From Whatsapp to Viber, Chat apps have become extremely popular in the last few years. Today, just about every person that owns a mobile phone is using some instant-messaging app. If you are interested in building a chat app, you may want to create a standalone app or adding the app to an existing service or product.

The recommended approach to launching your chat app involves first launching its MVP, which stands for Minimal Viable Product. Whatsapp used this method, presenting the most important features to attract the interest of users. From here, you can continue to develop the app by capitalizing on the feedback from users. In this way, it becomes easier to follow a confident and careful path to build your chat app, lower the initial development costs, and learn more about your impression on the market.

When using Whatsapp as an example, this is one of the instant messaging apps that allow an exchange of video, audio messages, and text between multiple users or two users. This application uses XMPP (Extensible Messaging and Presence Protocol). This is a completely decentralized protocol that makes WhatsApp extremely secure. If you use chat API from CometChat, all you have to do is configure it and start using it in your app. Chat APIs and SDKs are compatible with the different operating systems and easy to work with. With time they also get upgraded through which you have access to new features.

Like other app types, it is possible to create your chat app using a set of basic features. Here is a list of the functionality that should be included in the app.

Authorization is the first step involved in creating a chat app. There are different sign-up features you can choose. Some of these examples include authorization via the phone number, email, or social media. You can choose only to support one of these authorizations. However, it makes much more sense not to limit your users to just one authorization method. It is advisable to create your chat app to support all the options allowing your users to select the most convenient method for them.

If you would like to create a chat app that will not annoy your users, this a feature you should include. Importing contacts should happen automatically. Your chat app should include a function that scans the contact in the users contact book, followed by importing these to a server.

Another feature that you may want to include when building your messaging app is to allow users to automatically view their contacts using the messaging app already and who they can contact through this app. You can also ask your developer to allow your users to easily import their contacts from other platforms such as social media.

It is not possible to build a chat app without a messaging feature. This is the main part of any messenger application. Implementing a messaging feature will depend on the architecture type that you have decided to use.

Client-Server Messenger Application Vs. Server-Based Chat App

This is an app that will store all the messages onto a server. If you have chosen this chat type, keep in mind that every interaction between the server and users must occur via the HTTPS protocol, and they must be encrypted using an SSL certificate.

Since these are the type of applications that require interaction with servers, it becomes necessary to ensure the pulling interval is minimal. This interval should be around 1-2 seconds. This is among the methods used on how to create a chat app that allows for instant messaging that occurs between users.

These are applications that can also feature added layers of protection. An example of this is cryptography that encrypts every message sent from a server to a recipient.

These are the apps that do not use a server for storing messages. When users send messages, they are authenticated by a central server and then encrypted using what is known as an Asymmetric Cryptography Algorithm, which is also known as public-key cryptography. Messages are delivered to recipients through a wireless mesh network.

When considering how to create a chat or messaging app that users will enjoy, you may want to implement this option. A file-sharing feature allows your users to exchange videos, images, documents, and other content types with others.

You can implement this feature in two different ways. The first is to allow users to send files or content from internal storage or a gallery. The second way is to allow users to take videos or photos directly from your app, allowing them to instantly send these captured moments to a friend or family member.

The features mentioned above are essential for any chatting app. Your app can also include enhanced features that will allow for advanced possibilities.

If you are searching for the easiest solution on how to create a chat app that users are going to love, there are no silver bullets. It is advisable not to duplicate features used by the most popular and trending chatting apps. Instead, try creating unique user experiences by offering exclusive and uncommon features that may appeal to your users.

The rest is here:
Top Tips On How To Build Your Own Chat App - Techiexpert.com - TechiExpert.com

Data breaches are a nearly daily occurrence, with passwords and other personal data captured by hackers from the companies where you shop, eat and bank. Often, though, the password you diligently remember when you order groceries for the week, has been stored in a way that protects you fairly well. That process is called hashing, with a second step, called salting, and a third called peppering. All three can be used together often they're not but even one step one can help to lock down your special word, phrase or string of characters even more.

Here are the differences between the three, and most keenly why you should want to make sure that the companies you entrust with your business, also take steps to protect your information too. Even if you use a password manager to securely store your own credentials, hopefully the places where you go online are taking these security measures too.

Hashing transforms your password from plain text to a new outputGetty Images/iStock

What is Hashing?

Hashing is a way of transforming your password into a unique identifier and fingerprint that are hard to invert and essentially reverse. Basically you're mincing up your data, and creating a fixed output. Why would you want to use a hash? If a password is just stored as plain text, then if a hacker gained access to that data they would have the keys to your account and potentially others if you've reused that password in other places.

"If you use the more simple implementation, and not have [passwords] hashed at all, and a password data base is breached, everyone's password is fairly accessible," Arve Kjoelen, chief information security officer at McAfee told GearBrain.

So that's why many companies will say, if they've been breached, that while their database was captured, it contained hashed passwords. Think of these then as phrases that have been encoded into a secret language. You really can't reverse engineer a hash. But intrepid hackers can try and find the secret language, pushing a slew of words through coding, and then compare those results with hashed passwords. They may not know the hash a company has used, but they can just compare their hashed collection to a company's and try to match the hashes together. If they find a match they can then figure out the password.

And that's exactly what some hackers do, Jim Miller at Trail of Bits told GearBrain.

