spraci.info

Bringing back the OTB Technologies Tor Hidden Service once I get finished setting up the ZeroNet Site (https://ZeroNet.io) for the digital version of my book, The Ultimate Guide to Anonymity (copyright 2019.) Also I will bring back the OTB Technologies Eepsite shortly thereafter. Why you may ask? Well, to summarize, Biden is a Terrorist Lover and he supports Communist ideologies which makes me concerned for the future of this country...

I refuse to allow Communists and Socialists to take over this Great Nation of America!!! 😡😡😡

#Anonymity #TorNetwork #Tor #I2P #Eepsite #FreedomOfSpeech #FreedomOfPress #Censorship #MassSurveillance #Obama #Biden #Trump #QAnon #QAnons #Anons #WWG1WGA #America #Politics #Corruption #Cryptography #Bitcoin #Monero #Freedom #MakeAmericaFreeAgain

encoding of sensitive DB data and passwords.

took part of code from claws-mail, but significantly refactored it, because they heavily use gnome libraries and I don't. I use only GnuTLS. and I added processing of large binary blocks (in claws-mail only passwords were encrypted). so almost nothing has left from the original code piece. but it works fine. so I can store private keys and passwords in encrypted form in DB.

optimization and possible leaks hunt are postponed for tomorrow. cannot stay up the whole night long. tomorrow I have a vocals lesson and need some sleep.

#programming #cryptography #gnutls

Once again the Internet Archive is under threat. This time it is publishers who do not want an online public library that anyone with access to the Internet can use.

I worry about this, in particular, because the Internet Archive is now the primary repository for my software.

I think it will help to support institutions like the EFF that will fight in the legislatures and courtrooms for libraries everywhere, but I do not know what else we can do.

We can, of course, use censorship-resistant Internet overlay networks as backup repositories, and I do this by using ZeroNet and I2P, but I think it is important that the clearnet not be entirely taken away from us. The Internet Archive is also available as a Tor Onion Service, but everyone knows where its servers are, so that gives it little protection. There was talk of backing up the Archive in Canada, but government regulators in Canada do not seem less corrupted than those in the USA.

I have also heard news that Project Gutenberg, the oldest project of this t... Show more...

A probable prime is a number that passes a test that all primes pass and that

most composite numbers fail. Specifically, a Fermat probable prime is a number

that passes Fermat's primality test. Fermat's test is the most commonly used,

so that's nearly always what anyone means by

more specific.

A number

This test isn't conclusive, but it can be implemented efficiently and it weeds

out most composite numbers. To read more on probable primes, see [this

post](https://www.johndcook.com/blog/2010/10/06/probability-a-number-is-

prime/).

If a number is a probable prime, how probable is it that it really is prime?

This post will briefly summarize some results from a... Show more...

## OpenSSL Cheat Sheet

A quick reference for using OpenSSL tool / library under Linux base system.

#ssl #cryptography #encryption #cipher #tls #crypto #encrypt #decrypt

Published by albertx on 25th May 2020.- - - - - -

https://cheatography.com/albertx/cheat-sheets/openssl/

source: https://www.wired.com/1993/02/crypto-rebels/

Not being a professional cryptographer, #Zimmermann moved slowly. By 1986, he had implemented RSA, and a year later wrote a scrambling function he called Bass-O-Matic, in homage to a Saturday Night Live commercial for a blender that liquifies fish. Piece by piece he built his program. In June, 1991, it was ready for release. He named his software #PGP, for Pretty Good Privacy. Though at one time he mused about asking users for a fee, he subsequently became concerned that the #government would one day outlaw the use of #cryptography. Since Zimmermann wanted the tools for #privacy disseminated widely before that day came, he decided to give PGP away. No strings.#security #computer #communication #history #cryptowar #nsa #internet

It's the FBIs, NSAs, and Equifaxes of the world versus a swelling movement of Cypherpunks, civil libertarians, and millionaire hackers. At stake: Whether privacy will exist in the 21st century.

T’S GETTING EASIER to secure your digital privacy. #cryptography #gb

Passphrases That You Can Memorize — But That Even the NSA Can’t Guess

https://threatpost.com/signal-upgraded-cryptography-groups-function/151017/

#Signal #secure #private #messenger #encryption #e2e #technology #cryptography #groups

https://www.reddit.com/r/tutanota/comments/dven2n/re_german_court_orders_open_source_everything/

Apparently, the German government can force Tutanota to give them unencrypted email sent and received by a given account after they receive a court order to do so. Tutanota makes it easy to send unencrypted email if you choose, so this really does mean something.

