« First...102030...2,3082,3092,3102,3112,312...2,3202,3302,340...Last »

House Committee Puts NSA on Notice Over Encryption Standards

Posted on by

79 Twitter Facebook Email

Amendment would remove requirement that the National Institute of Standards and Technology consult with the NSA on encryption standards

Amendment would remove requirement that the National Institute of Standards and Technology consult with the NSA on encryption standards

by Justin Elliott ProPublica, May 23, 2014, 4:55 p.m.

Enable Social Reading

An amendment adopted by a House committee would, if enacted, take a step toward removing the National Security Agency from the business of meddling with encryption standards that protect security on the Internet.

As we reported with the Guardian and the New York Times last year, the NSA has for years engaged in a multi-front war on encryption, in many cases cracking the technology that is used to protect the confidentiality of intercepted communications. Part of the NSAs efforts centered on the development of encryption standards by the National Institute of Standards and Technology, which sets standards that are adopted by government and industry.

Documents provided by Edward Snowden suggest that the NSA inserted a backdoor into one popular encryption standard, prompting NIST to launch an ongoing review of all its existing standards.

The amendment adopted this week by the House Committee on Science, Space, and Technology would remove an existing requirement in the law that NIST consult with the NSA on encryption standards.

In a Dear Colleague letter, the amendments sponsor, Rep. Alan Grayson (D-FL), quoted our story on the NSA from last year.

See the rest here:
House Committee Puts NSA on Notice Over Encryption Standards

New iOS app secures IM with ‘post quantum’ encryption

Posted on by

A new instant messaging application for the iPhone uses an advanced, "post quantum" encryption scheme to scramble one-on-one chats. It's intended as a bullet-proof secure alternative to WhatsApp's addictive message interface and to mobile carrier's primitive and (outside the U.S.) pricey SMS texting services.

The app's encryption randomizes the message output before transmission, so each message is unique without detectable patterns that an attacker could exploit. And PQChat keeps minimal personal information about the sender: it stores a one-way encrypted value of the user's phone number, an encrypted user-supplied nickname, and a pseudo ID image.

[ Stay ahead of advances in mobile technology with InfoWorld's Mobile Edge blog and Mobilize newsletter. ]

The free version of PQChat, from SDR Wireless Ltd., is aimed at consumers. The paid version is licensed to enterprises and offers additional features, such as QR code authentication, enterprise key management, a full audit trail of all messages, message backup and in the future secure voice and video calls.

PQChat is the first SDR product to make use of the vendor's Never-the-Same (NTS) encryption. NTS itself is based on the asymmetric encryption algorithm developed in 1978 by Robert McEliece. According to SDR, McEliece's encryption scheme has so far not been broken, even using the emerging techniques of quantum computing. As a result the McEliece algorithm is considered a "post quantum" (the "PQ" in PQChat) encryption scheme.

Without going into the mathematical depths of McEliece's work, he figured out a way to create a public/private encryption key system that is prohibitively costly -- in computational time -- to break. Despite that, its encryption and decryption are faster than that of algorithms such as RSA. But one major drawback is that McEliece's public and private keys are very large, so large that they've been rarely used commercially.

SRD Wireless has at least two patents for improving McEliece's system, including one that makes these keys smaller without compromising security.

PQChat uses the XMPP protocol, originally designed for desktop IM, transmitted via VoIP, to improve message reliability and handling, says Andersen Cheng, SRD's CEO. The McEliece-based NTS encryption scrambles the message contents on the device, using the recipient's public key, which is available from the PQChat server. But the server has no knowledge of what's being sent, and can't unscramble the contents. The message is deleted after delivery to the recipient, who is the only person who can decipher, using his private key.

PQChat uses unique form of authentication, which the vendor dubs "man-at-the-end" or MATE. MATE generates a unique cryptographic representation a number -- of a user's public key. Then a user records a video of himself, reciting that number. According to SRD, this approach does away with the need for a third-party Certificate Authority.

PQChat is available now via the Apple App Store, and will release an Android version shortly. More information is available at the PQChat website.

See the article here:
New iOS app secures IM with 'post quantum' encryption

Microsoft Opens .Net, Hops on Devops Bandwagon

Posted on by

The most obvious reasoning for Microsoft's establishment of a .Net foundation and further opening up the technology is the continued presence and prominence of open source software -- and openness in general -- in key, fast-moving enterprise IT trends including cloud computing, Big Data and devops. Today, Microsoft continues to reshape its approach to open source.

Microsoft recently established a .Net foundation and open sourced substantial parts of the popular programming language, continuing to spread its newfound love for open source software. However, it's another movement -- devops -- that may be more of a driving factor in Microsoft's .Net move.

In establishing the independent .Net Foundation and making more key pieces of .Net open source, Microsoft was promoting collaboration and community, it said. Many open source technologies exist for .Net, including the recently released .Net compiler platform codenamed "Roslyn."

Microsoft also highlighted the value and innovation that comes from broader community collaboration, even on its own developer tools and technologies, such as .Net.

The fact that Microsoft recognizes the power of open source software is not remarkable -- the company has been working actively to change its thinking and strategy on open source software for years now.

What is interesting is the establishment of the foundation and the further opening up of .Net, which highlights how Microsoft technologies, including Windows, Azure and .Net, all have become part of the devops movement -- a trend referring to faster software releases based on collaboration and efficiency among developers and IT operations teams.

This is quite a contrast to the devops landscape that existed three or four years ago. Back then, when Windows admins would dare to speak up or ask questions about how they might get more agile and join the devops movement, they were told to switch to Linux.

Today, most devops tools and providers have integrations, plug-ins, and support for Windows management. