« First...102030...1,6851,6861,6871,6881,689...1,7001,7101,720...Last »

Edward Snowden’s Haven app uses your phone to detect intruders

Posted on by

Given the need for some journalists to protect their hard-won information, it's no surprise that Haven may see use as a means to keep shady interlopers from PCs and laptops containing sensitive data. The Intercept's Micah Lee helped develop the app, and described how it could be used to deal with so-called "evil maid" attacks, in which an attacker attempts to physically tamper with a machine in order to compromise it.

"Here's how Haven might work," he writes. "You lock your laptop in a hotel safe not a secure move on its own and place your Haven phone on top of it. If someone opens the safe while you're away, the phone's light meter might detect a change in lighting, its microphone might hear the safe open (and even the attacker speak), its accelerometer might detect motion if the attacker moves the laptop, and its camera might even capture a snapshot of the attacker's face."

Haven won't necessarily protect such attacks from being carried out, but the app can be configured to send notifications and recordings via text message and Signal (for end-to-end encryption) when the phone's sensors detect something out of the ordinary. And even in cases where the phone itself doesn't have network access and can't fire off those warnings -- say, if the phone doesn't have a SIM card or isn't connected to WiFi -- every event that triggers an alert is logged locally on the phone. That way, the machine's owner will still be able to tell that an unauthorized actor may have had access to it.

Of course, Haven could and should see use outside of those very specific scenarios. Guardian Project founder Nate Freitas calls Haven "the most powerful, secure and private baby monitor system ever," and it's not hard to imagine leaving a spare room in a room with a child to relay every anguished crying jag to parents. None of the data captured by Haven is relayed to third-party servers, so parents and paranoiacs can rest easier knowing they're in full control of this highly personal data. Meanwhile, Wired reports that Haven provided peace of mind to some 60 social activists in Colombia, a country that has seen more than 100 activists assassinated in the past year alone according to a recent UN report.

Go here to read the rest:
Edward Snowden's Haven app uses your phone to detect intruders

The Bitcoin Boom: In Code We Trust – The New York Times

Posted on by

Photo Credit Andrea Chronopoulos

You dont need brilliant financial analysis skills to notice that Bitcoin is in a bubble. It has grown in value from about 39 cents to over $18,000 in just eight years and recently attracted broad media attention by doubling in just a few days. The conventional wisdom had been that illegal and illicit transactions buying drugs or transferring money out of Argentina accounted for much of Bitcoins value. Today the mainstream view sees mere greed and speculation.

Yet as Bitcoin continues to grow, theres reason to think something deeper and more important is going on. Bitcoins rise may reflect, for better or worse, a monumental transfer of social trust: away from human institutions backed by government and to systems reliant on well-tested computer code. It is a trend that transcends finance: In our fear of human error, we are putting an increasingly deep faith in technology.

Bitcoin may be in a bubble, but not all bubbles are created equal. Some are shimmering nothings, reflecting little more than an underlying pyramid scheme. But others are like ocean swells that could become enormous waves. Consider the tech stocks of the late 1990s a bubble, to be sure, but in retrospect, was Amazon really overvalued?

What gives the Bitcoin bubble significance is that, like 90s tech, it is part of something much larger than itself. More and more we are losing faith in humans and depending instead on machines. The transformation is more obvious outside of finance. We trust in computers to fly airplanes, help surgeons cut into our bodies and simplify daily tasks, like finding our way home. In this respect, finance is actually behind: Where we no longer feel we can trust people, we let computer code take over.

Bitcoin is part of this trend. It was, after all, a carnival of human errors and misfeasance that inspired the invention of Bitcoin in 2009, namely, the financial crisis. Banks backed by economically powerful nations had been the symbol of financial trustworthiness, the gold standard in the post-gold era. But they revealed themselves as reckless, drunk on other peoples money, holding extraordinarily complex assets premised on a web of promises that were often mutually incompatible. To a computer programmer, the financial system still looks a lot like untested code with weak debugging that puts way too much faith in the idea that humans will behave properly. As with any bad software, it can be expected to crash when conditions change.

We might add that major governments the issuers of currency, the guarantors of banks and enforcers of contracts do not always inspire confidence. Governments can be tempted to print money recklessly or seize wealth brazenly from their citizens Venezuelan hyperinflation and Indian demonetization are recent examples. But even the most trusted governments can be dubious. Europe, riddled by internal struggles among states, is still in shock about the planned departure of Britain from the European Union. China is a secretive authoritarian state that can lash out against its citizens and rivals when it feels insecure. The United States, perhaps the main guarantor of world solvency, is some $20 trillion in debt, constantly on the verge of default and headed by a serial bankruptee who prizes unpredictability. It is little wonder that the worlds citizens might be looking for alternatives.