However, the encrypted email sent with Tutanota is encrypted and decrypted in the browsers of the sender and receiver, so these court orders can not be used to see encrypted email.

Tutanota issues regular reports (linked to in the Reddit discussion) about the court orders they receive.

I have a Tutanota account that I use for EasyGPG. It is mentioned in EasyGPG's built-in Help.

When I use Tutanota, I encrypt with EasyGPG, in addition to any encryption by Tutanota. I do the same with... Show more...

In theory #XMPP and #Matrix are interoperable. However they both have UX flaws.

Matrix only has one server and one client implementation. Kinda. And its UX is targeted at technical users.

XMPP has a broader range of server and client implementations, but also many platforms lack a good platform.

I'd consider starting with Conversations.im. It's an XMPP client and service.

575 Toots, 207 Following, 100 Followers · Hacking on #Bitcoin @ Blockstream. Interests: #Bitcoin, #XMPP/#Jabber, #politics, #climatechange, #privacy. Stack: #Rust, #Golang, #git, #Vim, #Arch, #Cryptography. From #Belgium.

As I have posted before, Tails has long made it difficult to use Desktop files. This is a problem for EasyGPG because Desktop files are one reason that EasyGPG is easier than

As I write this, I plan to revise EasyGPG (the file

Of course, dragging and dropping will still be impossible.

It will be necessary for both the Tails installer and EasyGPG to be able to know that it is running on Tails. I think now that the test will be that the file system structure is that of Tails, and that the user is

I am still thinking about what can be done if EasyGPG... Show more...

announced

today that it has demonstrated “quantum supremacy,” i.e. that they have

solved a problem on a quantum computer that could not be solved on a

classical computer. Google says

Our machine performed the target computation in 200 seconds, and fromIBM

measurements in our experiment we determined that it would take the

world’s fastest supercomputer 10,000 years to produce a similar

output.

disputes

this claim. They don’t dispute that Google has computed something with a

quantum computer that would take a

power, only that it “would take the world’s fastest supercomputer 10,000

years” to... Show more...

→ https://tails.boum.org/news/version_4.0/index.en.html## Tails 4.0 is out

2019-10-22

We are especially proud to present you Tails 4.0, the first version of Tails based on Debian 10 (Buster). It brings new versions of most of the software included in Tails and some important usability and performance improvements. Tails 4.0 introduces more changes than any other version since years.

This release also fixes many security issues. You should upgrade as soon as possible. (...)

#tails #gnu #linux #gnu-linux #distros #privacy #security #cryptography #censorship #copyleft #gpl #freesoftware #fs #softwarelibre #debian #buster #software #upgrade

Josh and Kurt talk about snakeoil cryptography at Black Hat and the new backdoored cryptography fight. Both of these problems will be wi...

https://arstechnica.com/tech-policy/2019/07/tech-firms-can-and-must-put-backdoors-in-encryption-ag-barr-says/

He also accused tech firms of "dogmatic" posturing, saying lawful backdoor access "can be and must be" done, adding, "We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption."So, from an administrative standpoint, how will this work?

1. Will Apple and Google spy on devices that run Android or iOS, and pass on what they find to a police officer with a warrant?

2. Will police have some sort of master key provided by Apple and Google that will allow th... Show more...

https://opensourcesecurity.io/2019/07/26/why-you-cant-backdoor-cryptography/

will #proprietarysoftware be imposed and 'possession' of #freesw be made a crime?

Are you familiar with post-quantum cryptography? The race is on to create new ways to protect data and communications from the threat posed by super-powerful quantum computers. Get the details in this article. Few of us give much thought to the tiny padlock symbol that appears in our web browsers...

https://invidio.us/watch?v=YEBfamv-_do

The history behind public key cryptography & the Diffie-Hellman key exchange algorithm. We also have a video on RSA here: https://www.youtube.com/watch?v=wXB-V...

