less corrupted than those in the USA.

I have also heard news that Project Gutenberg, the oldest project of this t... Show more...
 

How probable is a probable prime?


A probable prime is a number that passes a test that all primes pass and that
most composite numbers fail. Specifically, a Fermat probable prime is a number
that passes Fermat's primality test. Fermat's test is the most commonly used,
so that's nearly always what anyone means by probable prime unless they 're
more specific.

A number n is a Fermat probable prime for base b if

b n -1 = 1 (mod n ).

This test isn't conclusive, but it can be implemented efficiently and it weeds
out most composite numbers. To read more on probable primes, see [this
post](https://www.johndcook.com/blog/2010/10/06/probability-a-number-is-
prime/).

If a number is a probable prime, how probable is it that it really is prime?
This post will briefly summarize some results from a... Show more...
 

В ЦРУ это назвали успехом века

В 1950-2000 годах оборудование Crypto использовали более 120 стран. Известны названия половины из них, в основном это государства Европы (в том числе Ватикан), Южной и Ю
... Show more...
 

What was it like back in the last millennium in #Cyberwar?


source: https://www.wired.com/1993/02/crypto-rebels/
Not being a professional cryptographer, #Zimmermann moved slowly. By 1986, he had implemented RSA, and a year later wrote a scrambling function he called Bass-O-Matic, in homage to a Saturday Night Live commercial for a blender that liquifies fish. Piece by piece he built his program. In June, 1991, it was ready for release. He named his software #PGP, for Pretty Good Privacy. Though at one time he mused about asking users for a fee, he subsequently became concerned that the #government would one day outlaw the use of #cryptography. Since Zimmermann wanted the tools for #privacy disseminated widely before that day came, he decided to give PGP away. No strings.
#security #computer #communication #history #cryptowar #nsa #internet
 

Project Rubicon: The NSA Secretly Sold Flawed Encryption for Decades





#featured #history #originalart #securityhacks #cia #cryptoag #cryptography #nsa #hackaday
posted by pod_feeder_v2
Project Rubicon: The NSA Secretly Sold Flawed Encryption for Decades
 

PASSPHRASES THAT YOU CAN MEMORIZE — BUT THAT EVEN THE NSA CAN’T GUESS


T’S GETTING EASIER to secure your digital privacy. #cryptography #gb
 
Signal Tests Upgraded Cryptography for Groups Function

https://threatpost.com/signal-upgraded-cryptography-groups-function/151017/

#Signal #secure #private #messenger #encryption #e2e #technology #cryptography #groups
Signal Tests Upgraded Cryptography for Groups Function
 

John McMaster Explains Crypto Ignition Phone Keys and How to Reproduce Them


Image/photo

#cons #securityhacks #2019hackadaysuperconference #cik #crypto #cryptography #stuiii #supercon #hackaday
posted by pod_feeder_v2
John McMaster Explains Crypto Ignition Phone Keys and How to Reproduce Them
 

Tutanota and EasyGPG

Bad news about Tutanota and what it means to us.


https://www.reddit.com/r/tutanota/comments/dven2n/re_german_court_orders_open_source_everything/

Apparently, the German government can force Tutanota to give them unencrypted email sent and received by a given account after they receive a court order to do so. Tutanota makes it easy to send unencrypted email if you choose, so this really does mean something.

However, the encrypted email sent with Tutanota is encrypted and decrypted in the browsers of the sender and receiver, so these court orders can not be used to see encrypted email.

Tutanota issues regular reports (linked to in the Reddit discussion) about the court orders they receive.

I have a Tutanota account that I use for EasyGPG. It is mentioned in EasyGPG's built-in Help.

When I use Tutanota, I encrypt with EasyGPG, in addition to any encryption by Tutanota. I do the same with... Show more...
 
Steven Roose - 2019-11-09 16:49:09 GMT
In theory #XMPP and #Matrix are interoperable. However they both have UX flaws.
Matrix only has one server and one client implementation. Kinda. And its UX is targeted at technical users.
XMPP has a broader range of server and client implementations, but also many platforms lack a good platform.

I'd consider starting with Conversations.im. It's an XMPP client and service.
 

EasyGPG on Tails 4.0

I am planning to make it easier to install and use EasyGPG on Tails 4.0.


As I have posted before, Tails has long made it difficult to use Desktop files. This is a problem for EasyGPG because Desktop files are one reason that EasyGPG is easier than gpg from the command line.