See the original post here:

The Bitcoin Boom: In Code We Trust - The New York Times

Dont Reauthorize NSA Spying in a Must-Pass Funding Bill …

Posted on by

The next two weeks will be a flurry of activity in Congress. Before they can leave for the holidays, our government mustat minimumpass at least one bill to keep the government running and also decide what to do about a controversial NSA spying authority called Section 702. Some legislators want to reauthorize Section 702, without meaningful reform, by attaching it to must-pass spending legislation. This is a terrible idea. The legislative process surrounding Section 702 already lacks necessary transparency and deliberation.

The new legislative stratagem gets complicated very quickly. Heres what you need to know.

On December 8th, Congress passed a temporary funding bill, or a Continuing Resolution (CR) to keep the government running until December 22. To prevent a government shutdown, Congress must either pass another CR by the new deadline, or ideally, finish writing the final funding bill for the rest of Fiscal Year 2018. This final funding bill is known as the omnibus.

Even though the Republican Party controls the House, the Senate,and the White House, GOP leadership has struggled to find enough consensus among their members to pass the omnibus. Instead, the government is limping along with a series of short-term CRs while avoiding hard decisions on longer term funding priorities. This constant negotiation on funding between the White House and Congressional leaders from both parties means that there is less time to negotiate other issues, like necessary reforms on Section 702 NSA spying program, which is scheduled to sunset at the end of this month.

Faced with multiple looming deadlines, legislators may be tempted to include Section 702 reauthorization in one of the funding bills. The allure of killing two (or more) birds with one stone often becomes overwhelming this time of year. Instead of taking the time to negotiate and navigate multiple difficult votes on various contentious bills, leadership finds it easier to find a majority only once.

After consulting with the various Chairmen of Committees of jurisdiction (in this case, the Intelligence and Judiciary Committees), Congressional leadership, along with the White House, will decide what will help them get the votes they need.

For example, a member who is not inclined to support a spending bill on its own may decide to vote yes on a spending bill that includes language to prohibit the NSAs controversial about searching. Of course, the reverse can also be true, which is why such discussions will happen behind closed doors.

Yes and no. Individual members or groups of members (often called Caucuses) would have to tell their leadership that they would not vote for any spending package that contains language they dont like. If the numbers work in their favor, and leadership believes them, this will keep the language out of the bill.

However, leadership may choose to call the members bluff. If the language is added over members objections, the members can still vote no on the whole bill. But that could cause the bill to fail and shut down the government. Government shutdowns are highly disruptive to many people, and thus politically risky. The members and the leadership take that into consideration. Its a high-risk game of chickenwith very real and long-term consequences.

Practically speaking, no. All the language in the CR is carefully negotiated behind closed doors, so leadership does not usually allow any amendments in case something accidentally passes that would cost them votes.

Once again, practically speaking, no.

In theory, no spending bill CR or omnibus should contain language that isnt related to funding the government. Of course, how we fund the government often has policy implications, which is why these bills are often so contentious and so tightly negotiated. For example, earlier this year Rep. Kevin Yoder (R-KS) sponsored language in a funding bill that would prevent law enforcement from using any taxpayer dollars to seize cloud-hosted documents (email, photos, etc) without a warrant. In practice, the policy impact of this language would have been quite similar to the Email Privacy Commutations Act, but Rep. Yoders language actually only prohibits funding these actions. Adding language that has nothing to do with government funding at all, like reauthorization of the Section 702 program, does happen, but it is rare.

A CR is even less appropriate than an omnibus as a vehicle to make new policy. As it is designed only to be a temporary, short-term measure, a CR is theoretically only a continuation of current funding levels, with no major funding changes and no major policy changes. In practice, this rule gets waived (at the discretion of the leadership), especially when pushed up against a deadline and when the added language brings in needed votes.

Follow us on Twitter!

In normal circumstances, all legislation is supposed to be public for at least a day before Congress votes on it. Unfortunately, these are not normal circumstances.

When there is a difficult, tightly negotiated bill and a looming deadline (like with both the CR and Section 702 reauthorization), the House of Representatives may enact something called martial law, allowing leadership to move quickly through debate and final passage as soon as they have an agreement - before the media or the public have an opportunity to comment.

EFF is in constant communication with members interested in reforming Section 702, and were fighting alongside them to make sure Section 702 reauthorization does not sneak through in the dead of night. Well make sure to let you know when we know!

No! While the legislative calendar may pose a challenge, it is completely unacceptable for Congressional leadership to shove Section 702 reauthorization into an end-of-year funding bill. This program invades the privacy of an untold number of Americans. Before it can be reauthorized, Congress must undertake a transparent and deliberative process to consider the impact this NSA surveillance has on Americans privacy.

It is troubling that a secretive NSA surveillance program may be reauthorized in a secret legislative backroom deal. But this program is too important to be hidden in a big funding bill, and members shouldnt be forced to choose between shutting down the federal government or violating the Fourth Amendment.

See the original post here:
Dont Reauthorize NSA Spying in a Must-Pass Funding Bill ...

WikiLeaks recognised as a ‘media organisation’ by UK tribunal

Posted on by

A British tribunal has recognised Julian Assanges WikiLeaks as a media organisation, a point of contention with the United States, which is seeking to prosecute him and disputes his journalistic credentials.

