Monthly Archives: July 2013

Life-Saving Third-World Remittances Smothered by Anti-Money-Laundering Laws

"Without a formal banking sector, millions of Somalis rely on money sent from abroad. Underground agents could potentially fill the void. Alternatively, migrant workers could simply transfer new cryptographic commodities like bitcoin, which are not against the law. Also included in the countries put on notice by Barclays are Nigeria, Ghana, India, and Bangladesh with the resulting impact certain to be felt by Somalia's neighbors, Kenya and Ethiopia. The wholesale closure of accounts parallels the situation in Minnesota last year when a local bank, citing the risk of strict penalties, ceased transfers to Somalia for migrants wanting to send money home." Continue reading

Continue ReadingLife-Saving Third-World Remittances Smothered by Anti-Money-Laundering Laws

The Government’s Perilous Bitcoin Chase

"Nothing can strip the shine off a cool trend as quickly as national security officials sharing how it is poised to become a cutting-edge tool in terrorists’ ongoing death-to-America project. As such, I want to thank David Cohen, the Treasury’s Undersecretary for Terrorism and Financial Intelligence, and John Carlin, acting Assistant Attorney General for National Security—distinguished and otherwise delightful members of a panel I moderated at the Aspen Institute’s National Security Forum this past weekend—for casting a sinister shadow over what I had previously assumed to be the harmless if quirky Bitcoin craze." Continue reading

Continue ReadingThe Government’s Perilous Bitcoin Chase

CryptoParty: Party like it’s December 31st, 1983

"Attend a CryptoParty to learn and teach how to use basic cryptography tools. A CryptoParty is free, public and fun. People bring their computers, mobile devices, and a willingness to learn! CryptoParty is a decentralized, global initiative to introduce the most basic cryptography software and the fundamental concepts of their operation to the general public, such as the Tor anonymity network, public key encryption (PGP/GPG), and OTR (Off The Record messaging). CryptoParties are free to attend, public, and commercially and politically non-aligned." Continue reading

Continue ReadingCryptoParty: Party like it’s December 31st, 1983

Cypherpunk (Wikipedia)

"A cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s. A very basic cypherpunk issue is privacy in communications and data retention. Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 90s." Continue reading

Continue ReadingCypherpunk (Wikipedia)

Whitfield Diffie (Wikipedia)

"Bailey Whitfield 'Whit' Diffie is an American cryptographer and one of the pioneers of public-key cryptography. In 1975-76, Diffie and Martin Hellman criticized the NBS proposed Data Encryption Standard, largely because its 56-bit key length was too short to prevent Brute-force attack. Subsequent history has shown not only that NSA actively intervened with IBM and NBS to shorten the key size, but also that the short key size enabled exactly the kind of massively parallel key crackers that Hellman and Diffie sketched out. When these were ultimately built outside the classified world, they made it clear that DES was insecure and obsolete." Continue reading

Continue ReadingWhitfield Diffie (Wikipedia)

Data Encryption Standard – NSA’s involvement in the design (Wikipedia)

"In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in ...] NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key." Continue reading

Continue ReadingData Encryption Standard – NSA’s involvement in the design (Wikipedia)

Data, meet spies: The unfinished state of Web crypto

"Most Internet companies do not use an privacy-protective encryption technique that has existed for over 20 years -- it's called forward secrecy -- that cleverly encodes Web browsing and Web e-mail in a way that frustrates fiber taps by national governments. Lack of adoption by Apple, Twitter, Microsoft, Yahoo, AOL and others is probably due to 'performance concerns and not valuing forward secrecy enough,' says Ivan Ristic, director of engineering at the cloud security firm Qualys. Google, by contrast, adopted it two years ago." Continue reading

Continue ReadingData, meet spies: The unfinished state of Web crypto

Google offers to fund wireless hotspots in San Francisco

"Google Inc is offering $600,000 to set up free wireless Internet hotspots in 31 public spaces in San Francisco, but city officials said they need to review annual maintenance costs before it could be approved. Google has previously funded public wireless projects in its home city of Mountain View, California, in New York Chelsea’s neighborhood and around Boston’s South Station. San Francisco officials say public Internet service is long overdue for a city that has eclipsed Silicon Valley as the epicenter of the startup ecosystem in recent years, attracting a dramatic influx of venture capital investment and young tech workers." Continue reading

Continue ReadingGoogle offers to fund wireless hotspots in San Francisco

Google strengthens Android security with NSA’s SELinux; TPM also coming

"Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. the other big security enhancement introduced in Android 4.3 is a more robust way to store cryptographic credentials used to access sensitive information and resources. 'With the keychain enhancements, the system-wide keys are bound to a hardware-based root of trust process devices that support this,' said Pau Oliva Fora, senior mobile security engineer at viaForensics. 'The phone needs to have a secure element such as a Trusted Platform Module so that private keys can't be stolen.'" Continue reading

Continue ReadingGoogle strengthens Android security with NSA’s SELinux; TPM also coming

Feds put heat on Web firms for master encryption keys

"These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users. If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer." Continue reading

Continue ReadingFeds put heat on Web firms for master encryption keys