As I write this, I plan to revise EasyGPG (the file easygpg.sh) and the installer. My plan is to install EasyGPG in the Persistent folder. When used on Tails, moving EasyGPG's Desktop file to the Desktop and double-clicking it will copy the Actions from the Actions folder (in Persistent) to the Desktop instead of opening the Actions folder.

Of course, dragging and dropping will still be impossible.

It will be necessary for both the Tails installer and EasyGPG to be able to know that it is running on Tails. I think now that the test will be that the file system structure is that of Tails, and that the user is amnesia.

I am still thinking about what can be done if EasyGPG... Show more...
 

Quantum supremacy and Post Quantum Crypto


Google
announced
today that it has demonstrated “quantum supremacy,” i.e. that they have
solved a problem on a quantum computer that could not be solved on a
classical computer. Google says
Our machine performed the target computation in 200 seconds, and from
measurements in our experiment we determined that it would take the
world’s fastest supercomputer 10,000 years to produce a similar
output.
IBM
disputes
this claim. They don’t dispute that Google has computed something with a
quantum computer that would take a lot of conventional computing
power, only that it “would take the world’s fastest supercomputer 10,000
years” to... Show more...
 

Tails 4.0 is out


2019-10-22

We are especially proud to present you Tails 4.0, the first version of Tails based on Debian 10 (Buster). It brings new versions of most of the software included in Tails and some important usability and performance improvements. Tails 4.0 introduces more changes than any other version since years.

This release also fixes many security issues. You should upgrade as soon as possible. (...)
https://tails.boum.org/news/version_4.0/index.en.html

#tails #gnu #linux #gnu-linux #distros #privacy #security #cryptography #censorship #copyleft #gpl #freesoftware #fs #softwarelibre #debian #buster #software #upgrade
 
● NEWS ● #au ☞ After banning working #cryptography and raiding #whistleblowers , #Australia 's spies ban speakers from national #infosec conference
After banning working cryptography and raiding whistleblowers, Australia's spies ban speakers from national infosec conference
 
#OpenSource #Security Podcast: Episode 157 - #Backdoors and #snakeoil in our #cryptography
 

"We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption."


https://arstechnica.com/tech-policy/2019/07/tech-firms-can-and-must-put-backdoors-in-encryption-ag-barr-says/
He also accused tech firms of "dogmatic" posturing, saying lawful backdoor access "can be and must be" done, adding, "We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption."
So, from an administrative standpoint, how will this work?
1. Will Apple and Google spy on devices that run Android or iOS, and pass on what they find to a police officer with a warrant?
2. Will police have some sort of master key provided by Apple and Google that will allow th... Show more...
 
Explainer: What is post-quantum #cryptography ? https://linuxsecurity.com/news/cryptography/explainer-what-is-post-quantum-cryptography?rss #encryption
 
Public key #cryptography - Diffie-Hellman Key Exchange

https://invidio.us/watch?v=YEBfamv-_do
 
Image/photo

Avoid Intel and AMD Universal Backdoors


Only use computers certified to Respect Your Freedom (RYF)

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #... Show more...
 

What Is Elliptic Curve Cryptography? Technology Behind Digital Signatures in Cryptocurrencies


As an example of the efficiency of ECC as compared to RSA, the same 384-bit key used in encrypting classified information would require a 7680-bit key using RSA encryption. The efficiency afforded by ECC is therefore exceedingly useful to blockchain networks since it reduces the size of transactions.
https://blockonomi.com/elliptic-curve-cryptography/
#Cryptography #Cryptocurrency #Blockchain #RSA #ECC #Tutorial
What Is Elliptic Curve Cryptography? Technology Behind Digital Signatures in Cryptocurrencies
 

Mixing error-correcting codes and cryptography


Secret codes and error-correcting codes have nothing to do with each
other. Except when they do!

Error-correcting codes


Error correcting code make digital communication possible. Without some
way to detect and correct errors, the corruption of a single bit could
wreak havoc. A simple example of an error-detection code is check
sums
.
A more sophisticated example would be erasure
codes
, a method
used by data centers to protect customer data against hard drive
failures or even entire data centers going offline.

People who work in coding theory are quick to point out that they do not
work in cryptography. “No, not that kind of code. Error-correcting
codes, not secret codes.” The goal isn’t s... Show more...
 
#PIVX #cryptography
 

Digital signatures with oil and vinegar


“Unbalanced oil and vinegar” is a colorful name for a cryptographic
signature method. This post will give a high-level description of the
method and explain where the name comes from.