"An attack called a rainbow table can generate a giant value where they compute the hash of those passwords," said Miller, a serious security engineer for Trail of Bits' cryptography team. "And so an attacker can compare those values against the table and easily identify a password in a database."

Not great. So that's why many companies then take a second extra step called salting.

Salting adds another layer of security, attaching a new random character to your passwordGetty Images/iStock

What is Salting?

Salting works a little bit as it sounds. Just like the way people add salt to their food, salting in cryptography adds another element to your password, designed to make it just that much harder to crack or guess.

The way a salt works, a random character is assigned to your password the same random character each time but you, nor even the company, knows what it is. Then, your new password, what you think of as your password plus the added salt, is hashed. And voila, you have something that is pretty hard to decipher.

"You can find a rainbow table online," said Miller. "But you can't predict what the salt value will be, and so that makes the table useless."

You never see this process when you're logging on to buy those books for class. Instead, you're just entering your password, and the system is looking up the salt for you, and then the hash. And that happens in less than a second. It does cost more to add this second, salting step, but it's that extra step that helps locks down a consumer's information and protects a company's reputation too.

"You don't have to salt passwords to be more secure, but it's the right thing to do," Dave Hatter, a cybersecurity consultant in Cincinnati, Ohio told GearBrain.

Peppering takes your security to another level, assigning another value and storing that away from the original password Getty Images/iStockphoto

What about Peppering?

Peppering takes the whole salting concept another step further, and assigns a second random value to the password but this value is never stored with the salt nor the password.

You could think of a pepper is just an extra salt. But the pepper is a not only a secret key that only shows up when a customer is logging into a site, it also has to be stored in a separate location so it actually remains a secret.

You may be able to guess the hash, and even get into the salt, but if the pepper is somewhere physically elsewhere, a hacker would have to have access to both databases to really make any headway.

"Peppering improves the security of a salt and hash because without the pepper value, an attacker cannot crack a single hash," Hatter said.

So what should I do to protect myself?

First, you should make sure you're doing the basic security steps to protect your password and secure your digital life. That includes basic things from changing the default password that comes on your new device to not using your child's name as your across the web. (Please.) These are actions you can take on your own and they're free.

Then, you wouldn't be wrong to check to see how the company you're working with, whether that's your financial institution or the online grocery store where you regularly shop, is securing your personal data including your password.

You don't have to be a coder to understand whether a company is encrypting data you enter into their web site. You just have to be willing to make a decision on whether you want to work with those firms who are trying to protect your accounts, or not. That's a step many people should consider taking.

"I think consumers should be aware of the various ways of storing their passwords," said McAfee's Kjoelen. "And if it's not stored securely, when there is a breach, those passwords could potentially be cracked."

Link:
Hash, Salt and Pepper: How cooking your password makes it safer - Gearbrain

London Tech Week

The first virtual London Tech Week took place in early September, providing attendees with unmissable content from a range of experts discussing the latest innovations in tech and its impact on businesses. Security featured in several discussions, including in one seminar where Fabian Eberle explored how breakthroughs in privacy-enhancing technologies were enabling the future of biometric authentication. Olaf Jensen reports.

Passwords have been around for around 60 years, but they no longer provide the protection from cyberthreats they once did, and new alternatives have emerged that may yet supplant them.

Indeed, Fabian Eberle, COO and Founder of cybersecurity firm Keyless speaking at London Tech Weeks digital conference earlier this month, sees it as an ambition to eliminate the humble password. He can do this, he says, through a combination of machine learning and multimodal biometric authentication that he believes will revolutionise how people are identified and authenticated.

The need to replace passwords is particularly pressing because they are notoriously insecure. It may come as no surprise that an astonishing 2.3 billion credentials were stolen by hackers and cybercriminals in 2017 alone.

Why? Because nobody follows best practice when it comes to password security. Even IT leaders are not immune: around 55% of them reuse the same password across multiple services in fact, 51% of all passwords are reused. All this means that around half of all helpdesk calls are for password resets, and passwords cause approximately 80% of all data breaches.

There are typically three factors of authentication used today: inherence, such as physical characteristics used in biometric security like our face or fingerprints; possession, as in something we carry that generates a pin code; and knowledge, which covers anything we have to remember like a PIN or a password.

Each has benefits and drawbacks. For instance, while passwords are quite secure in theory, remembering them can be difficult and once they are compromised, they offer no additional security, and a centralised database of passwords attracts the attention of hackers. Biometrics, meanwhile, are unique to us, meaning theres nothing for us to forget, but it is sensitive data and storing it is a burden for businesses they also cannot be changed.

The main challenge is to balance the trade-off between security and privacy on one hand, and convenience and user experience on the other. Which of these matters most is extremely dependent on context: users consistently rank security above convenience when it comes to, for instance, a banking app, while prioritising convenience for social media.

COVID-19 has arguably highlighted the need for what Eberle calls a password-less paradigm. Greater digitalisation and an increasingly mobile or homeworking workforce has made the password more cumbersome. Indeed, data suggests that the average worker spends around 24 hours entering passwords each year.

Biometric security is set to play a big role. A demand for a better customer experience, the growing threat of cyberfraud there has been a 600% rise in phishing attacks during the coronavirus pandemic and more stringent data protection regulations such as GDPR have driven the adoption of biometric authentication. Its convenient, already familiar from our smartphones, and requires the use of something we always carry around with us, such as our face and fingerprints. But its not fool proof, and still needs an extra layer of protection.

