Password Encryption
Password Encryption - Creating encrypted passwords (or any strings).

By: profbillbyrne

Read this article:
Password Encryption - Video

Bitlocker Encryption in Windows 8.1 [Video]
Bitlocker Encryption in Windows 8.1 Since Windows Vista, the upper-tier editions of Windows have supported local disk encryption via a feature called BitLock...

By: George Njogu

Excerpt from:
Bitlocker Encryption in Windows 8.1 [Video] - Video

79 Twitter Facebook Email

Amendment would remove requirement that the National Institute of Standards and Technology consult with the NSA on encryption standards

Amendment would remove requirement that the National Institute of Standards and Technology consult with the NSA on encryption standards

by Justin Elliott ProPublica, May 23, 2014, 4:55 p.m.

Enable Social Reading

An amendment adopted by a House committee would, if enacted, take a step toward removing the National Security Agency from the business of meddling with encryption standards that protect security on the Internet.

As we reported with the Guardian and the New York Times last year, the NSA has for years engaged in a multi-front war on encryption, in many cases cracking the technology that is used to protect the confidentiality of intercepted communications. Part of the NSAs efforts centered on the development of encryption standards by the National Institute of Standards and Technology, which sets standards that are adopted by government and industry.

Documents provided by Edward Snowden suggest that the NSA inserted a backdoor into one popular encryption standard, prompting NIST to launch an ongoing review of all its existing standards.

The amendment adopted this week by the House Committee on Science, Space, and Technology would remove an existing requirement in the law that NIST consult with the NSA on encryption standards.

In a Dear Colleague letter, the amendments sponsor, Rep. Alan Grayson (D-FL), quoted our story on the NSA from last year.

See the rest here:
House Committee Puts NSA on Notice Over Encryption Standards

A new instant messaging application for the iPhone uses an advanced, "post quantum" encryption scheme to scramble one-on-one chats. It's intended as a bullet-proof secure alternative to WhatsApp's addictive message interface and to mobile carrier's primitive and (outside the U.S.) pricey SMS texting services.

The app's encryption randomizes the message output before transmission, so each message is unique without detectable patterns that an attacker could exploit. And PQChat keeps minimal personal information about the sender: it stores a one-way encrypted value of the user's phone number, an encrypted user-supplied nickname, and a pseudo ID image.

[ Stay ahead of advances in mobile technology with InfoWorld's Mobile Edge blog and Mobilize newsletter. ]

The free version of PQChat, from SDR Wireless Ltd., is aimed at consumers. The paid version is licensed to enterprises and offers additional features, such as QR code authentication, enterprise key management, a full audit trail of all messages, message backup and in the future secure voice and video calls.

PQChat is the first SDR product to make use of the vendor's Never-the-Same (NTS) encryption. NTS itself is based on the asymmetric encryption algorithm developed in 1978 by Robert McEliece. According to SDR, McEliece's encryption scheme has so far not been broken, even using the emerging techniques of quantum computing. As a result the McEliece algorithm is considered a "post quantum" (the "PQ" in PQChat) encryption scheme.

Without going into the mathematical depths of McEliece's work, he figured out a way to create a public/private encryption key system that is prohibitively costly -- in computational time -- to break. Despite that, its encryption and decryption are faster than that of algorithms such as RSA. But one major drawback is that McEliece's public and private keys are very large, so large that they've been rarely used commercially.

SRD Wireless has at least two patents for improving McEliece's system, including one that makes these keys smaller without compromising security.

PQChat uses the XMPP protocol, originally designed for desktop IM, transmitted via VoIP, to improve message reliability and handling, says Andersen Cheng, SRD's CEO. The McEliece-based NTS encryption scrambles the message contents on the device, using the recipient's public key, which is available from the PQChat server. But the server has no knowledge of what's being sent, and can't unscramble the contents. The message is deleted after delivery to the recipient, who is the only person who can decipher, using his private key.

PQChat uses unique form of authentication, which the vendor dubs "man-at-the-end" or MATE. MATE generates a unique cryptographic representation a number -- of a user's public key. Then a user records a video of himself, reciting that number. According to SRD, this approach does away with the need for a third-party Certificate Authority.

PQChat is available now via the Apple App Store, and will release an Android version shortly. More information is available at the PQChat website.