The RSA encryption algorithm depends on the fact that computers can
easily multiply enormous numbers, but they cannot efficiently factor the
product of two enormous primes. Whenever you have something that’s easy
to do but hard to undo, you might be able to make an encryption
algorithm out of it.

The unbalanced oil and vinegar (UOV) digital signature algorithm is
analogous to RSA in that it also depends on the difficulty of factoring.
But UOV is based on the difficulty of factoring the composition of a
linear and nonlinear operator, not multiplying prime numbers. One
advantage of UOV over RSA is that UOV is quantum-resistant. That is, if
large quantum computers become practical, UOV signatures will r... Show more...
 
#security #encryption #chacha20 #poly1305 #openssl #SSL #vulnerability #cipher #cryptography
ChaCha20-Poly1305 vulnerability issue affects OpenSSL 1.1.1 and 1.1.0
 

Efficient modular arithmetic technique for Curve25519


Daniel Bernstein’s Curve25519 is the elliptic curve

y² = x³ + 486662x² + x

over the prime field with order p = 2^255^ – 19. The curve is a
popular choice in elliptic curve cryptography because its design choices
are transparently justified [1]and because cryptography over the
curve can be implemented very efficiently. This post will concentrate on
one of the tricks that makes ECC over Curve25519 so efficient.

Curve25519 was designed for fast and secure cryptography. One of the
things that make it fast is the clever way Bernstein carries out
arithmetic mod 2^255^ – 19 which he describes
here.

Bernstein represents numbers mod 2^255^ – 19 by polynomials whose value
at 1 gives the number. That alone is not remarkable, but his... Show more...
 
Binance’s Crypto BNB No Longer Tracks Bitcoin – And That’s a Big Deal
https://www.coindesk.com/binances-crypto-bnb-no-longer-tracks-bitcoin-and-thats-a-big-deal
#bitcoin #cryptography #cryptocurrency #finance #economics #technology
Binance’s Crypto BNB No Longer Tracks Bitcoin – And That’s a Big Deal
 

An attack on RSA with exponent 3


As I noted in this
post
, RSA
encryption is often carried out reusing exponents. Sometimes the
exponent is exponent 3, which is subject to an attack we’ll describe
below [1]. (The most common exponent is 65537.)

Suppose the same message m is sent to three recipients and all three
use exponent e = 3. Each recipient has a different modulus N~i~,
and each will receive a different encrypted message

c~i~ = m³ mod N~i~.

Someone with access to c~1~, c~2~, and c~3~ can recover the
message m as follows. We can assume each modulus N~i~ is
relatively prime to the others, otherwise we can recover the private
keys using the method described
... Show more...
 

Public key encryption based on squares and non squares


The RSA encryption algorithm depends indirectly on the assumption that
factoring the product of large primes is hard. The algorithm presented
here, invented by Shafi Goldwasser and Silvio Micali, depends on the
same assumption but in a different way. The Goldwasser-Micali algorithm
is more direct than RSA, thought it is also less efficient.

One thing that makes GM interesting is that allows a form of computing
on encrypted data that we’ll describe below.

GM in a nutshell


To create a public key, find two large primes p and q and publish
N = pq. (There’s one more piece we’ll get to shortly.) You keep p
and q private, but publish N, much like with RSA.

Someone can send you a message, one bit at a time, by sending you
numbers that either do or do not have a square root mod N.

Sending a

... Show more...
 

Base 58 encoding and Bitcoin addresses


A few weeks ago I wrote about base32 and base64
encoding
.
I’ll review these quickly then discuss base58 and its use in Bitcoin.

Base32 and base64


All three methods have the goal of compactly representing large numbers
while maintaining readability. Douglas Crockford’s base32 encoding is
the most conservative: it’s case-insensitive and it does not use the
letters I, L, O, or U. The first three letters are omitted because of
visual similarity to digits, and the last to avoid “accidental
obscenities.”

Base 64 is not concerned with avoiding visual similarities, and uses the
full upper and lower case alphabet, plus two more symbols, + and /.

Base58


Base58 is nearly as efficient as base64, but more concerned about
confusing letters and numbers.The number 1, t... Show more...
 

Google Adiantum and the ChaCha RNG


The ChaCha cryptographic random number generator is in the news thanks
to Google’s Adiantum project. I’ll discuss what’s going on, but first a
little background.

Image/photo{.alignnone .size-medium
width="500" height="375"}

The name of the project comes from a genus of fern. More on that below
as well.

