The World Wide Whisper - WhatsApp Introduces End-to-End Encryption for 500 Million Users
Today, on Dev, Rob talks about the new encryption being integrated into WhatsApp, the popular Facebook-owned messaging service, and explains how it keeps your messages private.

By: LearnToProgram: You Can Code.

Original post:
The World Wide Whisper - WhatsApp Introduces End-to-End Encryption for 500 Million Users - Video

VOIP Encryption: The Tech Guy 1137
Dennis in Costa Rica has a VPN solution and was wondering if that could be the solution to make secure, encrypted VOIP calls. For the full episode, go to htt...

By: TWiT Netcast Network

Original post:
VOIP Encryption: The Tech Guy 1137 - Video

Unofficial CM12 for Android One, Disabling Encryption on Nexus 6, Jolla Tablet Announced!
Android One devices have received an Unoffical CyanogenMod 12 build! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this...

By: xdadevelopers

Original post:
Unofficial CM12 for Android One, Disabling Encryption on Nexus 6, Jolla Tablet Announced! - Video

Plenty of companies brag that their communications app is encrypted. But that marketing claim demands a followup question: Who has the key? In many cases, the company itself holds the cryptographic key data that lets it decrypt your messagesand so, therefore, does any hacker who compromises the company or government official standing over its shoulder.

But increasingly, privacy-conscious communications tools are rolling out a feature known as end-to-end encryption. That end-to-end promise means that messages are encrypted in a way that allows only the unique recipient of a message to decrypt it, and not anyone in between. In other words, only the endpoint computers hold the cryptographic keys, and the companys server acts as an illiterate messenger, passing along messages that it cant itself decipher.

That notion of the decryption key never leaving the users device might seem like a paradox. If the companys server can never see the key, then how does it get onto the device when the user installs the app in the first place?

The answer is possible because of another crypto trick known as public-key encryption. In public key crypto systems, a program on your computer mathematically generates a pair of keys. One, called the private key or secret key, is used for decrypting messages sent to you and never leaves your device. The other, called the public key, is used for encrypting messages that are sent to you, and its designed so that only the corresponding private key can decrypt those messages. That key can be shared with anyone who wants to encrypt a message to you. Think of the system like a lockbox on your doorstep for the UPS delivery man: anyone with your public key can put something in the box and lock it, but only you have the private key to unlock it.

The first free, widely used end-to-end encrypted messaging software was PGP, or Pretty Good Privacy, a program coded by Phil Zimmermann and released in 1991. But its taken decades for that complete encryption tunnel to reach the masses. Programs like the Off The Record plugin for Jabber instant-messaging applications and TextSecure for text messaging have made end-to-end encryption far easier to use. Apple uses a form of end-to-end encryption in its iMessage app. (Though some security researchers have pointed to flaws in its implementation that might allow its messages to be decrypted.) Google is experimenting with an end-to-end encryption email plugin for Chrome. And just last week smartphone messaging app Whatsapp integrated TextSecure into its Android software, turning on end-to-end encryption for hundreds of millions of users.

Even end-to-end encryption isnt necessarily impervious from snooping. Rather than try to actually break the encryption, for instance, an eavesdropper may try to impersonate a message recipient so that messages are encrypted to their public key instead of the one the sender intended. After decrypting the message, the snoop can then encrypt it to the recipients actual public key and send it on again to avoid detection; this is whats known as a man-in-the-middle attack. To combat that tactic, some end-to-end encryption programs generate unique one-time strings of characters based on the two users public keys. The two people communicating read out that passphrase to each other before starting their conversation. If the characters match, they can be reassured theres no man in the middle.

Of course, there are still two vulnerable points left in even perfect end-to-end encryption systems: the ends. Each users computer can still be hacked to steal his or her cryptographic key or simply read the recipients decrypted messages. Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end.

Hacker Lexicon is WIREDs explainer series that seeks to de-mystify the jargon of information security, surveillance and privacy.

More:
Hacker Lexicon: What Is End-to-End Encryption?

The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.

In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.

The bottom line is "serious negative implications for device performance in any situation where applications are reading or writing to disk," the report concludes.

With full-disk encryption, all information is encrypted before it's written to disk. Accessing the information requires decryption, which is protected by the device's lockscreen passcode.

A Nexus 6 was the device evaluated in this latest benchmark report. Normally it's not available without full-disk encryption, but Motorola reportedly provided a build with the feature disabled for the purpose of comparison testing.

Instructions for disabling Lollipop's encryption feature on the Nexus 6 are now available on the XDA developers' forum.

"There's a cost that comes with encrypting and decrypting stuff," said Ronald Gruia, director of emerging telecoms at Frost & Sullivan.

In the wake of the Edward Snowden leaks and "rampant security breaches" throughout the year, Apple took the lead and closed the "final back door" in its platform with iOS 8, he told TechNewsWorld.

Then, "Google had to match that," Gruia said. "It had offered full-disk encryption since version 3.0 'Honeycomb,' but only now is it on by default."

In general, the idea is to improve privacy by making snooping more and more difficult -- including even for law enforcement, Gruia noted.

See original here:
Lollipop's Encryption Takes a Hefty Toll

If you feel your snazzy new Nexus 6 just isn't performing as quickly and smoothly as it should be, Android 5.0's default full-disk encryption could be to blame. AnandTech recently ran storage performance benchmark tests on two Nexus 6 devices: one with and one without full-disk encryption (FDE) enabled.

The Nexus 6 comes with FDE enabled by default, which you can't turn disable, but the site was able to grab a non-encrypted phone from Motorola.

The results of the tests were staggering. With encryption enabled on the device, the site's benchmark tests saw a 62.9 percent drop in random read performance, a 50.5 percent drop in random write, and 80.7 percent in sequential read.

Long story short: there appears to be an issue with performance lag due to Android Lollipop's FDE. And with the Nexus 6 you pay that performance hit whether you've got your lock screen enabled or not.

Why this matters: Beefed up device encryption is a big deal with the latest generation of smartphones in the wake of Edward Snowden's revelations and rampant security breaches throughout 2014. Apple closed the door on its final back door with the iPhone 6 and iOS 8. Google, which has offered FDE since Android 3.0 Honeycomb, turned it on by default beginning with Android 5.0 (Lollipop) and the Nexus 6.

The idea is to improve privacy by making it harder for general snoops (and law enforcement) to peer into your device without permission. But if FDE means poor device performance, not many people will be willing to pay the price required for extra privacy.

The issue, says AnandTech, is that many components commonly used in Android devices just aren't up to the task of incorporating FDE without a performance hit. That will probably change over time, but for now it appears to be a big issue.

For Android encryption to be useful, you also must have the lock screen enabled. Without it, FDE is enabled but it doesn't kick inyet the cost penalty remains. In other words, you could be experiencing lag on your device even if you're not effectively using FDE.

Older phones that receive Lollipop as an over the air update or flash it to their devices do not get FDE turned on automatically.

Does this mean you shouldn't pick-up the Nexus 6? Probably not. As we said in our review, the 2.7GHz SoC and 3GB RAM makes for snappy performance, including with games. Other sites have also given the Nexus 6 top marks, although The Verge and Droid-Life did notice moments of strange lag.

The rest is here:
Android Lollipop's default encryption devastates storage performance, tests show