See the article here:
New iOS app secures IM with 'post quantum' encryption

Using SMTP with the Brother MFC and Protected Trust email encryption
Protected Trust brings to the market the synergy between several products and services focused on just one thing -- risk management for a company #39;s digital assets. Protected Trust combines...

By: protectedtrust

See original here:
Using SMTP with the Brother MFC and Protected Trust email encryption - Video

A new instant messaging application for the iPhone uses an advanced, "post quantum" encryption scheme to scramble one-on-one chats. It's intended as a bullet-proof secure alternative to WhatsApp's addictive message interface and to mobile carrier's primitive and (outside the U.S.) pricey SMS texting services.

The app's encryption randomizes the message output before transmission, so each message is unique without detectable patterns that an attacker could exploit. And PQChat keeps minimal personal information about the sender: it stores a one-way encrypted value of the user's phone number, an encrypted user-supplied nickname, and a pseudo ID image.

The free version of PQChat, from SDR Wireless Ltd., is aimed at consumers. The paid version is licensed to enterprises and offers additional features, such as QR code authentication, enterprise key management, a full audit trail of all messages, message backup and in the future secure voice and video calls.

PQChat is the first SDR product to make use of the vendor's Never-the-Same (NTS) encryption. NTS itself is based on the asymmetric encryption algorithm developed in 1978 by Robert McEliece. According to SDR, McEliece's encryption scheme has so far not been broken, even using the emerging techniques of quantum computing. As a result the McEliece algorithm is considered a "post quantum" (the "PQ" in PQChat) encryption scheme.

Without going into the mathematical depths of McEliece's work, he figured out a way to create a public/private encryption key system that is prohibitively costly - in computational time - to break. Despite that, its encryption and decryption are faster than that of algorithms such as RSA. But one major drawback is that McEliece's public and private keys are very large, so large that they've been rarely used commercially.

SRD Wireless has at least two patents for improving McEliece's system, including one that makes these keys smaller without compromising security.

PQChat uses the XMPP protocol, originally designed for desktop IM, transmitted via VoIP, to improve message reliability and handling, says Andersen Cheng, SRD's CEO. The McEliece-based NTS encryption scrambles the message contents on the device, using the recipient's public key, which is available from the PQChat server. But the server has no knowledge of what's being sent, and can't unscramble the contents. The message is deleted after delivery to the recipient, who is the only person who can decipher, using his private key.

PQChat uses unique form of authentication, which the vendor dubs "man-at-the-end" or MATE. MATE generates a unique cryptographic representation a number -- of a user's public key. Then a user records a video of himself, reciting that number. According to SRD, this approach does away with the need for a third-party Certificate Authority.

PQChat is available now via the Apple App Store, and will release an Android version shortly. More information is available at the PQChat website.

John Cox covers wireless networking and mobile computing for Network World.Twitter: http://twitter.com/johnwcoxnwwEmail: john_cox@nww.com

Link:
New iOS app secures IM traffic with 'post quantum' encryption scheme

Various instant messaging services are on the verge of blocking unencrypted chat messages thanks to the roll out of a XMPP upgrade that has been in the pipeline for some time.

The XMPP Standard Foundation confirmed that the 70 services that are part of the public XMPP network turned on mandatory encryption for client-to-server and server-to-server connections.

"Today, a large number of services on the public XMPP network permanently turned on mandatory encryption for client-to-server and server-to-server connections. This is the first step toward making the XMPP network more secure for all users",Peter Saint-Andre, the technologist behind the initiative, toldThe Register.

XMPP was first used by the Jabber instant messaging service and is now implemented, in part, by almost all of the worlds popular IM services, and one signatory company, Prosodical, admitted that the pledge was a prerequisite for other security changes to take place.

"While XMPP is an open distributed network, obviously no single entity can mandate encryption for the whole network -- but as a group we are moving in the right direction", stated a companyblog post. "This commitment to encrypted connections is only the first step toward more secure communication using XMPP, and does not obviate the need for technologies supporting end-to-end encryption such as Off-the-Record Messaging, strong authentication, channel binding, secure DNS, server identity checking, and secure service delegation".

A similar initiative entitled Reset the Net is also moving in a similar direction as the coalition of privacy groups looks to persuade further implementation of SSL, HTTP Strict Transport Security [HSTS], Perfect Forward Secrecy [PFS] and end-to-end encryption.

