Category Archives: Encryption

3 challenges in combatting encryption sprawl

Posted on by

'Now that cloud-based services are so widely used, this sprawl can only worsen'

Encryption is on everyones radar lately, and not just due to worries over government surveillance.

Ever-changing data legislation and industry regulation are driving this renewed interest, along with the obvious desires to avoid data breaches and identity theft.

Google recently announced that about 65% of the messages sent by its Gmail users are encrypted while delivered, up from 39% in December 2013.

Now, encryption is not exactly the new kid on the block. It was once the sole province of financial institutions and governments, but the Internet changed all this.

>See also:The intricacies of Bring Your Own Encryption (BYOE)

Computers that had once been safe due to their isolation were now connected and exposed.

SSL/TLS was universally adopted to protect data, and that protection has extended past the obvious applications like eCommerce to organisations IT systems.

This has resulted in not just a heightened level of security but heightened complexity and cost as well.

Read the original post:
3 challenges in combatting encryption sprawl

Dynamic encryption keeps secrets

Posted on by

2 hours ago

Professor Lars Ramkilde Knudsen from DTU Compute has invented a new way to encrypt telephone conversations that makes it very difficult to 'eavesdrop'. His invention can help to curb industrial espionage.

A method ensuring that all telephone calls are encrypted and that eavesdroppers are unable to decrypt information in order to obtain secrets. This is a brief definition of dynamic encryption, the brainchild of Professor Lars Ramkilde Knudsen from DTU. Together with telecommunications businessman Kaj Juul-Pedersen, he established the company Dencrypt, which sells dynamic encryption to businesses so they can safely exchange confidential information over the telephone.

"Today, all telephone conversations are encryptedi.e. converted into gibberishbut they are not encrypted all the way from phone to phone, and if a third party has access to one of the telephone masts through which the call passes, they can listen in," explains Lars Ramkilde Knudsen.

"And even if the conversation is encryptedin principleit is still possible to decrypt it provided you have sufficient computer power," he says. This is in no small part due to the fact that the vast majority of telecommunications operators use the same encryption algorithmthe so-called AES, the outcome of a competition launched by the US government in 1997.

"This is where my invention comes in," he says. It expands the AES algorithm with several layers which are never the same.

Dynamic encryption

"When my phone calls you up, it selects a system on which to encrypt the conversation. Technically speaking, it adds more components to the known algorithm. The next time I call you, it chooses a different system and some new components. The clever thing about it is that your phone can decrypt the information without knowing which system you have chosen. It is as if the person you are communicating with is continually changing language and yet you still understand," he says.

Because any eavesdroppers would have to decipher the encryption key and encryption methodand both are thrown away by the phone after each call and replaced by a new combinationthe conversation is extremely difficult to decrypt when dynamically encrypted. They new system can prove hugely effective in combating industrial espionage, says Lars Ramkilde Knudsen.

Is there anyone on the line?

Follow this link:
Dynamic encryption keeps secrets

Details of iOS and Android Device Encryption

Posted on by

swillden writes: There's been a lot of discussion of what, exactly, is meant by the Apple announcement about iOS8 device encryption, and the subsequent announcement by Google that Android L will enable encryption by default. Two security researchers tackled these questions in blog posts:

Matthew Green tackled iOS encryption, concluding that the change really boils down to applying the existing iOS encryption methods to more data. He also reviews the iOS approach, which uses Apple's "Secure Enclave" chip as the basis for the encryption and guesses at how it is that Apple can say it's unable to decrypt the devices. He concludes, with some clarification from a commenter, that Apple really can't (unless you use a weak password which can be brute-forced, and even then it's hard).

Nikolay Elenkov looks into the preview release of Android "L." He finds that not only has Google turned encryption on by default, but appears to have incorporated hardware-based security as well, to make it impossible (or at least much more difficult) to perform brute force password searches off-device.

Go here to see the original:
Details of iOS and Android Device Encryption

Feds only have themselves to blame for Apple and Google’s smartphone encryption efforts

Posted on by

Summary: The U.S. government is crying foul over Apple and Google's efforts to bolster smartphone encryption. Because accusations that they're going "beyond the law" goes both ways.

NEW YORK For the past two weeks, federal agencies and the executive branch have launched acacophony of critique of Apple and Google for bolstering the encryption on their users' smartphones.

That, the opposition camp says, will result in drug dealers, pedophiles, identity thieves, and other violent criminals evading capture, leading to an uptick in crime. That will affect millions of Americans who each year are classified as victims of theft and robbery, violence, and sexual crimes.

Made up of the FBIand the NSA,the outgoing Attorney General Eric Holder, andmembers of Congress, they are calling for laws to be changed, and Apple and Google to face sanctions for their privacy protections.

But this was described by The Guardian's Trevor Timmas a "misleading PR offensive" to scare Americans into believing encrypted devices are a bad thing.

The federal agencies' opposition to Apple and Google's move to double-down on device security is nothing short of fearmongering.

To make matters worse, on Saturday a piece by The Washington Post's editorial board declared there must be a "compromise" on smartphone encryption, adding yet another major voice to the chorus of criticism.

The "too-long, didn't read" version is that the Post's editorial board believes that this level of security affects "relatively few cases" and is "not about mass surveillance." It adds that this "seems reasonable and not excessively intrusive."

Its solution? A "back door"for law enforcement exactly the kind of back door that Apple, Google, and other Silicon Valley technology giants denied they installed in the wake of the PRISM program's disclosure.

In a naive example of wishful thinking, the Post's board idealizes that a "kind of secure golden key" that Apple and Google would retain and would use only when a court has approved a search warrant.

See the rest here:
Feds only have themselves to blame for Apple and Google's smartphone encryption efforts

How to change a Default Certificate (SecureZIP encryption and authentication tutorial) – Video

Posted on by


How to change a Default Certificate (SecureZIP encryption and authentication tutorial)
This video will show you how to change the default certificate used during encryption and signing with our SecureZIP data security software. SecureZIP gives users encryption and authentication...

By: PKWARE

See original here:
How to change a Default Certificate (SecureZIP encryption and authentication tutorial) - Video

Microsoft takes the hassle out of Office 365 email encryption

Posted on by

When Microsoft announced message encryption for Office 365 in November, it came with a potentially annoying requirement: People receiving the encrypted messages had to be logged into a Microsoft account to view them.

That was all well and good if they were a Microsoft customer, but everyone else had to sign up for a Microsoft account before they could view their encrypted messages.

Perhaps realizing this was an inconvenience -- because, as it turns out, not everyone on Earth uses Microsoft's services -- the company has removed this requirement.

Now, recipients who don't have a Microsoft account -- or who have one but aren't logged into it -- can view their encrypted message using a one-time passcode that Microsoft will send to them via email. They'll then have 15 minutes to use the passcode to view their encrypted message.

"You can then choose to reply to the message or forward it. All responses you make will be encrypted," wrote Shobhit Sahay, an Office 365 technical product manager, in a blog post on Friday.

Office 365 Message Encryption, which replaced Exchange Hosted Encryption, went live in February and since then has been used to protect the content of more than 1 million emails, according to Sahay.

The service is included at no extra charge with the E3 and E4 editions of Office 365. It also comes bundled with the standalone version of Azure Rights Management, which costs US$2 per user/month.

Juan Carlos Perez covers enterprise communication/collaboration suites, operating systems, browsers and general technology breaking news for The IDG News Service. Follow Juan on Twitter at @JuanCPerezIDG.

Read this article:
Microsoft takes the hassle out of Office 365 email encryption