Tag: crypto

  1. Serious vulnerability found in elliptic curve PRNG - cryptographers freak out.

    16 November 2007

    A major component of cryptographic systems are pseudorandom number generators used to pull values out of thin air for the purposes of generating session keys and the bignum components of crypto keys, among other things. This is done so that an eavesdropping attacker can't predict ahead of time what a particular key is going to be and decrypt traffic as it's transmitted. Another reason is that it's easier to generate a pseudorandom number and check it for certain properties all at once than it is to work up such a number by hand and check it against those properties every …

    Read more...

  2. Hushmail rolls over on some of its users.

    08 November 2007

    For years, the webmail service provided by Hushmail has been an example of weak anonymity and privacy: They don't ask for much to set up an account, they will happily auto-generate an e-mail address for you, users connect via SSL, and they will encrypt and digitally sign any messages a user sends through their service. They also claim that all messages are stored in encrypted form on their disk arrays, so that even if someone did demand a copy of a message from a certain address it would be worthless to them (ostensibly, public key encryption is used on the …

    Read more...

  3. Shell script: truecrypt-1.0.sh

    01 November 2007

    To scratch a frequently encountered itch, namely mounting and unmounting Truecrypt volumes on USB keys and external drives on a number of systems in a day, I wrote a shell script that automates the command line arguments that I use most often as well as making it simpler to assume root privileges to do so. The script is designed to be kept on the key along with the encrypted datastore, though it could also be placed on each system in a publically accessible location (such as /usr/local/bin)

    The script assumes that it'll be run on a UNIX (-alike …

    Read more...

  4. First weekend update in a while.

    15 October 2007

    For the past couple of weeks, my weekends have been busy enough that there hasn't been much of interest to write about. Not that they weren't interesting interesting, but to be frank talking about driving around all over the place running errands, going to appointments, and things like that doesn't make for terribly gripping reading. This weekend, however, stands out in memory because it was the first really laid back weekend that we'd had in a long while.

    On Friday night Lyssa and I went shopping to get the stuff to make a lamb stew, some of which we'd be …

    Read more...

  5. Cryptographic history hit-and-run.

    19 July 2007

    Someone in Italy has a real German Enigma machine from World War II up for auction on eBay. The Enigma machines were the mechanism used to implement the famous cryptosystem that protected German radio communications up until Allied cryptographers were able to figure out how it worked. With today's technology (in particular, programming languages) it isn't too difficult to implement one yourself once you know the principle, but if this is legit, it's a real piece of World War II and crypto history. Not many Enigma machines survived after the war was over; the few that are left are in …

    Read more...

  6. The Voynich Manuscript is now on Flickr.

    19 April 2007

    Depending on whom you talk to, the Voynich Manuscript is either one of the strangest books on the face of the planet, the key to the secrets of the universe, an elaborate puzzle by Dr. John Dee/Abdul al-Hazred/the Comte de Saint Germain/$other_mystical_figure, or a brilliant hoax. The text of the book is utterly incomprehensible - if it's a cypher, it's a damned good one. Many cryptographers and puzzle freaks over the years have tried and failed to decode it, though they've discovered a few interesting things. Current thought has it that the script was created from …

    Read more...

  7. Tor has been accepted as a Google Summer of Code project!

    21 March 2007

    Tor, The Onion Router is a well-known net.privacy project that has been the subject of a grassroots development project for a couple of years now. The EFF has made room for a couple of student developers through Google's Summer of Code programme and posted an official announcement to the NoReply wiki. To apply for a position in the project you have to have a code sample and be at least somewhat familiar with how Tor works and how the code works. Knowledge of crypto is a major plus, seeing as how it encrypts traffic between nodes for privacy. You …

    Read more...

  8. How the mighty have fallen!

    14 February 2007

    The encryption algorithms for Blu-Ray and HD-DVD content have been cracked!

    The processing key is one of the keys used in the process of generating the media key, the unique key that encrypts the contents of a particular DVD. Due to the encryption algorithm used in Blu-Ray and HD-DVD technologies, they keys seem to work in a hierarchial manner: If you compromise a key lower in the hierarchy, you crack media. Compromise a key higher up in the hierarchy, and you crack all of the media encrypted underneath it.. meaning that all of the new generation DVDs may be freely …

    Read more...

  9. Windows Vista DRM cracked!

    30 January 2007

    Technically, Microsoft Windows Vista hasn't even been released yet and the DRM system has been cracked. DRM, the so-called Digital Rights Management system that the MPAA and RIAA are blackmailing hardware and software vendors into supporting so that they can control what you watch or listen to, how, when, and for how long uses strong crypto to encrypt media files and control who and what can access them. In Vista, it's called PMP, the Protected Media Path, and reaches all the way down to the level of the hardware drivers. In theory, if all of the drivers on the system …

    Read more...

  10. Random knowledge II.

    25 January 2007

    If you turn on the Xscreensaver module called Sonar while you're running a packet monitoring application (such as TCPdump), people are less likely to think you're doing anything shady, because "Only hacker tools don't have GUIs." Always hack your shell's personal configuration file (~/.bash_profile, for example) to change your shellprompt if you use GNU screen. That way you can tell what shells you've left open are single-access shells and which shells are multiplexed through a single connection with screen. It can get confusing sometimes. Because a shell run inside a GNU screen metaterminal sets an environment variable called $WINDOW …

    Read more...

3 / 4