The issue of whether Assange is a journalist and publisher would almost certainly be one of the main battlegrounds in the event of the US seeking his extradition from the UK.

The definition of WikiLeaks by the information tribunal, which is roughly equivalent to a court, could help Assanges defence against extradition on press freedom grounds.

The US has been considering prosecution of Assange since 2010 when WikiLeaks published hundreds of thousands of confidential US defence and diplomatic documents. US attorney general Jeff Sessions said in April this year that the arrest of Assange is a priority for the US.

The director of the CIA, Mike Pompeo, after leaks of emails from the US Democratic party and from Hillary Clinton, described WikiLeaks as a non-state hostile intelligence service often abetted by state actors like Russia. He added Assange is not covered by the US constitution, which protects journalists.

But the UKs information tribunal, headed by judge Andrew Bartlett QC, in a summary and ruling published on Thursday on a freedom of information case, says explicitly: WikiLeaks is a media organisation which publishes and comments upon censored or restricted official materials involving war, surveillance or corruption, which are leaked to it in a variety of different circumstances.

The comment is made under a heading that says simply: Facts.

Assange remains holed up in the Ecuadorian embassy in London where he has been granted diplomatic asylum.

The tribunals definition of WikiLeaks comes in the 21-page summary into a freedom of information case heard in London in November. An Italian journalist, Stefania Maurizi, is seeking the release of documents relating to Assange, mainly in regard to extradition, and had lodged an appeal with the tribunal.

While the tribunal dismissed her appeal, it acknowledged there issues weighing in favour of public disclosure in relation to Assange. But it added these were outweighed by a need for confidentiality on the matter of extradition.

The UK Crown Prosecution Service (CPS) and the US justice department have refused to confirm or deny whether they have discussed extradition of Assange.

Maurizi, likely to take her appeal to a higher tribunal, welcomed Bartletts acceptance of WikiLeaks as a media organisation but argued the tribunal should have gone a step further by pushing the CPS to confirm whether the US has lodged an extradition request.

If such a request were made, the UK would not be assisting the US to extradite a narco, a mafia boss, or a drug kingpin. It would being assisting the US to extradite a media publisher to prosecute him and his media organisation for their publications, she said.

The tribunal also looked at the destruction by the CPS of emails relating to Assange. It said the deletion took place when a CPS lawyer retired and it had been believed all significant case papers were collated separately from his email account.

The tribunal said: We conclude that there was nothing untoward in the deletion of the email account.

Maurizi had put in FOI requests for information relating to communications between the UK and Sweden, where prosecutors were investigating sexual assault allegations against Assange which have since been dropped. Supporters of Assange feared that if he want to Sweden, the US would seek to extradite him from there.

Maurizi also pressed for disclosure of any communications by the CPS and the US to extradite Assange directly from the UK.

Estelle Dehon, who specialises in freedom of information and who represented Maurizi at the tribunal, said that while disappointed with the overall ruling, she welcomed some of the findings.

Progress has been made because the tribunal accepted that the circumstances of the case raise issues of human rights and press freedom and also agreed that there is a significant public interest in disclosing the information, in particular to increase understanding of how the CPS handled the extradition process and its relationship with a foreign prosecuting authority, Dehon said.

Read more:
WikiLeaks recognised as a 'media organisation' by UK tribunal

SEC suspends trading of red-hot bitcoin stock – Dec. 19, 2017

Posted on by

The Securities and Exchange Commission suspended trading Tuesday of The Crypto Company until January 3, citing "concerns regarding the accuracy and adequacy of information" about compensation paid to promote the firm and plans for insider sales.

The Crytpo Company describes itself as a business that "offers a portfolio of digital assets, technologies, and consulting services to the blockchain and cryptocurrency markets" with plans for a "rollout of a full scale, high frequency cryptocurrency trading floor."

Shares of The Crypto Company (CRCW) have surged nearly 160% in the past five days, more than 1,800% in the past month and 17,000% in the past three months, as investors and traders have bid up the price of bitcoin (XBT) higher and higher.

That stunning rise has lifted the company's market value to more than $11 billion. To put that in perspective, that's higher than the market value of well-known brand name companies like Macy's (M), The New York Times (NYT) and Under Armour (UAA).

Related: Regulators worried about bitcoin euphoria

The SEC move comes shortly after The Crypto Company announced plans to split its stock 10-1 to try and push the price lower and make it more affordable for average investors.

Shares had surged to a price of $575 before the SEC suspended trading. A 10-1 split would have increased the number of total shares by a factor of ten and lowered the price to $57.50. So the value of the company would not have changed.

The Crypto Company CEO Mike Poutre said in a release about the split that the company wanted to "see orderly market activity" for the stock and added that the split was "the responsible thing to do."

He noted that many blue chip companies, including MasterCard (MA) and Apple (AAPL), have done stock splits to keep their prices more accessible to mom and pop investors.

Poutre also referred to "the euphoria" surrounding bitcoin, and added that "we want people to pay attention to the business we are building, not the hype of a stock or the cryptocurrency world."