#Snowden #Citizenfour #documentary #film #Poitras #Greenwald #Assange #Manning #NSA #whistleblower #scandal #Wikileaks #intelligence #metadata #data #technology #GNU #GNULinux #GPG #FreeSoftware #Internet #communication #power #privacy #security #cryptography #freedom #law #illegal #wiretapping #mass #surveillance #tracking #war #USA #government #tyranny #totalitarian #espionage #PRISM

https://b2aeaa58a57a200320db-8b65b95250e902c437b256b5abf3eac7.ssl.cf5.rackcdn.com/media_entries/12898/Citizenfour.2014.720p.medium.webm

The #Intel #Management #Engine is present on all Intel #desktop, #mobile ( #laptop ), and #... Show more...

As an example of the efficiency of ECC as compared to RSA, the same 384-bit key used in encrypting classified information would require a 7680-bit key using RSA encryption. The efficiency afforded by ECC is therefore exceedingly useful to blockchain networks since it reduces the size of transactions.

https://blockonomi.com/elliptic-curve-cryptography/

#Cryptography #Cryptocurrency #Blockchain #RSA #ECC #Tutorial

Secret codes and error-correcting codes have nothing to do with each

other. Except when they do!

Error correcting code make digital communication possible. Without some

way to detect and correct errors, the corruption of a single bit could

wreak havoc. A simple example of an error-detection code is check

sums.

A more sophisticated example would be erasure

codes, a method

used by data centers to protect customer data against hard drive

failures or even entire data centers going offline.

People who work in coding theory are quick to point out that they do not

work in cryptography. “No, not that kind of code. Error-correcting

codes, not secret codes.” The goal isn’t s... Show more...

“Unbalanced oil and vinegar” is a colorful name for a cryptographic

signature method. This post will give a high-level description of the

method and explain where the name comes from.

The RSA encryption algorithm depends on the fact that computers can

easily multiply enormous numbers, but they cannot efficiently factor the

product of two enormous primes. Whenever you have something that’s easy

to do but hard to undo, you might be able to make an encryption

algorithm out of it.

The unbalanced oil and vinegar (UOV) digital signature algorithm is

analogous to RSA in that it also depends on the difficulty of factoring.

But UOV is based on the difficulty of factoring the composition of a

linear and nonlinear operator, not multiplying prime numbers. One

advantage of UOV over RSA is that UOV is quantum-resistant. That is, if

large quantum computers become practical, UOV signatures will r... Show more...

Daniel Bernstein’s Curve25519 is the elliptic curve

over the prime field with order

popular choice in elliptic curve cryptography because its design choices

are transparently justified [1]and because cryptography over the

curve can be implemented very efficiently. This post will concentrate on

one of the tricks that makes ECC over Curve25519 so efficient.

Curve25519 was designed for fast and secure cryptography. One of the

things that make it fast is the clever way Bernstein carries out

arithmetic mod 2^255^ – 19 which he describes

here.

Bernstein represents numbers mod 2^255^ – 19 by polynomials whose value

at 1 gives the number. That alone is not remarkable, but his... Show more...

https://www.coindesk.com/binances-crypto-bnb-no-longer-tracks-bitcoin-and-thats-a-big-deal

#bitcoin #cryptography #cryptocurrency #finance #economics #technology

As I noted in this

post, RSA

encryption is often carried out reusing exponents. Sometimes the

exponent is exponent 3, which is subject to an attack we’ll describe

below [1]. (The most common exponent is 65537.)

Suppose the same message

use exponent

and each will receive a different encrypted message

Someone with access to

message

relatively prime to the others, otherwise we can recover the private

keys using the method described

... Show more...

The RSA encryption algorithm depends indirectly on the assumption that

factoring the product of large primes is hard. The algorithm presented

here, invented by Shafi Goldwasser and Silvio Micali, depends on the

same assumption but in a different way. The Goldwasser-Micali algorithm

is more direct than RSA, thought it is also less efficient.

One thing that makes GM interesting is that allows a form of computing

on encrypted data that we’ll describe below.

To create a public key, find two large primes

and

Someone can send you a message, one bit at a time, by sending you

numbers that either do or do not have a square root mod

A few weeks ago I wrote about base32 and base64

encoding.

I’ll review these quickly then discuss base58 and its use in Bitcoin.

All three methods have the goal of compactly representing large numbers

while maintaining readability. Douglas Crockford’s base32 encoding is

the most conservative: it’s case-insensitive and it does not use the

letters I, L, O, or U. The first three letters are omitted because of

visual similarity to digits, and the last to avoid “accidental

obscenities.”

Base 64 is not concerned with avoiding visual similarities, and uses the

full upper and lower case alphabet, plus two more symbols, + and /.

