24 Clip on Blowfish Cryptography
Check the file header!

By: Anthony Vance

See original here:
24 Clip on Blowfish Cryptography - Video

introduction to cryptography, a complete series
Introduction to Cryptography series Cryptography is a great topic to learn and specially if you are in information security field or wants to jump into the s...

By: Hitesh Choudhary

Continue reading here:
introduction to cryptography, a complete series - Video

Introduction to Cryptography: Part 4 (Public Key, PKI and Identity)
More details at: http://asecuritysite.com/encryption.

By: Bill Buchanan

Go here to read the rest:
Introduction to Cryptography: Part 4 (Public Key, PKI and Identity) - Video

Aug 05, 2014

Cryptographers in China have have developed a new type of cryptography that can better resist so-called offline "dictionary attacks", denial of service (DoS) hacks, and cracks involving eavesdroppers. Their approach, reported in the International Journal of Electronic Security and Digital Forensics, extends and improves a type of cryptography that uses an intractable mathematical problem as its basis.

Public-key cryptography uses the complexity of certain mathematical problems that would take even a supercomputer many years to solve, to lock up data that only a person with the private key can unlock. Early public-key systems used the problem of finding the prime factors of a very large integer. More recent protocols exploit the problem of finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point. This is the "elliptic curve discrete logarithm problem" and is an example of a mathematical problem that is essentially impossible to solve at the highest level without an array of supercomputers and tens of thousands of years at one's disposal. And, yet, it is very efficient in terms of computation to implement and encrypt data.

Unfortunately, encryption systems always have loopholes and can always succumb to bugs or attacks on the computer system on which they run. The most recent form of elliptical encryption widely used for internet logins and other applications can be breached by a so-called offline dictionary attack that simply tests every possible key, or password, non-complex passwords thus succumbing the quickest. More the protocol can be attacked by an eavesdropper who monitors and replicates password entry by users or otherwise breaks the system, through a denial of service, attack allowing entry via the backdoor.

Pengshuai Qiao of North China University of Water Resources and Electric Power, in Zhengzhou, and Hang Tu of Wuhan University, Wuhan, China, explain that two fundamental requirements of secure communications over an insecure public network are password authentication and password updating. Previous researchers have extended password authentication and update schemes based on elliptic curve cryptography to the point where they are entirely robust against replay attack, man-in-the-middle attack, modification attack and other potential breaches. However, this system, developed by computer scientists Hafizul Islam of the Birla Institute of Technology and Science in Pilani and GP Biswas of the Indian School of Mines, Dhanbad, India, failed to defend against offline password guessing attack and stolen-verifier attack.

Qiao and Tu have now devised an algorithm for on elliptic curve cryptography that precludes such security breaches by using a four-phase approach: registration phase, password authentication phase, password change phase and session key distribution phase. These are the same steps used with the Islam-Biswas scheme but Qiao and Tu add two additional calculations on the user side for the final single-session password. This change means that offline dictionary attacks will never succeed because even if the hacker guesses the user's password they will not have the necessary algorithm to recalculate the actual session password used each time by the user. The same addition also thwarts stolen-verifier attacks, because even if a third-party has access to the verification protocol used by the system, they would still need to be able to do the one-time additional pair of calculations for the given session.

The team's initial testing of the new system bodes well for secure implementation on a wide range of platforms for everything from mobile banking to web logins.

Explore further: Passwords no more? Researchers develop mechanisms that enable users to log in securely without passwords

More information: Qiao, P. and Tu, H. (2014) 'A security enhanced password authentication and update scheme based on elliptic curve cryptography', Int. J. Electronic Security and Digital Forensics, Vol. 6, No. 2, pp.130-139. http://www.inderscience.com/info/inar icle.php?artid=63109

(Phys.org) Passwords are a common security measure to protect personal information, but they don't always prevent hackers from finding a way into devices. Researchers from the University of Alabama at ...

