Yearly Archives: 2013

Cypherpunk (Wikipedia)

"A cypherpunk is an activist advocating widespread use of strong cryptography as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s. A very basic cypherpunk issue is privacy in communications and data retention. Such guarantees require strong cryptography, so cypherpunks are fundamentally opposed to government policies attempting to control the usage or export of cryptography, which remained an issue throughout the late 90s." Continue reading

Continue ReadingCypherpunk (Wikipedia)

Whitfield Diffie (Wikipedia)

"Bailey Whitfield 'Whit' Diffie is an American cryptographer and one of the pioneers of public-key cryptography. In 1975-76, Diffie and Martin Hellman criticized the NBS proposed Data Encryption Standard, largely because its 56-bit key length was too short to prevent Brute-force attack. Subsequent history has shown not only that NSA actively intervened with IBM and NBS to shorten the key size, but also that the short key size enabled exactly the kind of massively parallel key crackers that Hellman and Diffie sketched out. When these were ultimately built outside the classified world, they made it clear that DES was insecure and obsolete." Continue reading

Continue ReadingWhitfield Diffie (Wikipedia)

Data Encryption Standard – NSA’s involvement in the design (Wikipedia)

"In 1973 NBS solicited private industry for a data encryption standard (DES). The first offerings were disappointing, so NSA began working on its own algorithm. Then Howard Rosenblum, deputy director for research and engineering, discovered that Walter Tuchman of IBM was working on a modification to Lucifer for general use. NSA gave Tuchman a clearance and brought him in ...] NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately they compromised on a 56-bit key." Continue reading

Continue ReadingData Encryption Standard – NSA’s involvement in the design (Wikipedia)

Data, meet spies: The unfinished state of Web crypto

"Most Internet companies do not use an privacy-protective encryption technique that has existed for over 20 years -- it's called forward secrecy -- that cleverly encodes Web browsing and Web e-mail in a way that frustrates fiber taps by national governments. Lack of adoption by Apple, Twitter, Microsoft, Yahoo, AOL and others is probably due to 'performance concerns and not valuing forward secrecy enough,' says Ivan Ristic, director of engineering at the cloud security firm Qualys. Google, by contrast, adopted it two years ago." Continue reading

Continue ReadingData, meet spies: The unfinished state of Web crypto

Google offers to fund wireless hotspots in San Francisco

"Google Inc is offering $600,000 to set up free wireless Internet hotspots in 31 public spaces in San Francisco, but city officials said they need to review annual maintenance costs before it could be approved. Google has previously funded public wireless projects in its home city of Mountain View, California, in New York Chelsea’s neighborhood and around Boston’s South Station. San Francisco officials say public Internet service is long overdue for a city that has eclipsed Silicon Valley as the epicenter of the startup ecosystem in recent years, attracting a dramatic influx of venture capital investment and young tech workers." Continue reading

Continue ReadingGoogle offers to fund wireless hotspots in San Francisco

Google strengthens Android security with NSA’s SELinux; TPM also coming

"Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. the other big security enhancement introduced in Android 4.3 is a more robust way to store cryptographic credentials used to access sensitive information and resources. 'With the keychain enhancements, the system-wide keys are bound to a hardware-based root of trust process devices that support this,' said Pau Oliva Fora, senior mobile security engineer at viaForensics. 'The phone needs to have a secure element such as a Trusted Platform Module so that private keys can't be stolen.'" Continue reading

Continue ReadingGoogle strengthens Android security with NSA’s SELinux; TPM also coming

Feds put heat on Web firms for master encryption keys

"These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users. If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer." Continue reading

Continue ReadingFeds put heat on Web firms for master encryption keys

UK Information Commissioner Blasts License Plate Readers

"The UK Information Commissioner's Office (ICO) on Wednesday ordered a review of Hertfordshire Constabulary's use of the technology in Royston, the first town in England to adopt the technology. All six possible routes into and out of the town are covered by license plate cameras creating what police like to call a 'ring of steel.' The system keeps a log of the movements of all automobiles, something the commissioner found unnecessary. 'It is difficult to see why a small rural town such as Royston, requires cameras monitoring all traffic in and out of the town 24 hours a day,' ICO enforcement chief Stephen Eckersley said in a statement." Continue reading

Continue ReadingUK Information Commissioner Blasts License Plate Readers

TSA: Give Us Fingerprints, Web History and You Can Keep Your Shoes On

"In order to participate in the ‘PreCheck’ TSA program, you will need to allow them to reach down into the proverbial pants of your personal life as well. Under PreCheck, you are required to not only present your fingerprints to the TSA in person and pay a fee of $85, but the agency is also looking to gather all forms of your data as well — which reports state includes your web history and online data. With the help of a third party organization, the TSA seeks to ‘pre-screen’ (think pre-crime) individuals based on their activity in order to determine if they are worthy of bypassing the most minimal of security checkpoints." Continue reading

Continue ReadingTSA: Give Us Fingerprints, Web History and You Can Keep Your Shoes On

Plan To Defund NSA Phone Collection Program Defeated

"A controversial proposal to restrict how the National Security Agency collects telephone records failed to advance by a narrow margin Wednesday, a victory for the Obama administration, which has spent weeks defending the program since media leaks sparked international outrage about the agency’s reach. Lawmakers voted 217 to 205 to defeat the proposal. Speaker John A. Boehner (R-Ohio), who as head of the House rarely votes on legislation, voted against the amendment." Continue reading

Continue ReadingPlan To Defund NSA Phone Collection Program Defeated