The Crypto Company was not immediately available for comment about the SEC action.

But the SEC has taken steps lately to crack down on potential frauds and scams surrounding bitcoin and other digital currencies, particularly with initial coin offerings or ICOs. With an ICO, a company sells a digital currency or token to investors instead of stock.

Several cryptocurrency executives are nervous about the industry getting a bad reputation too.

Brad Garlinghouse, CEO of Ripple, a company that developed the Ripple XRP cryptocurrency and also works to license blockchain technology with banks, says he wants to cooperate with agencies like the SEC to weed out bad actors.

"Many of the ICOs are more frauds than real businesses. The industry needs to work with regulators and not be in the shadows," he said. "ICOs are taking advantage of grey areas in securities law. What worries me the most is some of the hype in the system."

Related: Feds crack down on fraud as bitcoin soars

Jalak Jobanputra, partner with venture capital firm FuturePerfect Ventures and an investor in cryptocurrency tech firms, agrees. She said that there is "a lot of speculation" in the crypto area and that she "welcomes scrutiny from the SEC."

Still, there are signs that investors aren't listening to these warnings.

Another small financial tech company that just went public called LongFin (LFIN) has skyrocketed from a low of $4.69 a share in the past week to a high of $142.82 after it announced it was buying a blockchain microlending company named Ziddu.com

And then there's Riot Blockchain (RIOT), a company that up until recently was a biotech firm and has decided to get into the crypto business. Its stock is up more than 300% in the past month and 1,200% this year.

Mike O'Rourke, chief market strategist with JonesTrading, wrote in a report that this reminded him clearly of the dotcom and tech stock mania of the late 1990s. That did not end well for investors chasing the most speculative of stocks.

O'Rourke pointed out that one widely hyped business-to-business software company called Commerce One went public in 1999 at $21 a share and surged to around $1,000 by the end of the year. Commerce One filed for bankruptcy five years later.

Now this is not to say that bitcoin itself is a bubble. There is a real trend towards digital payments using blockchain technology.

Related: Move over, bitcoin. Here comes litecoin

After all, many of today's tech leaders, such as Amazon (AMZN), Apple and Microsoft (MSFT), survived the dotcom crash and are now doing better than ever. But investors need to be careful and not chase tiny companies trying to ride the wave.

The talk of a future where we're all using bitcoin instead of paper currencies may be a little far-fetched too.

"Digital currencies have a role to play with reducing customer friction and increasing transaction times," said Ripple's Garlinghouse, who was a former exec at AOL and Yahoo -- which are now both owned by Verizon (VZ).

"But government-backed fiat currencies aren't going away. Banks aren't going away. The dollar still works well and is efficient," Garlinghouse added.

CNNMoney (New York) First published December 19, 2017: 12:21 PM ET

Follow this link:

SEC suspends trading of red-hot bitcoin stock - Dec. 19, 2017

How to Break Cryptography | Infinite Series – YouTube

Posted on by

Only 4 steps stand between you and the secrets hidden behind RSA cryptography. Find out how to crack the worlds most commonly used form of encryption.

Tweet at us! @pbsinfiniteFacebook: facebook.com/pbsinfinite seriesEmail us! pbsinfiniteseries [at] gmail [dot] com

Previous Episode:Can We Combine pi & e into a Rational Number?https://www.youtube.com/watch?v=bG7cC...

Links to other resources:

Shor's paper: https://arxiv.org/abs/quant-ph/9508027v2

Lecture on Shor's Algorithm: https://arxiv.org/pdf/quant-ph/001003...

Blog on Shor's algorithm: http://www.scottaaronson.com/blog/?p=208

Video on RSA cryptography: https://www.youtube.com/watch?v=wXB-V...

Another video on RSA cryptography: https://www.youtube.com/watch?v=4zahv...

Euler's Big Idea: https://en.wikipedia.org/wiki/Euler%2... (I can find a non-wiki article, but I don't actually use this in the video. It's just where to learn more about the relevant math Euler did.)

Written and Hosted by Kelsey Houston-EdwardsProduced by Rusty WardGraphics by Ray LuxMade by Kornhaber Brown (www.kornhaberbrown.com)

Challenge Winner - Reddles37https://www.youtube.com/watch?v=bG7cC...

Comments answered by Kelsey:

Joel David Hamkinshttps://www.youtube.com/watch?v=bG7cC...

PCreeper394https://www.youtube.com/watch?v=bG7cC...

Visit link:
How to Break Cryptography | Infinite Series - YouTube

MobileCoin: A New Cryptocurrency From Signal Creator Moxie …

Posted on by

In the early bitcoin years, proponents promised that you would soon be able to pay for anything and everything with cryptocurrency. Order pizza! Buy Etsy trinkets! Use a bitcoin ATM! While PayPal had existed for more than a decade, frictionless, social payment platforms like Venmo were just first taking off, and cryptocurrency seemed like a legitimate way for digital transactions to evolve.