The movement in the direction of mandatory encryption has been rolling along ever since widespread National Security Agency (NSA) snooping and spying was revealed by renowned whistleblower Edward Snowden.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: Maksim Kabakou/Shutterstock

View original post here:
XMPP-based instant messaging services embrace encryption

Winter School: Advanced symmetric primitives - Thomas Ristenpart
Advanced symmetric primitives, a lecture by Thomas Ristenpart. The topic of the 4th Annual Bar-Ilan Winter School on Cryptography held in January 2014, was Symmetric Encryption in Theory and...

By: barilanuniversity

Originally posted here:
Winter School: Advanced symmetric primitives - Thomas Ristenpart - Video

Many users of XMPP (Extensible Messaging and Presence Protocolformerly Jabber) chat services are going to be more secure starting this week. The XMPP Standards Foundation announced that a large number of services using the public XMPP chat network began making encrypted connections mandatory on Monday.

The new encryption effort is largely focused on communication between XMPP servers. Many chat clients already use encrypted connections to communicate, so this move is largely about making the back end of XMPP services more secure, Ralph Meijer, an XMPP Standards Foundation board member, told PCWorld.

The move to making encryption a requirement across many XMPP servers is all too important after theongoing Snowden revelationsrevealed the NSA was passively monitoring data flows within the internal networks of major corporations such as Google and Yahoo.

Server-to-server TLS encryption will make this kind of monitoring of XMPP-based chats far more difficult.

The effort to encrypt connections for XMPP services has been months in the making after Peter Saint-Andre, who runs jabber.org, published a manifesto in October calling for wide adoption of encrypted connections for XMPP services.

Entitled, "A Public Statement Regarding Ubiquitous Encryption on the XMPP Network," the document calls for XMPP operators and developers to start requiring Transport Layer Security (TLS) connections as of Monday, May 19, 2014.

In XMPP circles, May 19 is dubbed Open Discussion Day, which is meant to promote open communications systems and protocols such as XMPP.

TLS is a commonly used protocol for securing web communications. Recently, the Heartbleed bug in the implementation of SSL/TLS by the OpenSSL Foundation made millions of websites vulenerable to attack. TLS itself, however, is still seen as secure.

It's not clear exactly how many services are using TLS connections since XMPP is an open standard that requires voluntary compliance with the encryption effort. Nevertheless, more than 70 XMPP service operators and software developers have signed on to support the call to require TLS.

Notable supporters include the lead developer of Adium, a popular chat client for OS X; Jeremie Miller, the creator of Jabber; and the creator of ChatSecure for Android (formerly Gibberbot).

See original here:
70-plus XMPP messaging services now securing chats with TLS encryption

Ian Paul | May 21, 2014

The XMPP Standards Foundation on Monday marked the first day that a large number of XMPP services will require encrypted connections by default.

If you're having trouble connecting to an XMPP (Extensible Messaging and Presence Protocol--formerly Jabber) service this week, you may need to upgrade your chat client. The XMPP Standards Foundation announced that a large number of services using the public XMPP chat network began making encrypted connections mandatory on Monday.

The move to making encryption a requirement across many XMPP services is aimed at preventing private chats from falling into the hands of governments or other parties monitoring unencrypted connections--an issue that has become all too relevant in light of the ongoing Snowden revelations.

The new encryption effort only protects communication between chat clients and XMPP servers. It does not offer so-called end-to-end encryption, where chats are encrypted on the sender's device and can only be decrypted on the recipient's.

The effort to encrypt connections for XMPP has been months in the making after Peter Saint-Andre, who runs jabber.org, published a manifesto in October calling for wide adoption of encrypted connections for XMPP services.

Entitled, "A Public Statement Regarding Ubiquitous Encryption on the XMPP Network," the document calls for XMPP operators and developers to start requiring Transport Layer Security (TLS) connections as of Monday, May 19, 2014.

In XMPP circles, May 19 is dubbed Open Discussion Day, which is meant to promote open communications systems and protocols such as XMPP.

TLS is a commonly used protocol for securing web communications. Recently, the Heartbleed bug in the implementation of SSL/TLS by the OpenSSL Foundation made millions of websites vulenerable to attack. TLS itself, however, is still seen as secure.

It's not clear exactly how many services are using TLS connections since XMPP is an open standard that requires voluntary compliance with the encryption effort. Nevertheless, more than 70 XMPP service operators and software developers have signed on to support the call to require TLS.

View original post here:
70-plus messaging services and XMPP software clients begin requiring TLS encryption