The solution, explains Eberle, is to combine multiple authentication factors, such as a one-time, generated pin code and a fingerprint scan. This is known as two-factor authentication and is increasingly recommended to individuals as well as businesses as the best line of defence against cybercriminals. To Eberle, multi-factor security should be baked into a system by design.

Eberles Keyless software is just one of a new generation of security providers that combine multiple security measures. In this case, that means machine learning, cryptography and biometrics. It lacks a centralised database, making it less of a target for hackers, and features anti-spoofing software that means photographs wont fool the biometric sensor. In the future, the system may even measure behavioural characteristics such as keystrokes or the precise way the user holds their phone.

A greater consumer awareness of privacy and security means firms will increasingly seek to give users personal control over their data. Services like Keyless are the start of that process, because they do not centralise control of their users data in one place. But the humble password, stored centrally or dependent on the users memory, may have no place in that future.

Find out more about the topics under discussion at London Tech Week.

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Global's essential weekly newsletter. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

How breakthroughs in privacy-enhancing technologies enable the future of biometric authenticationOlaf Jensen reports from London Tech Week, this time a digital event for the first time, where privacy-enhancing technologies to improve biometric security was on the discussion table.

Olaf Jensen

Biometric security systems: a guide to devices, fingerprint scanners and facial recognition access control

Use of automated facial recognition by South Wales Police deemed unlawful, court rules

Inner Range announces updates to Inception

Continued here:
How breakthroughs in privacy-enhancing technologies enable the future of biometric authentication - IFSEC Global

CISA sent an unusual warning late last week. The federal cybersecurity agency instructed government IT departments to drop everything and patch their Windows servers.

The source of all their fears? The Zerologon vulnerability, disclosed last week. Augusts patch Tuesday fixed the bug, but its feared many organizations will have delayed installing it on their AD domain controllers.

The thing is,Zerologon rates a perfect 10 on the CVSS scale. In todays SBBlogwatch, we run and hide.

Your humble blogwatchercurated these bloggy bits for your entertainment. Not to mention:Maiden Goes To Hollywood.

Whats the craic, Zack?Mister Whittaker reportsHomeland Security issues rare emergency alert:

The Cybersecurity and Infrastructure Security Agency, better known as CISA, [is] requiring all federal departments and agencies to immediately patch any Windows servers vulnerable to the so-called Zerologon attackciting an unacceptable risk to government networks. Rated the maximum 10.0 in severity, [it] could allow an attacker to take control of any or all computers on a vulnerable network, including domain controllers.The bug was appropriately called Zerologon, because an attacker doesnt need to steal or use any network passwords to gain access to the domain controllers. With complete access to a network, an attacker could deploy malware, ransomware, or steal sensitive internal files.Although the CISA alert only applies to federal government networks, the agency said it strongly urges companies and consumers to patch their systems as soon as possible if not already.

AndDan Goodin addsAgencies that dont update must disconnect all domain controllers:

Microsoft published a patch last Tuesday. No later than 11:59pm EDT on Wednesday, agencies are to submit a completion report attesting the update has been applied to all affected servers or provide assurance that newly provisioned or previously disconnected servers will be patched.Its possible for attackers to exploit the vulnerability over the Internet [if] organizations expose their domain controllers. [Or, if they] have exposed Server Message Blockor Remote Procedure Call, [it] may be exploitable. Queries using the Binary Edge search service show that almost 30,000 domain controllers are viewable and another 1.3 million servers have RPC exposed.Zerologon is tracked as CVE-2020-1472. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers.Researchers continue to find evidence that people are actively developing attack code. Given the stakes and the amount of publicly available information about the vulnerability, it wouldnt be surprising to see in-the-wild exploits emerge in the coming days.

Feeling smug because you dont use Windows?Stop that, say Sambas Andrew Bartlett and Douglas Bagnall:

Installations running Samba asthe Active Directory DC [or] the classic/NT4-style DC [are] vulnerable. However, since version 4.8the default behaviour of Samba has been to insist on a secure netlogon channelequivalent to having server schannel = yes in the smb.conf.Versions 4.8 and above are not vulnerable unless they have the smb.conf lines server schannel = no or server schannel = auto. Samba versions 4.7 and below are vulnerable unless they have server schannel = yes. Each domain controller needs the correct settings in its smb.conf.Samba 4.10.18, 4.11.13, and 4.12.7 have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.Our Code, Our Bugs, Our Responsibility.

Wait. Pause.?Why havent these IT people already done the job? v1 cant understand whats taking them so long:

The CVE was initially released on August 11. Funny theyre just now in a hurry to patch a severity-10 thats been out now for six weeks.Granted, it took Microsoft until last Tuesday to publish a patch, but any competent admin would have looked at that and said that goes on now and has already closed that barn door. Sure, tell the idiots to get it done immediately, then review the completion reports and fire everyone that waited until they were ordered to patch their servers, and hire competent replacements.

Butacdha reckons it aint that simple:

Youre missing the biggest reason: enterprise IT shops with strict change management processes and, especially in government, years of austerity budgets cutting resources for both sysadmins and rigorous testing.If you have a charge management process which takes a month to approve updates, the problem is not the sysadmin. If years of skimping means that the operators are afraid to patch because theyll be punished if it breaks things and they dont have a robust testing process, the problem is not the sysadmin.This is more expensive than people like to admit. You either need to accept lower security/reliability or spend more on staff, capacity, and licenses. Lots of places try to cut that corner and itll seem to work until, as Warren Buffet likes to say, the tide goes out.This is a really tricky problem in government because the pay scales can be very hard to change. Historically the higher-level positions were senior and relatively limited, so its not like you can just effortlessly bump all of your developer positions up to the highest grade without hitting budget caps. That probably means youre hiring people at lower levels which are more like entry level pay.