It didn't happen. Cryptocurrency remains confusing and challenging for the average person to acquire and manage, much less sell. And the protocols that underlie bitcoin and other mainstream cryptocurrencies like ethereum suffer significant scalability and transaction bottleneck issues. Visa currently processes about 3,674 transactions per second; the best bitcoin network might be able to process seven per second.

But now the creator of the dead simple end-to-end encrypted messaging app Signal, Moxie Marlinspike, is on a mission to overcome those limitations, and to create a streamlined digital currency that's private, easy-to-use, and allows for quick transactions from any device. And while it may feel like the last thing the world needs is yet another cryptocurrency, Marlinspike's track record with Signaland the organization behind it, Open Whisper Systemsmakes this a project worth watching.

The currency Marlinspike has been working on as technical advisor for the last four months, alongside technologist Joshua Goldbard, is MobileCoin. The two based it on the open-source Stellar Consensus Protocols platform, an alternative payment network that underlies systems like an inter-bank payment network run by IBM in the South Pacific, and the low-fee international money transfer service Tempo in Europe.

'Usability is the biggest challenge with cryptocurrency today.'

Signal Creator Moxie Marlinspike

The Stellar blockchain is also generally regarded as being faster and more efficient than its predecessors; On Wednesday, the mobile messaging service Kik announced that it will move its Kin cryptocurrency platform from Ethereum to Stellar. "We've been using Ethereum to date, and to be honest I call it the dial-up era of blockchain," CEO Ted Livingston said.

MobileCoin wants to leverage an extensive architecture to add simplicity to real privacy protections and resilience against attacks. The ultimate goal: To make MobileCoin as intuitive as any other payment system.

That vision mirrors the animating purpose of Signal, which was developed to make robust end-to-end encrypted communication as easy and straightforward as less secure options, a simple experience that belies the complex cryptographic communication protocols that enable it.

"I think usability is the biggest challenge with cryptocurrency today," says Marlinspike. "The innovations I want to see are ones that make cryptocurrency deployable in normal environments, without sacrificing the properties that distinguish cryptocurrency from existing payment mechanisms."

Usability efforts for older generation cryptocurrency protocols, like bitcoin, have largely been left to services like Coinbase, which centralize everything from currency exchange to your wallet, key management, and processing transactions. These platforms make actually using cryptocurrency more realistic for the average person, but they also consolidate mechanisms that are meant to be kept separate in the private and decentralized concept of cryptocurrency. They generally detail extensive privacy and security protections, but they do require users to trust both their intentions and implementation.

By contrast, the idea of MobileCoin is to build a system that hides everything from everyone, leaving fewer (or theoretically no) opportunities for abuse.

Ideally, there would be a way to fix the structural problems of existing cryptocurrencies, rather than creating another new offering. But Marlinspike and Goldbard concluded that the only way to orient a cryptocurrency around user needs was to start from scratch, and architect everything with that "target user experience" in mind.

To that end, MobileCoin delegates all the complicated and processing-intensive work of participating in a blockchain ledger and validating transactions to nodesservers with constant connectivity that store and work on a fully updated copy of a currency's blockchain. The nodes can then provide software services to users, like apps that seamlessly integrate easy and quick MobileCoin transactions. The nodes also handle key management for users, so the publicand particularly the privatenumeric sequences that encrypt each person's transactions are stored and used by the node. But crucially MobileCoin is designed so the node operators can never directly access users' private keys.

'If you cant look at the ledger, how can you cheat it?'

Joshua Goldbard, MobileCoin

This is where the special features of MobileCoin come in. The currency is designed to utilize an Intel processor component known as Software Guard Extensions, or a "secure enclave." SGX is a sequestered portion of a processor that runs code like any other, but the software inside it can't be accessed or changed by a device's broader operating system. Computers can still check that an enclave is running the right software to validate it before connecting, but neither MobileCoin users nor node administrators can decrypt and view the enclave.

For MobileCoin, the enclaves in all of the nodes of the network hide the currency's indelible ledger from view. Users' private keys are stored and shielded in the enclave, too.

"If you put the cryptocurrency inside of the secure enclave, then people can run the nodes without seeing whats happening inside them," Goldbard says. "If you cant look at the ledger, how can you cheat it?"

Marlinspike first experimented with SGX for Signal as a workaround so users can find people they know on Signal through their address books without exposing all of that data.

Secure enclaves create some technical challenges, because they have limited processing capacity. But MobileCoin is designed with efficiency in mind. The system does as much data processing as possible outside the enclave, and only uses SGX for sensitive computing that needs to be shielded. And not needing to trust the nodesbecause sensitive data isn't exposed on themmeans that more can happen off of a user's device without sacrificing privacy, making transactions quick and easy on mobile devices.

"MobileCoin is designed to be deployable in normal resource-constrained environments like mobile devices, and to deliver a simple user experience along with privacy and security," Marlinspike says. "The design gives you the benefits of server assistance without the downsides of having to trust a server to act appropriately and not be hacked.

