Category Archives: Encryption

Privacy Tools: The Best Encrypted Messaging Programs

Posted on by

98 Twitter Facebook Email

A new ranking of popular encrypted messaging programs finds the ones that are most effective at protecting users' privacy.

A new ranking of popular encrypted messaging programs finds the ones that are most effective at protecting users privacy.

by Julia Angwin ProPublica, Nov. 4, 2014, 9 a.m.

Enable Social Reading

Ever since former National Security Agency consultant Edward Snowden revealed mass governmental surveillance, my inbox has been barraged with announcements about new encryption tools to keep people's communications safe from snooping.

This is a ranking of encrypted messaging programs based on criteria aimed to assess whether they are well designed to make the content of the messages unreadable to anybody other than the sender and recipient. But even messages that are securely encrypted often do not obscure the identities of the sender and recipient. All rankings

Source: Electronic Frontier Foundation, ProPublica, Joseph Bonneau

But it's not easy to sort out which secret messaging tools offer true security and which ones might be snake oil. So I turned to two experts Joseph Bonneau at Princeton and Peter Eckersley at the Electronic Frontier Foundation for advice about what to look for in encryption tools. Working together, we chose seven technical criteria on which to rank encryption tools.

More here:
Privacy Tools: The Best Encrypted Messaging Programs

Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption – Video

Posted on by


Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption
To get this project in ONLINE or through TRAINING Sessions, Contact:JP INFOTECH, Old No.31, New No.86, 1st Floor, 1st Avenue, Ashok Pillar, Chennai -83. Landmark: Next to Kotak Mahendra Bank.

By: jpinfotechprojects

Read more here:
Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption - Video

Hacker Lexicon: What Is Homomorphic Encryption?

Posted on by

The problem with encrypting data is that sooner or later, you have to decrypt it. Keep your cloud files cryptographically scrambled using a secret key that only you possess, and its likely no hacker will have the codebreaking resources necessary to crack them. But as soon as you want to actually do something with those filesanything from editing a word document or querying a database of financial datayou have to unlock the data and leave it vulnerable. Homomorphic encryption, a still-mostly-theoretical advancement in the science of keeping secrets, could change that.

A homomorphic encryption scheme is a crypto system that allows computations to be performed on data without decrypting it. A homomorphically encrypted search engine, for instance, could take in encrypted search terms and compare them with an encrypted index of the web. Or a homomorphically encrypted financial database stored in the cloud would allow users to ask how much money an employee earned in the second quarter of 2013. But it would accept an encrypted employee name and output an encrypted answer, avoiding the privacy problems that usually plague online services that deal with such sensitive data.

Plenty of encryption schemes allow partial homomorphic encryption; That is, they let users perform some mathematical functions on encrypted data, but not others. In 2009, however, IBM researcher Craig Gentry came up with the first fully homomorphic encryption scheme. He compared the system to one of those boxes with the gloves that are used to handle toxic chemicalsAll the manipulation happens inside the box, and the chemicals are never exposed to the outside world.

Unfortunately, Gentrys method also adds immense computational requirements to computational tasks that would be simple with unencrypted data. With his original scheme, a Google search would take about a trillion times longer using his process. He estimated that it would be a decade or more before the scheme became practically usable.

But that scheme has been slowly improving. Gentry now says that it with recent tweaks to his method, fully homomorphic encryption would multiply the computing time necessary for a function by roughly a millionhalf as many zeroes as five years ago. That puts him more or less on track with his 2009 road map. And last month, Gentry was awarded the MacArthur genius grant for his crypto research. With $625,000 in Gentrys pockets and users clamoring for better encryption in online services, practical homomorphic encryption could be unlocked in the not-so-distant future.

Hacker Lexicon is WIREDs explainer series that seeks to de-mystify the jargon of information security, surveillance and privacy.

More here:
Hacker Lexicon: What Is Homomorphic Encryption?

Revealed: the secret guide to encryption, hacking, and surveillance for governments

Posted on by

There is now great interest in the level of governmental interference that takes place into online activity. Edward Snowden told the world about what the NSA was up to and there are now numerous websites dealing with the revelation that he made. One such site is The Intercept, and it has just published the secret manuals that are supplied to governments who want to use a suite of specialist tools to monitor web users' activities.

Sub-titled "the hacking suite for governmental interception", RCS 9 (or Remote Control System) is a suite of tools from Hacking Team. The Italian security and surveillance company is responsible for providing hacking and monitoring guides and software to a list of countries including Colombia, Korea, Mexico, Nigeria, and Saudi Arabia. RCS itself is "a solution designed to evade encryption" -- the sort of encryption put in place by Google.

RCS 9 -- which goes by the name of Galileo -- is itself no secret. Hacking Team advertizes it on its web site, and there's even a suitably hackery and threatening sounding video explaining what it does. But there is a problem; RCS need to be "installed on the device to monitor". Not to worry -- there's a guide to building a software agent in the manual and details of how to deploy it via USB, email or by force. Once in place, "evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable".

While, at the moment, it seems that RCS is only sold to governments and agencies in certain parts of the world, it's certainly the sort of things that the US and the UK would be interested in. The Intercept reports that Hacking Team has made appearance at homeland security trade shows and conferences. If you like the idea of getting your hands on what amounts to commercial spyware, you're out of luck:

We also understand the potential for abuse of the surveillance technologies that we produce, and so we take a number of precautions to limit the potential for that abuse. We provide our software only to governments or government agencies. We do not sell products to individuals or private businesses.

But as we've seen from the activities of the NSA, there is great potential for governments to abuse such tools, never mind individuals. It's interesting to take a look through the RCS documentation. Despite the terrifying power of the tool, the manual has been written very much with computer novices in mind. There are even instructions about how to close a window by clicking X. But once set up, the tool can be used to record Skype calls, take screenshots, browse through calendars and contacts, record key strokes, and much more.

All readily available to a government near you, to do with just about whatever they want.

Photo credit: Naypong/ Shutterstock

More here:
Revealed: the secret guide to encryption, hacking, and surveillance for governments