AndDeputy Cartmans been there done that bought the T-shirt:

Once organizations reach a certain size, they seem to instill a very very strong sense of Dont rock the boat if you dont have to mindset. You want to be proactive and apply a patch? Well what if it breaks something!? Just sit on your ***, keep looking at Tik-Tok, and counting down the days for your pension.Fix **** after the duct tape breaks, and move on with your life. Im already starting to feel this way at my defense company job due to its size. Fixing all the **** Im seeing thats pants-on-head stupid would go about as well as punching a concrete wall until my fists are hamburger.Just roll your eyes, take your time with that 8th cup of coffee, and just do what you can.

What went wrong, anyway?With a neat precis, heres tialaramex:

This is an amazing bug. What happens is, youre supposed to fill out a bunch of bytes as proof of who you are, and then a bunch of bytes that represent stuff like seconds since the start of the Unix epoch. If you cant do this, NetLogon figures you arent really who you say you are.The exploit is: Fill everything out with all zeroes. This will succeed one time in 256 on average.[It] isnt a bug in the code, its a design mistake: If you implement exactly what Microsofts design document says for NetLogon, one time in 256 all zeroes lets you in. By design. Stupid stupid design.It stands out how terrible Microsoft is at cryptographic design. Microsoft does this over and over.

IT people deserve blame too.Coppercloud dreams up the best simile:

Wait, people have domain controllers present on the public internet? Like, no firewall, port forwarded or no NAT, no VPN? Just out there?This is plugging a hole in a leaky chicken fence and hoping it floats.

Cue:the inevitable conspiracy theory. jiggawatts approaches 88 mph:

I am now convinced that Microsoft is purposefully degrading the quality of the cryptography at the behest of the NSA. Microsoft products have all of the following current cryptographic problems: There is no support for TLS 1.3. HSTS is very hit and miss. Until very recently, youd have to jump through hoops to enable TLS 1.1 and 1.2. Across a forest trust, RC4 is the default cipher. If you try to enforce AES ciphers youll break some forms of single-sign-on from Azure AD. If you use ECC certificates, youre stuck with the handful of now very thoroughly legacy curves. You cant have elliptic curve certificates with: NDES, AD FS, SQL Server, SCCM until very recently, and in fact just about every Microsoft product except for IIS. Which I remind you still cant do TLS 1.3. Azure Key Vault cant issue anything but RSA certificates from third-party CAs. The NSA does exist. They do degrade cryptographic algorithms, either through national security letters or simply bribery. The Dual_EC_DRBG fiasco happened. It really happened. Private United States based organisations do cooperate with these programs, either willingly or because they are forced to.Its one thing to accuse a neighbour randomly of murder. Its entirely another thing if you see them putting a shockingly large and heavy rolled up carpet in the boot of their car.

Meanwhile,kaur thinks a thought experiment:

Every country in the world is [asking] questions: Why do we use a consumer OS built by an US company? Can we trust USA to be our ally and not abuse its power over Microsoft? Can we trust USA to stay our ally in the forseeable future?

Maiden Goes To Hollywood

Previously in And Finally

You have been readingSBBlogwatchbyRichiJennings. Richi curates the best bloggy bits, finest forums, and weirdest websites so you dont have to. Hate mail may be directed to@RiCHiorsbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Ryan McGuire (via Pixabay)

Recent Articles By Author

Link:
Feds Yell PATCH NOW over Windows AD Zerologon Vuln - Security Boulevard

Grgoire Ribordy [Image: Courtesy of ID Quantique]

In the second day of OSAs Quantum 2.0 conference, the focus shifted from quantum computing to other aspects of quantum technologyparticularly quantum communications and quantum sensing. On that note, Grgoire Ribordy, the founder of the Switzerland-based quantum crypto firm ID Quantique, looked at how quantum technologies are being employed for the long-term challenges in data security posed by quantum computing itself.

ID Quantique has a long pedigree in quantum technology; the company has been in business since 2001. In retrospect, Ribordy said, we were really crazy to start a company in quantum technology in 2001 It was way too early. But the firm forged ahead and has now developed a suite of applications in the data-security space.

Ribordy stressed thatespecially over the past few monthsits become increasingly clear that digital security, and protecting digital information against hacking, is extremely important. Classical cryptography assembles a set of techniques for hiding information from unauthorized users, which Ribordy compared to building a castle around the data.

The problem, however, is that after quantum computers become reality, one application for them will be to crack the cryptography systems that are currently in use. When that happens, said Ribordy, the walls we have today wont be able to protect the data anymore. The best cryptography techniques for avoiding that baleful outcome, he suggested, are those that themselves rely on quantum technologyand that can provide robust protection, while still allowing the convenience of the prevailing classical private-key encryption systems.

