What is Keybase good for, anyway?

UPDATE - 20170228 - Added more stuff I've discovered about KBFS.

A couple of years ago you probably heard about this thing called Keybase launching with a private beta, and it purported itself to be a new form of public key encryption for the masses, blah blah blah, whatever.. but what's this thing good for, exactly?  I mean, it was pretty easy to request an invite from the service and either never get one, or eventually receive an e-mail and promptly forget about it.  I've been using it off and on for a while, and I recently sat down to really mess …

Read more...

Canonical Wikileaks URLs and SSL certificate fingerprints.

Official Wikileaks document submission URLs:

https://sunshinepress.org/
http://suw74isz7wqzpmgu.onion/ (Tor only)

Source: /pictures/the_next_hope-2010/img_1624.jpg, taken 17 July 2010 at the keynote address. Image taken of Jacob Appelbaum's presentation slide.

Official SHA-256, SHA-1, and MD5 fingerprints of the Wikileaks document submission URLs:

SHA-256:
85:C3:77:8E:7F:BC:96:42:CF:EE:03:B0:AC:4A:2A:26:
15:18:CB:50:41:EC:7A:2A:CC:9F:56:60:67:94:04:7E

SHA-1:
68:C3:4B:3D:05:7A:53:E3:8C:FE:
71:F1:30:3D:8A:AD:8E:33:0A:76

MD5 …

Read more...

"MD5 considered harmful today"... but why?

If you've been following net.news in the past twenty-four to forty-eight hours you heard about what went down at the Chaos Computer Congress yesterday - a group of security researchers figured out how to exploit the flaws in the MD5 hash algorithm to forge CA certificates, thus placing SSL encryption as we know it in jeopardy.

...right? Breaking SSL is bad, yeah?

Like many things in life (and nearly everything in cryptography) it's not that simple or that straightforward. Yes, this is bad, but it's not "go back to punchcards" bad.

Let's take it step by step. First of all …

Read more...