The platform has other protections layered with SGX as well. Even if someone compromised a MobileCoin enclave and could view the transaction ledger, one-time addresses and special one-time signatures for each transaction would still prevent an attacker from being able to trace and link events. And a privacy bonus of the Stellar Consensus Protocol is that the nodes don't need to store a full transaction history in the blockchain; they can discard most data after each payment is completed. These components make MobileCoin more resistant to surveillance, whether it's coming from a government or a criminal who wants to track and extort users.

There are lots of potential applications for MobileCoin, but Goldbard and Marlinspike envision it first as an integration in chat apps like Signal or WhatsApp. Here's how it would work in practice: To start using MobileCoin, you would generate a public and private key, and a recovery PIN. Then you would set up your account with an app that incorporates MobileCoin. The app would validate the software running in its service's node, establish an encrypted communication channel to the enclave, and then send your keys and the short, easy-to-remember recovery PIN that you'll use to access your MobileCoinlike a smartphone lock passcode.

To send MobileCoin to your friend Brian within a service that both of you use, your app would look up his public key, generate a one-time key and signature to use for the transaction, and send the transaction to the app's MobileCoin node. The node would sync and validate the transaction, update the ledger, and check the one-time key and signature to prevent spoofed double-spending. At this point Brian's MobileCoin node would take over, receiving and validating the transaction and communicating with Brian's app to generate the one-time private key that will allow Brian to receive the payment. And then Brian gets a notification that you paid him. The messaging app (or whatever service you're both using) doubles as a wallet for each of you.

It's a complicated process to wade through. The point of MobileCoin, though, is that you and Brian don't have to worry about any of it. The complicated parts all take place in the background.

The MobileCoin site, where developers looking to adopt the cryptocurrency will ultimately be able to access the software development kit, currently houses a white paper describing how MobileCoin works in more detail. But Goldbard says that the currency is still six months to a year from release, while he and Marlinspike refine the platform to eliminate potential problems, like the possibility that secure enclaves can inadvertently leak data.

That means there are still plenty of questions to be answered, including one big one: whether MobileCoin will be able to cut through all the noise and hype of the cryptocurrency community to actually be adopted by mainstream apps that could put it in everyone's hands. Currencies, after all, need a critical mass of people to not just be able to use them, but to agree on their worth.

And though speculation has driven bitcoin to all-time-high valuations, most cryptocurrencies don't end up capturing much value, languishing instead in far-flung corners of the internet. Here again, though, MobileCoin's creators hope to emulate Signal. End-to-end encryption was once a fringe feature; then WhatsApp gave it to a billion people at once using the Signal Protocol.

"Nobody actually transacts in cryptocurrency," Goldbard says. "So making something that people can actually use is our first goal. And then we want to find additional ways that people can implement it over time. But initially all we want is to make it so people can actually complete transactions."

If it works, the project will give hope to people who once believed cryptocurrency could truly replace cash in modern societyeven if you're only buying a pizza.

Read more here:
MobileCoin: A New Cryptocurrency From Signal Creator Moxie ...

"You’re Being Watched": Edward Snowden Emerges … – YouTube

Posted on by

http://www.democracynow.org - Former CIA employee Edward Snowden has come forward as the whistleblower behind the explosive revelations about the National Security Agency and the U.S. surveillance state. Three weeks ago the 29-year-old left his job inside the NSA's office in Hawaii where he worked for the private intelligence firm Booz Allen Hamilton. Today he is in Hong Kong--not sure if he will ever see his home again. In a video interview with the Guardian of London, Snowden says he exposed top secret NSA surveillance programs to alert Americans of expansive government spying on innocents. "Even if you're not doing anything wrong, you're being watched and recorded," Snowden says. "And the storage capability of these systems increases every year, consistently, by orders of magnitude, to where it's getting to the point you don't have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can use this system to go back in time and scrutinize every decision you've ever made, every friend you've ever discussed something with, and attack you on that basis, to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer... The public needs to decide whether these programs and policies are right or wrong."

Watch Democracy Now!'s ongoing coverage of the NSA leak at http://www.democracynow.org/topics/nsa.

Democracy Now!, is an independent global news hour that airs weekdays on 1,100+ TV and radio stations Monday through Friday.

FOLLOW DEMOCRACY NOW! ONLINE:Facebook: http://www.facebook.com/democracynowTwitter: @democracynowSubscribe on YouTube: http://www.youtube.com/democracynowListen on SoundCloud: http://www.soundcloud.com/democracynow Daily Email News Digest: http://www.democracynow.org/subscribe

Please consider supporting independent media by making a donation to Democracy Now! today, visit http://www.democracynow.org/donate/YT

Excerpt from:
"You're Being Watched": Edward Snowden Emerges ... - YouTube

Key (cryptography) – Wikipedia

Posted on by

In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes.

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as Kerckhoffs' principle "only secrecy of the key provides security", or, reformulated as Shannon's maxim, "the enemy knows the system". The history of cryptography provides evidence that it can be difficult to keep the details of a widely used algorithm secret (see security through obscurity). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.