One-time pads


The one-time pad is a provably unbreakable way to encrypt things.
You create a sheet of random bits and give your counterpart an exact
copy. Then when it comes time for you to send an encrypted message, you
convert your message to a stream of bits, XOR your message with the
random bits you exchanged previously, and send the result. The recipient
then takes the XOR of the received message with the pad of random bits,
and recovers the original m... Show more...
 

Sharing secrets with polynomials


This post will present a couple ways to share secrets using polynomials.
We have a group of n people who want to share a secret between them so
that k of them will have to cooperate in order to unlock the secret.
For example, maybe a committee of n = 5 wants to require the
cooperation of at least k = 3 members.

Shamir’s method


Adi Shamir came up with the idea of using polynomials to share secrets
as follows. First, encode the secret you want to share as an integer
a~0~. Next, generate m = k-1 other random integers a~1~ through
a~m~ and use these as coefficients of a polynomial f of degree
m:

Image/photo{.aligncenter
.size-medium width="284" height="20"}

A trusted party generates n... Show more...
 

Hash function menagerie


Here’s an oversimplified survey of cryptographic hash functions:
Everyone used to use MD5, now they use some variation on SHA.

There’s some truth to that. MD5 was very popular, and remains popular
years after it was proven insecure. And now variations on SHA like SHA1
and SHA256 are commonly used. But there are a lot more cryptographic
hash functions in common use.[]{#more-40063}

Python support


If Python’s hashlib is a reliable guide, the most common hashing
algorithms are
  • MD5
  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512
because these are the six algorithms guaranteed to be supported on every
platform, as listed in the output of the algorithms_guaranteed method
in hashlib... Show more...
 

Addition on Curve1174


I’ve written about elliptic curve and alluded to the fact that there’s a
special kind of addition for points on the curve. But I haven’t gone
into details because it’s more complicated than I wanted to get into.

However, there’s a special case where the details are not complicated,
the so called Edwards curves. I’ll look briefly at Edwards curves in
general, then focus on Curve1174, a particular Edwards curve used in
cryptography.

The example here could be used in an introductory group theory course
with no reference to elliptic curves. Just think of it as a funny way to
add pairs of integers.

Addition on Edwards curves


For a particular class of elliptic curve, Edwards curves, the addition
formula is simpler than usual. As mentioned a few days
ago
,
an Edwards curve has the for... Show more...
 

Naming elliptic curves for cryptography


There are an infinite number of elliptic curves, but a small number that
are used in cryptography, and these special curves have names.
Apparently there are no hard and fast rules for how the names are
chosen, but there are patterns.

The named elliptic curves are over a prime field, i.e. a finite
field
with a prime
number of elements p. The curve names usually contain a number which
is the number of bits in the binary representation of p. Let’s see how
that plays out with a list of elliptic curves.
|------------------+-----------|
| Name | bits in p |
|------------------+-----------|
| ANSSI FRP256v1 | 256 |
| BN(2, 254) | 254 |
| brainpoolP256t1 | 256 |
| Curve1174 | 251 |
| Curve25519 | 255
... Show more...
 
But how can we trust #redhat on #cryptography when it works so closely with the #nsa and will soon work under US Army ally #ibm ?
 

RSA duplication flaws


Implementation flaws in RSA encryption make it less secure in practice
than in theory.

RSA encryption depends on 5 numbers:
  • Large primes p and q
  • The modulus n = pq
  • Encryption key e
  • Decryption key d
The numbers p, q, and d are kept secret, and the numbers e
and n are made public. The encryption method relies on the assumption
that in practice one cannot factor n into p and q.

All five numbers should be chosen anew each time [1], but in practice
you can find numbers being reused.

Duplicate primes


The numbers p and q should be unique to each use of the method, but
in practice there have been instances of... Show more...
 

Economics, power laws, and hacking


Increasing costs impact some players more than others. Those who know
about power laws and know how to prioritize are impacted less than those
who naively believe everything is equally important.

This post will look at economics and power laws in the context of
password cracking. Increasing the cost of verifying a password does not
impact attackers proportionately because the attackers have a power law
on their side.

Key stretching


In an earlier
post
I
explained how key stretching increases the time required to verify a
password. The idea is that if authentication systems can afford to spend
more computation time verifying a password, they can force attackers to
spend more time as well.

The stretching algorithm increases the time required to test a single
salt and password combination by a factor... Show more...
 
Later posts Earlier posts