[Image: Grgoire Ribordy/OSA Quantum 2.0 Conference]

Just how much one should worry about all ofthis nowwhen quantum computers powerful enough to do this sort of cracking still lie years in the futuredepends, according toRibordy, on three factors. One, which he labeled factor x, is how long you need current data to be encryptedperhaps only a short time for some kinds of records, decades for other kinds. The second, y, is the time that it will take to retool the current infrastructure to be transformed into somethingquantum-safe. And the third, z, is how long it will actually take for large-scale, encryption-breaking quantum computers to be built.

If x and/or y are longer than z, he suggested, we have a problemand theres a lot of debate today surrounding just what the values of these variables are. One of ID Quantiques services is to take clients through a quantum risk assessment that attempts to suss out how long they need to protect their data, and what the implications are for their cryptography approach.

Ribordy cited three key components to effective long-term quantum encryption. One, and perhaps the oldest, is quantum random number generation (QRNG) to build security keys, whether classical or quantum. A second is something that Ribordy called crypto-agility. (You dont hard-code cryptography, he explained. Instead, you want to upgrade it whenever a new advance comes.) And the third component is quantum key distribution (QKD), which is a technique still under active development, but which is already being deployed in some cases.

On the first component, Ribordy noted that ID Quantique has been active in QRNG since 2014, when the idea arose of using mobile-phone camera sensors as a source for QRNs. These arrays of pixels, he said, can provide both large rates of raw entropy (an obvious necessity for true randomness), and an industry-compatible interface. He walked the audience through the companys efforts to create a low-cost (CMOS-based), low-power, security-compliant chip for QRNGbeginning with early experiments using a Nokia phone and moving through the required efforts at miniaturization, engineering for stability and consistency, and avoiding such pitfalls as correlations between the different camera pixels, which would degrade the randomness of the output.

The result, Ribordy said, is a QRNG chip that has recently been added to a new Samsung mobile phoneappropriately named the Galaxy A71 Quantumthat is now available in the Republic of Korea. And the chip is not just window dressinga Korean software company partnered with Samsung to create apps for pay services, cryptocurrency services and other features that rely on random numbers, and that use the ID Quantique chip to get high-quality instances of them.

Grgoire Ribordy, at the OSA Quantum 2.0 conference.

We think this is very important, said Ribordy, because it shows that quantum technologies can be industrialized and integrated into applications.

In terms of such industrialization, another security application, quantum key distribution (QKD) is not as advanced as QRNG, according to Ribordybut he argued that the experience of QRNG bodes well for QKDs commercialization path. One issue for QKD is the short distance that such secure links can exist in fiber before quantum bit error rates become too high, though Ribordy pointed to recent paper in Nature Photonics in which practical QKD was demonstrated across a fiber link of 307 km.

Ribordy noted a number of areas of particular activity in the QKD sphere. One active area of interest, for example, is developing network topologies that play especially well with QKD. ID Quantique is also working with SK Telecom in the Republic of Korea on how QKD can be integrated into the optical networks underlying next-generation, 5G wireless. In these circumstances, the proverbial last mile, operating at radio frequencies, can only be secured with traditional cryptography, but using QKD on the optical part of the communication chain will make the network as a whole more secure.

A number of other projects are in the works as well, Ribordy said, including a European project, Open QKD, the goal of which is to prepare the next generation of QKD deployment in Europe. And large-scale deployment projects are afoot in China as well.

The presence of these diverging global efforts prompted a question in the Q&A session that followed Ribordys talkjust how open are these QKD markets? Ribordy noted that, in the near term they are closing down Since quantum is a new industry, every country or region would like to be a player. The Chinese QKD ecosystem, he suggested, is completely cut offthere is kind of a Galapagos effect, and Europe also is starting to become a more closed ecosystem in the QKD arena. Ribordy views this as a sign of market immaturity, however, and believes things will become more open again in the future with efforts toward certification and standardization.

Visit link:
Putting the Quantum in Security - Optics & Photonics News

About Cryptocurrency

Cryptocurrency is a digital asset structured to work as a medium of exchange where every single coin and transaction is stored in an online ledger format. Strong cryptography is used to fix up the transaction process and for the generation of additional coins.

The technology prevailing behind cryptocurrencies are really difficult to understand. Even pioneers in business feel it difficult to comprehend about this topic and how the values of cryptocurrencies are being fixed up. But as there are around 3000 digital assets disseminated digitally, we are in need to implement certain metric and analytical tools for identifying its value. Let us discuss the 5 most undervalued cryptocurrencies in this blog.

Virtual cryptocurrency financial technology and internet money exchange rates and coin signs

Market cap is an authentic organization that has listed the most undervalued cryptocurrencies which will be dealt with in this article.

As per Market cap, Fusion (FSN) is one of the most undervalued cryptocurrencies. The price of the token remains always high and it is estimated that the value of this will rapidly increase from 20x to even more. Fusion is now a bit easy for buyers to share in their ticketed-proof-of-stake ecosystem through Amazon Web Servers or Google Compute Engine.

All-Time-High: USD 9.39

Market Cap: $25,284,145 USD

All-Time-Low:USD 0.090

Bitcoin was one of the digital assets very promising and is good to invest in. It is a strange fact that the person who identified this digital asset is yet to be known, but the community is still growing day by day. Bitcoin can be popularly known as programmable money in the digital world.

All-Time-High: $19,870.62 USD

Market Cap: $150,775,185,969 USD

All-Time-Low: $0.010 USD

Ethereum is popularly known as a programmable blockchain. And this was released by Vitalik Buterin in 2013 when his scripting language to enable decentralized applications (dApps) did not attract the Bitcoin community.