Trying to keep keys secret is one of the most difficult problems in practical cryptography; see key management. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving, assault, torture, or social engineering) can recover the original message from the encrypted data, and issue signatures.

Keys are generated to be used with a given suite of algorithms, called a cryptosystem. Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms. A newer class of "public key" cryptographic algorithms was invented in the 1970s. These asymmetric key algorithms use a pair of keys or keypair a public key and a private one. Public keys are used for encryption or signature verification; private ones decrypt and sign. The design is such that finding out the private key is extremely difficult, even if the corresponding public key is known. As that design involves lengthy computations, a keypair is often used to exchange an on-the-fly symmetric key, which will only be used for the current session. RSA and DSA are two popular public-key cryptosystems; DSA keys can only be used for signing and verifying, not for encryption.

Part of the security brought about by cryptography concerns confidence about who signed a given document, or who replies at the other side of a connection. Assuming that keys are not compromised, that question consists of determining the owner of the relevant public key. To be able to tell a key's owner, public keys are often enriched with attributes such as names, addresses, and similar identifiers. The packed collection of a public key and its attributes can be digitally signed by one or more supporters. In the PKI model, the resulting object is called a certificate and is signed by a certificate authority (CA). In the PGP model, it is still called a "key", and is signed by various people who personally verified that the attributes match the subject.[1]

In both PKI and PGP models, compromised keys can be revoked. Revocation has the side effect of disrupting the relationship between a key's attributes and the subject, which may still be valid. In order to have a possibility to recover from such disruption, signers often use different keys for everyday tasks: Signing with an intermediate certificate (for PKI) or a subkey (for PGP) facilitates keeping the principal private key in an offline safe.

Deleting a key on purpose to make the data inaccessible is called crypto-shredding.

For the one-time pad system the key must be at least as long as the message. In encryption systems that use a cipher algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size article for a more complete discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As of 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force.[2] The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad, the security of these systems has not (as of 2008[update]) been proven mathematically, so a theoretical breakthrough could make everything one has encrypted an open book. This is another reason to err on the side of choosing longer keys.

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 4086, Randomness Requirements for Security). Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high quality randomness.

For most computer security purposes and for most users, "key" is not synonymous with "password" (or "passphrase"), although a password can in fact be used as a key. The primary practical difference between keys and passwords is that the latter are intended to be generated, read, remembered, and reproduced by a human user (although nowadays the user may delegate those tasks to password management software). A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, and so human readability etc. is not required. In fact, most users will, in most cases, be unaware of even the existence of the keys being used on their behalf by the security components of their everyday software applications.

If a password is used as an encryption key, then in a well-designed crypto system it would not be used as such on its own. This is because passwords tend to be human-readable and,hence, may not be particularly strong. To compensate, a good crypto system will use the password-acting-as-key not to perform the primary encryption task itself, but rather to act as an input to a key derivation function (KDF). That KDF uses the password as a starting point from which it will then generate the actual secure encryption key itself. Various methods such as adding a salt and key stretching may be used in the generation.

Continue reading here:
Key (cryptography) - Wikipedia

security – Fundamental difference between Hashing and …

Posted on by

Well, you could look it up in Wikipedia... But since you want an explanation, I'll do my best here:

They provide a mapping between an arbitrary length input, and a (usually) fixed length (or smaller length) output. It can be anything from a simple crc32, to a full blown cryptographic hash function such as MD5 or SHA1/2/256/512. The point is that there's a one-way mapping going on. It's always a many:1 mapping (meaning there will always be collisions) since every function produces a smaller output than it's capable of inputting (If you feed every possible 1mb file into MD5, you'll get a ton of collisions).

The reason they are hard (or impossible in practicality) to reverse is because of how they work internally. Most cryptographic hash functions iterate over the input set many times to produce the output. So if we look at each fixed length chunk of input (which is algorithm dependent), the hash function will call that the current state. It will then iterate over the state and change it to a new one and use that as feedback into itself (MD5 does this 64 times for each 512bit chunk of data). It then somehow combines the resultant states from all these iterations back together to form the resultant hash.

Now, if you wanted to decode the hash, you'd first need to figure out how to split the given hash into its iterated states (1 possibility for inputs smaller than the size of a chunk of data, many for larger inputs). Then you'd need to reverse the iteration for each state. Now, to explain why this is VERY hard, imagine trying to deduce a and b from the following formula: 10 = a + b. There are 10 positive combinations of a and b that can work. Now loop over that a bunch of times: tmp = a + b; a = b; b = tmp. For 64 iterations, you'd have over 10^64 possibilities to try. And that's just a simple addition where some state is preserved from iteration to iteration. Real hash functions do a lot more than 1 operation (MD5 does about 15 operations on 4 state variables). And since the next iteration depends on the state of the previous and the previous is destroyed in creating the current state, it's all but impossible to determine the input state that led to a given output state (for each iteration no less). Combine that, with the large number of possibilities involved, and decoding even an MD5 will take a near infinite (but not infinite) amount of resources. So many resources that it's actually significantly cheaper to brute-force the hash if you have an idea of the size of the input (for smaller inputs) than it is to even try to decode the hash.