See more here:
New type of cryptography that can better resist "dictionary attacks"

Published on August 06, 2014

Mount Allison University honours computer science and math student Karen Korstanje recently presented her research at the Fourth International Workshop on Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers (CrossFyre 2014) - a conference designed specifically for women in cryptography - in Bochum, Germany. Korstanje, originally from Thunder Bay, ON, is the first Canadian to present at the CrossFyre conference and was one of only two undergraduate students to attend this year. "It was my first time at an international conference so I was a little nervous to present my research. But it was a very supportive environment," says Korstanje.

Mount Allisons Karen Korstanje is the first Canadian to present at the fourth International Workshop on Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers (CrossFyre 2014). PHOTO SUBMITTED

The fourth-year honours student presented new results from her summer research project in cryptography titled "Search for Weak Keys in the Dhall-Pal Cipher," supervised by Mount Allison computer science professor Liam Keliher.

Her research has focused on the analysis of the Dhall-Pal Cipher (DPC), a symmetric-key cipher introduced in 2010. The DPC was designed to be an efficient alternative to the widely implemented Advanced Encryption Standard (AES) cipher. Korstanje and Keliher's work focuses on cryptanalysis, designing attacks on current systems to show weaknesses.

"The attacks can show weaknesses in the cipher, how the information is being encrypted. Knowing these allows programmers to alter their work and makes their systems more secure," explains Korstanje. "We kind of have to think like a hacker to prevent different kinds of attacks and identify weaknesses in different cryptic systems."

Keliher, who is an expert in cryptography, says "Karen's work has revealed that many of the keys used by communicating parties lead to significant weaknesses in the DPC that allow encrypted information to be decrypted by an attacker with a minimum amount of computation (hence the term 'weak keys'). This represents a complete break of the DPC."

Korstanje and Keliher are now preparing a full paper based on this work for refereed publication.

Mount Allisons Karen Korstanje is the first Canadian to present at the fourth International Workshop on Cryptography, Robustness, and Provably Secure Schemes for Female Young Researchers (CrossFyre 2014). PHOTO SUBMITTED

Thanks for voting!

View post:
Mount Allison student becomes first Canadian to present at international cryptography conference

The CryptoLocker ransomware is as simple as it is devastating: Once it worms its way onto your system, it encrypts all of your precious files using strong AES-256-bit cryptography, which is virtually impossible to break if you dont know the private key (read: secret code) required to unlock it. Pay the attackers $300, and theyll give you the key. Dont pay, and your files stay scrambled forever.

Until now.

Researchers from FireEye and Fox-IT have managed to recover the private encryption keys used by CryptoLockers authors, as well as reverse-engineer the code powering the malware itselfmeaning the firms can unlock your files. And while they could no doubt make a pretty penny selling that service to victims at a price far less than CryptoLockers $300 Bitcoin ransom, the security firms are taking the high road, and providing the private key details for free via the just-launched Decrypt CryptoLocker website.

Screenshot of a PC infected with CryptoLocker.

The process couldnt be easier: Simply send the site one of the CryptoLocker-encrypted files on your PC, along with an email address. Itll scan the file to figure out the encryption specifics, then send you a recovery program and master key that can be used to rescue your ransomed data.

FireEye warns that some data might not be recoverable, particularly if youve been infected by a CryptoLocker variant rather than CryptoLocker itself.

BBC reports that 500,000 people fell victim to CryptoLocker, with 1.3 percent forking over cash to free their files. In other words, the malware earned its makers around $3 million before the criminal network was smashed by authorities and security researchers in May.

Variants are still scuttling around the web, however. Beyond usingsecurity software and safe browsing practices, the best offense against ransomware is a strong defense. Making regular backups will let you easily recover your data if your PC ever falls prey to an encryption-based attack.

Continued here:
CryptoLocker decrypted: Researchers reveal website that frees your files from ransomware