Bruce Schneier on the false dichotomy between privacy and security.

If I ever get around to having children, I might name my first boy after Bruce Schneier because he's got a lot more on the ball than I ever will. This time around, Schneier has weighed in on the privacy versus security debate in US policy and why it's not really debatable in the manner it's being presented in because personal privacy and national security are not, in fact, opposed to one another. His commentary was provoked by Michael McConnell (Director of National Intelligence) stating in the 21 January 2008 edition of the New Yorker that he wanted to monitor …

Read more...

Serious vulnerability found in elliptic curve PRNG - cryptographers freak out.

A major component of cryptographic systems are pseudorandom number generators used to pull values out of thin air for the purposes of generating session keys and the bignum components of crypto keys, among other things. This is done so that an eavesdropping attacker can't predict ahead of time what a particular key is going to be and decrypt traffic as it's transmitted. Another reason is that it's easier to generate a pseudorandom number and check it for certain properties all at once than it is to work up such a number by hand and check it against those properties every …

Read more...