This functions with a new crowdfunding mechanism popularly known as Initial Coin Offering (ICO). Ethereum helps in bringing out Block chain 2.0 which helps in the usage of blockchain technology beyond the finance sector.

All-Time-High: $1,448.18 USD

Market Cap: $19,949,805,779 USD

All-Time-Low: $0.15 USD

Cardano sets its project as a Smart Contract platform, distinguishing by providing more advanced features. Introduced by Charles Hoskinson, Cardano is a team of technically advanced minds from different backgrounds. As Ethereum it uses a blockchain concept for making its token value remain highest all time. So, Cardano is popularly called as blockchain 3.0.

All-Time-High: $1.18 USD

Market Cap: $1,056,868,964 USD

All-Time-Low: 0.00 USD

EOS is known as the highly scalable and cost-efficient smart contract platform. It was launched by Dan Larimer, a very knowledgeable person who created Delegated Proof-of-Stake (DPoS) the consensus protocol of EOS. It has been described as a decentralized operating system capable of running enterprise-grade and industrial-grade decentralized applications.

All-Time-High: $19.35 USD

Market Cap: $2,986,208,298 USD USD

Read the original here:
What are the 5 most undervalued cryptocurrencies right now? A look - Stanford Arts Review

Hong Kong, Sept. 21, 2020 (GLOBE NEWSWIRE) -- CryptoLocally, the leading non-custodial peer-to-peer crypto trading platform, is excited to announce today its deep technology partnership with the decentralised token swap protocol Swingby Skybridge.

Limitations on Bitcoins composability have historically made it difficult to use it in the smart contracts that power peer-to-peer exchange platforms and instead require traders to swap the native coin for a wrapped version elsewhere, such as on a CEX, before moving it to a smart contract powered service like CryptoLocally often adding in extra fees, custody risk, and KYC requirements.

The partnership with Swingby will enable traders to send native Bitcoins through Cryptolocally. Incoming native Bitcoins will be routed through Swingbys trustless Bitcoin to Binance-chain bridge SkyBridge, allowing for the BEP2 1:1 pegged assets to be used within the platforms escrow smart contract. This will remove the need for third party custody exchanges and enable a long awaited feature for the CryptoLocally community that currently transact over $350k USD per month on the platform.

Swingbys advanced threshold-signature and MPC technology will enable the Cryptolocally to support the most liquid digital assets in the world, including Bitcoin, the $200 Billion market cap asset. CryptoLocally Co-Founder and chief engineer Jae Chung described the Swingby Skybridge as the missing piece needed in order to achieve the goal of offering even more token variety for trading, adding, Swingby's Skybridge matches CryptoLocally's mantra perfectly fast and non-custodial. We're very excited to bring this partnership to life and improve the trading experience for our users.

Internal estimates predict that the addition of the native Bitcoin chain to the platform could conservatively triple the monthly trading volumes sending them over $1m USD per month.

We see ourselves as the enablers of DeFi. Bridging together decentralised protocols and bringing the most liquid digital asset in the world, Bitcoin, into the ecosystem is our main mission. Our partnership with Cryptolocally is a great step in that direction and we are really excited to begin working with their team. By providing a trustless bridge between native Bitcoin and Binance-chain for each trade, the Swingby protocol can expect to process a few million dollars a month in baseline transaction volume and bring those volumes to our node stakers, whilst also facilitating more Bitcoin adoption on the CryptoLocally platform. said Yusaku Senga, the founder and CEO of Swingby, adding Once we have fully integrated our new groundbreaking one-round signing cryptography, and integrate Lighting Network in 2021, peer-to-peer trade times could be reduced to minutes or even seconds, giving the CryptoLocally platform a huge competitive advantage in the space.

About CryptoLocally

CryptoLocally is a leading P2P cryptocurrency trading platform. Our platform is non-custodial and uses a smart contracts escrow to provide additional security to users. Throughout the trading process no third party, including CryptoLocally, will have full control of the users crypto assets. That way, CryptoLocally remains a truly decentralised trading platform.

The platformrecently released a DeFi feature that allows users to earn interest on ETH, DAI, USDT, USDC, and GIV, our native token. Integrating the trading platform with DeFi capabilities and designing both to be easy to use have turned CryptoLocally into a viable pathway to financial inclusion for the 1.7 billion people still living without access to financial services. CryptoLocally recently closed a private sale of our native token, GIV. Investors included FTX, IOSG Ventures, NGC Ventures, Genesis Block, and One Block Capital. The GIV public sale will be held soon.

About Swingby

Swingby Labs was launched in Singapore in 2018 by a group of crypto enthusiasts joining forces to make the tools to connect Bitcoin with other blockchains.

Swingbys bridge protocol, Skybridge, builds trustless bridges between BTC, Ethereum, Binance Chain and other blockchains secured by a network of nodes that execute fast token swaps using layer 2 multi-party computing technology.

Skybridge allows users to move Bitcoin tokens between the Bitcoin, Ethereum, and Binance Chain blockchains without relying on a central custodian, opening up a world of DeFi capabilities such as liquidity pooling and trading with easy to use UX. Users can swap their coins across chains using self-custody wallets and there's no logins or KYC.

The Skybridge testnet bridge has transacted over $14 Billion in testnet BTC capital between the Bitcoin and Binance Chain blockchains, and its decentralized technology has been fully battle tested in live high volume environments.