Base58 is nearly as efficient as base64, but more concerned about

confusing letters and numbers.The number 1, t... Show more...

The ChaCha cryptographic random number generator is in the news thanks

to Google’s Adiantum project. I’ll discuss what’s going on, but first a

little background.

{.alignnone .size-medium

width="500" height="375"}

The name of the project comes from a genus of fern. More on that below

as well.

The

You create a sheet of random bits and give your counterpart an exact

copy. Then when it comes time for you to send an encrypted message, you

convert your message to a stream of bits, XOR your message with the

random bits you exchanged previously, and send the result. The recipient

then takes the XOR of the received message with the pad of random bits,

and recovers the original m... Show more...

This post will present a couple ways to share secrets using polynomials.

We have a group of

that

For example, maybe a committee of

cooperation of at least

Adi Shamir came up with the idea of using polynomials to share secrets

as follows. First, encode the secret you want to share as an integer

{.aligncenter

.size-medium width="284" height="20"}

A trusted party generates

Here’s an oversimplified survey of cryptographic hash functions:

Everyone used to use MD5, now they use some variation on SHA.

There’s some truth to that. MD5 was very popular, and remains popular

years after it was proven insecure. And now variations on SHA like SHA1

and SHA256 are commonly used. But there are a

hash functions in common use.[]{#more-40063}

If Python’s

algorithms are

- MD5
- SHA1
- SHA224
- SHA256
- SHA384
- SHA512

platform, as listed in the output of the

in

I’ve written about elliptic curve and alluded to the fact that there’s a

special kind of addition for points on the curve. But I haven’t gone

into details because it’s more complicated than I wanted to get into.

However, there’s a special case where the details are not complicated,

the so called Edwards curves. I’ll look briefly at Edwards curves in

general, then focus on Curve1174, a particular Edwards curve used in

cryptography.

The example here could be used in an introductory group theory course

with no reference to elliptic curves. Just think of it as a funny way to

add pairs of integers.

For a particular class of elliptic curve, Edwards curves, the addition

formula is simpler than usual. As mentioned a few days

ago,

an Edwards curve has the for... Show more...

There are an infinite number of elliptic curves, but a small number that

are used in cryptography, and these special curves have names.

Apparently there are no hard and fast rules for how the names are

chosen, but there are patterns.

The named elliptic curves are over a prime field, i.e. a finite

field with a prime

number of elements

is the number of bits in the binary representation of

that plays out with a list of elliptic curves.

`|------------------+-----------| `

| Name | bits in p |

|------------------+-----------|

| ANSSI FRP256v1 | 256 |

| BN(2, 254) | 254 |

| brainpoolP256t1 | 256 |

| Curve1174 | 251 |

| Curve25519 | 255

... Show more...
Starting with Red Hat Enterprise Linux 8 you may be able to defend against some attacks against deprecated security protocols and options with our newly introduced system-wide crypto policy. This policy is included with the release of Red Hat Enterprise Linux 8.0 beta. It is a policy applied consistently to running services and is kept up-to-date as part of the software updates, to stay in par with cryptographic advances.

Implementation flaws in RSA encryption make it less secure in practice

than in theory.

RSA encryption depends on 5 numbers:

- Large primes
*p*and*q* - The modulus
*n*=*pq* - Encryption key
*e* - Decryption key
*d*

and

that in practice one cannot factor

All five numbers should be chosen anew each time [1], but in practice

you can find numbers being reused.

The numbers

in practice there have been instances of... Show more...

https://threadreaderapp.com/thread/1087848040583626753.html

https://sourceforge.net/p/sevenzip/bugs/2176/

Thread by @3lbios: "So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it sho I did. After a few mins I noticed they use 8byte "random" IV. Yes, h […]" #7zip #encryption #facepalm #randomness

Increasing costs impact some players more than others. Those who know

about power laws and know how to prioritize are impacted less than those

who naively believe everything is equally important.

This post will look at economics and power laws in the context of

password cracking. Increasing the cost of verifying a password does not

impact attackers proportionately because the attackers have a power law

on their side.

In an earlier

post I

explained how key stretching increases the time required to verify a

password. The idea is that if authentication systems can afford to spend

more computation time verifying a password, they can force attackers to

spend more time as well.

The stretching algorithm increases the time required to test a single

salt and password combination by a factor... Show more...