Porting Godwin's Law to the field of cryptography.

On the Internet, there exists a meme called Godwin's Law. Simply put, "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one," (where probabilities are specified as floating point values between 0.0 (0%) and 1.0 (100%)). It is usually at this point that the discussion is considered completely derailed and no longer worth following.

It seems that a similar phenomenon is occurring more and more often in the twenty-first century, in which online discussions of cryptographic or security software will eventually lead to someone bringing up Ken Thompson's famous paper Reflections …

Read more...

Serious vulnerability found in elliptic curve PRNG - cryptographers freak out.

A major component of cryptographic systems are pseudorandom number generators used to pull values out of thin air for the purposes of generating session keys and the bignum components of crypto keys, among other things. This is done so that an eavesdropping attacker can't predict ahead of time what a particular key is going to be and decrypt traffic as it's transmitted. Another reason is that it's easier to generate a pseudorandom number and check it for certain properties all at once than it is to work up such a number by hand and check it against those properties every …

Read more...

Webloggers be warned: Wordpress v2.1.1 is compromised!

A recent emergency bulletin from Matt of the Wordpress weblogging software project is highly distressing to say the least: someone cracked one of the project's servers and inserted a pair of backdoors into v2.1.1, which make it possible for a malicious user to remotely execute aribitrary code on the server hosting a Wordpress blog.

What I want to know is this: Why wasn't the Wordpress project at the very least posting hashes of the distribution archives, or PGP/GPG signing the archives and posting detached signatures for the files? Looking at the Wordpress download page shows a pair …

Read more...

Archive: 20070108

Note to self: All the walking in DC is making me go through tennis socks faster than I can replace them. I've blown through six socks in three days because they've ripped through without warning walk walking down the street. This is a little annoying because I feel like a slob. It's 2007, so the time for upgrading is probably upon most of us. To wit, here's something that should leave just about everyone drooling in anticipation: This Thursday upcoming, Hitachi will put their one terabyte hard drives on the consumer market with an opening price of $399us. The drives …

Read more...