In early 2021, Swingby plans to launch its Ethereum MainNet, bridging Bitcoin capital to an ecosystem which already has over $750MM in Bitcoin capital locked up in DeFi contracts. Building on exciting partnerships with projects such as Elrond, Waves and Kira Network, Swingby aims to expand reach to more projects, adding support where the most value can be added.

The documentation pages for Skybridge, which offer a deeper dive into the technical aspects of the protocol, are located here.

Media Contact Information:Dan, Email: dan@rocketbc.comCryptoLocallyWebsite:https://cryptolocally.com/en

More:
CryptoLocally Partners With Swingby to Bring Native Bitcoin P2P Trading - GlobeNewswire

John Izaguirre, the Business Director, Europe at Ontology, a high-performance or high-throughput blockchain platform, believes that privacy is a basic human right.

Izaguiree notes that data is becoming a very important topic for both individuals and companies. However, he believes that the Internet is still a relatively new technology and that were still learning how to use it effectively and responsibly.

Izaguiree, a graduate from San Francisco State University, points out during a recent podcast that if we look at human history and the achievements [weve made] lets say over the last 500 years[and you compare that to how long the Internet has been around,] then [you realize] its a very young technology.

He added:

Were still trying to learn how to utilize the Internet. On top of the internet, as a technology, its a tool over which several layers have been built over these last 20 years.

He continued:

One of these layers has been the communication technology layers that we now know as social media platformsthese platforms are not the evil corporations that we tend to believe they are. Even though what theyve done in the past isnt the most [appropriate] thing to do or the [morally right] thing to do. I also dont think they have a [special] agenda [where theyre trying to take advantage] of peoples data.

He believes the European Union has done a fairly good job when it comes to promoting the GDPR laws. However, he still thinks effective or proper user data management is still in its early stages just like the Internet.

He adds:

When it comes down to blockchain, cryptography, smart contracts, these technologies are helping with preserving the individuals data and educating societies on how to protect their own data. In terms of technology development, I think what blockchain has achieved in this regard in the last two years is remarkable. [But] were still trying to figure out how to [further] educate people and make people [feel] accountable for their own data.

The Ontology team has been working on various data management solutions that leverage blockchain or distributed ledger (DLT) technology. Recently, Ontology introduced a self-sovereign credit evaluation system, called OScore. Its based on user data that resides on the Ontology blockchain network.

As explained in a blog post by Ontology:

With full integration of ONT ID, Ontologys decentralized identity framework, OScore supports cross-chain interaction and verifiable credentials, connecting user identities with personal accounts on the Ontology blockchain, eliminating third parties from the process. Once a user authorizes their financial data, Ontologys OScore system generates a quantifiable credit score, while ensuring the users privacy is fully protected.

(Note: for more details on how OScore works, check here.)

As covered recently, Ontologys native ONT and ONG tokens may now be swapped to eONT, eONG on Ethereum. Theyre also listed on Uniswap, a leading decentralized ERC-20 token exchange.

Open Banking style benefits are now also available to Ontology Users, after its integration with Fintech Plaid. As reported, more than 6 million decentralized application or dApp related transactions have now been recorded on the Ontology blockchain since its genesis (or first) block was produced.

Go here to read the rest:
Blockchain, Cryptography, Smart Contracts are All Technologies that Allow Us to Effectively Manage Our Data, According to John Izaguirre from Ontology...

Bitcoin is the first digital currency that has gained a lot of attention from people across the world. The whole bitcoin system relied on blockchain technology that has caused a significant change in the world of cryptocurrencies. A mysterious entity that is known to be genius because of introducing the original whitepaperof the bitcoin system has changed the economy's system.

With the invention of blockchain technology, it has gained popularity, and hundreds of startups and businesses have started using blockchain technology. This technology is being used in almost all industries, from the sports betting industry to real estate. This helps in maintaining the transparency of operations and improves efficiency. The big sectors that used blockchain technology are introducing new features by modifying their system. To start trading in bitcoins you can visit Bitcoin Freedom.

The bitcoins are the simple coins that are not present in physical form and exist only digitally. This is the reason why bitcoins, along with other cryptocurrencies, are referred to as digital currencies. It doesn't matter whether you are a beginner or an experienced one; if you are new to the world of bitcoins, you need to learn many things.

Why was bitcoin invented, and how does it work?

Every industry in this world consists of three types of people that are producers, consumers, and middlemen. The middlemen play a significant role in the producer's money. It is essential to understand the reason behind creating the bitcoin. Satoshi Nakamoto created the bitcoins to eliminate the middlemen, which are the banks.

To transfer the money, one individual needs to go to the bank to transfer the funds where they charge transaction fees. The other individual who withdrew the money is also charged the fee. It is not only about the fee but also the personal data that banks store. Because of keeping all the personal information of customers, many hacking reports have been recorded. This lead to the invention of bitcoin, and one must understand the working of it.

Banks used to block the account of people anytime they want, and this leads to having full control over people's money. The only solution to avoid the financial crisis was to create a currency that doesnt involve financial institutions. Bitcoin is a decentralized currency; decentralized currency means there is no authority provided to a central authority or financial institutions. No one has control over the money of the people.

How does the bitcoin works?