They provide a 1:1 mapping between an arbitrary length input and output. And they are always reversible. The important thing to note is that it's reversible using some method. And it's always 1:1 for a given key. Now, there are multiple input:key pairs that might generate the same output (in fact there usually are, depending on the encryption function). Good encrypted data is indistinguishable from random noise. This is different from a good hash output which is always of a consistent format.

Use a hash function when you want to compare a value but can't store the plain representation (for any number of reasons). Passwords should fit this use-case very well since you don't want to store them plain-text for security reasons (and shouldn't). But what if you wanted to check a filesystem for pirated music files? It would be impractical to store 3 mb per music file. So instead, take the hash of the file, and store that (md5 would store 16 bytes instead of 3mb). That way, you just hash each file and compare to the stored database of hashes (This doesn't work as well in practice because of re-encoding, changing file headers, etc, but it's an example use-case).

Use a hash function when you're checking validity of input data. That's what they are designed for. If you have 2 pieces of input, and want to check to see if they are the same, run both through a hash function. The probability of a collision is astronomically low for small input sizes (assuming a good hash function). That's why it's recommended for passwords. For passwords up to 32 characters, md5 has 4 times the output space. SHA1 has 6 times the output space (approximately). SHA512 has about 16 times the output space. You don't really care what the password was, you care if it's the same as the one that was stored. That's why you should use hashes for passwords.

Use encryption whenever you need to get the input data back out. Notice the word need. If you're storing credit card numbers, you need to get them back out at some point, but don't want to store them plain text. So instead, store the encrypted version and keep the key as safe as possible.

Hash functions are also great for signing data. For example, if you're using HMAC, you sign a piece of data by taking a hash of the data concatenated with a known but not transmitted value (a secret value). So, you send the plain-text and the HMAC hash. Then, the receiver simply hashes the submitted data with the known value and checks to see if it matches the transmitted HMAC. If it's the same, you know it wasn't tampered with by a party without the secret value. This is commonly used in secure cookie systems by HTTP frameworks, as well as in message transmission of data over HTTP where you want some assurance of integrity in the data.

A key feature of cryptographic hash functions is that they should be very fast to create, and very difficult/slow to reverse (so much so that it's practically impossible). This poses a problem with passwords. If you store sha512(password), you're not doing a thing to guard against rainbow tables or brute force attacks. Remember, the hash function was designed for speed. So it's trivial for an attacker to just run a dictionary through the hash function and test each result.

Adding a salt helps matters since it adds a bit of unknown data to the hash. So instead of finding anything that matches md5(foo), they need to find something that when added to the known salt produces md5(foo.salt) (which is very much harder to do). But it still doesn't solve the speed problem since if they know the salt it's just a matter of running the dictionary through.

So, there are ways of dealing with this. One popular method is called key strengthening (or key stretching). Basically, you iterate over a hash many times (thousands usually). This does two things. First, it slows down the runtime of the hashing algorithm significantly. Second, if implemented right (passing the input and salt back in on each iteration) actually increases the entropy (available space) for the output, reducing the chances of collisions. A trivial implementation is:

There are other, more standard implementations such as PBKDF2, BCrypt. But this technique is used by quite a few security related systems (such as PGP, WPA, Apache and OpenSSL).

The bottom line, hash(password) is not good enough. hash(password + salt) is better, but still not good enough... Use a stretched hash mechanism to produce your password hashes...

Do not under any circumstances feed the output of one hash directly back into the hash function:

The reason for this has to do with collisions. Remember that all hash functions have collisions because the possible output space (the number of possible outputs) is smaller than then input space. To see why, let's look at what happens. To preface this, let's make the assumption that there's a 0.001% chance of collision from sha1() (it's much lower in reality, but for demonstration purposes).

Now, hash1 has a probability of collision of 0.001%. But when we do the next hash2 = sha1(hash1);, all collisions of hash1 automatically become collisions of hash2. So now, we have hash1's rate at 0.001%, and the 2nd sha1() call adds to that. So now, hash2 has a probability of collision of 0.002%. That's twice as many chances! Each iteration will add another 0.001% chance of collision to the result. So, with 1000 iterations, the chance of collision jumped from a trivial 0.001% to 1%. Now, the degradation is linear, and the real probabilities are far smaller, but the effect is the same (an estimation of the chance of a single collision with md5 is about 1/(2128) or 1/(3x1038). While that seems small, thanks to the birthday attack it's not really as small as it seems).

Instead, by re-appending the salt and password each time, you're re-introducing data back into the hash function. So any collisions of any particular round are no longer collisions of the next round. So:

Has the same chance of collision as the native sha512 function. Which is what you want. Use that instead.

Read more here:
security - Fundamental difference between Hashing and ...


« First...102030...1,6851,6861,6871,6881,689...1,7001,7101,720...Last »