Satoshi Nakamoto created some main concepts of bitcoin that make it easy to understand the concepts of bitcoin. Those concepts include supply and demand, cryptography, and decentralized networks. Let us know these concepts in brief:

Cryptography

Cryptography converts the messages into code that makes it difficult to read by everyone. To understand and read the messages, that code needs to be converted back into the original message. To convert back, a key is required. Bitcoins used cryptography to convert the transaction data, and that data can only be read or understand by the bitcoin wallet owner that has that private key.

Supply and demand

There are 21 million bitcoins created in the world, and when a certain thing is limited, its value increases and decreases by knowing its demand. Bitcoin uses the concept of supply and demand because its supply is limited to 21 million coins. If more people are demanding it, trading in it, and investing in it, its price will rise. If people fear of the unpredictable market of the bitcoin and dont invest in it, its price will decrease according to the demand.

Decentralizednetworks

Before you understand the working of bitcoin, you need to learn what is a decentralized network. For instance, Google has a decentralized network, which means everyone can see the data because it is visible everywhere and is not limited to a specific place. Bitcoins are a decentralized network, these are available across the world, and anyone can start investing in bitcoins. Bitcoin uses the decentralized network; the database of bitcoin is shared. The database of bitcoin that is shared called a distributed ledger. This ledger can be accessed by using the technology on which the bitcoin works "blockchain" technology.

View post:
What is a bitcoin, why was it invented, and how does it work? - Siliconindia.com

TEL AVIV, Israel, Sept. 16, 2020 /PRNewswire/ --QEDIT, a Privacy-Enhancing Technology provider, has announced its participation in a $12.6 million USD government-funded research project, geared towards harnessing advanced cryptography to preserve the integrity of complex software programs.

Funded by the Defense Advanced Research Projects Agency (DARPA), the $12.6 million contract was awarded to R&D specialist firm Galois to lead Project Fromager, with QEDIT being awarded $2 million of the funding allocation. Project Fromager is one of 12 projects being funded in conjunction with DARPA's Securing Information for Encrypted Verification and Evaluation (SIEVE) program, which aims to use Zero-Knowledge Proofs (ZKPs) to enable the verification of capabilities relevant to the Department of Defense without revealing the sensitive details associated with those capabilities.

The SIEVE program also seeks to advance the performance and efficiency of ZKPs and broaden the accessibility of ZKP technology to new swathes of platform-agnostic developers.

Jonathan Rouach, CEO and Co-Founder of QEDIT, said, "QEDIT is delighted to partner with Galois and other esteemed academic institutions aspart of this landmark research project on behalf of DARPA. This project underlines the pronounced value of ZKP cryptography as a means of delivering a new, more powerful standard of privacy at the highest levels of industry and government. We are proud to accelerate the global deployment of ZKPs for practical applications."

Project Fromager is expected to run through to 2024, and aims to use ZKPs to swiftly test the integrity of complex software programs to ensure that the code has not been compromised. It will be spearheaded by Galois, and will also leverage the academic resources of Denmark's Aarhus University, New York's Columbia University, and Belgium's Ku Leuven University.

Dr. Alex Malozemoff, Principal Researcher at Galois, said, "We at Galois are constantly striving to close the gap between research and real-world deployment. The current state of Zero-Knowledge Proof technology is right at this point. While Zero-Knowledge Proofs have seen wide deployment in cryptocurrencies, more general approaches are just now beginning to be seen as viable in commercial and governmental settings. We are excited to team up with QEDIT: their industry experience, alongside being leaders in the standardization effort around zero-knowledge, is invaluable to the maturation of these technologies."

QEDIT offers a suite of enterprise solutions based on ZKP cryptography and other privacy-enhancing techniques to help businesses mitigate risk and stay competitive through privacy-compliant, cross-organizational data collaboration. The company provides a platform that facilitates fraud detection between insurance competitors, intelligence-sharing among banks to identify financial crime, as well as more streamlined and efficient identity and certification management processes.

Aviv Zohar, QEDIT Chief Scientist and Co-Founder said, "Research is deeply ingrained in the fabric of QEDIT's DNA and our ongoing work with the global ZKProof standardization initiative is a measure of this. Project Fromager represents a tremendous opportunity to bolster our credentials as the standard-setter for ZKP solutions, but it's also a platform to explore the potential use of QEDIT's zkInterface, which is currently under review for standardization at ZKProof, to facilitate interoperability between solutions developed by various SIEVE teams. QEDIT's team of seasoned cryptographers and advisors have broad theoretical and practical experience when it comes to developing efficient ZKP systems and we can't wait to get started."

For more information, visithttps://qed-it.com/

About QEDIT

QEDIT helps enterprises leverage third-party data through the use of privacy-enhancing technologies (PET). Founded by a world-class team of accomplished entrepreneurs, researchers, and developers, QEDIT empowers businesses by enabling them to safely share intelligence, without relinquishing data ownership and without violating local data privacy regulations.Through the use of Zero-Knowledge Proof (ZKP) cryptography and other cutting-edge, cryptographically-secure techniques, QEDIT's suite of enterprise solutions removes data-driven barriers to industry-wide privacy challenges in the fields of finance, supply chain, insurance, and human resources. For more information, visithttps://qed-it.com.

This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Contract No. HR001120C0085. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Defense Advanced Research Projects Agency (DARPA).Distribution Statement "A" (Approved for Public Release, Distribution Unlimited)

SOURCE QEDIT

See the original post here:
QEDIT Joins Forces with Galois as Part of US Government-Funded Initiative to Advance Zero-Knowledge Proof Cryptography - PRNewswire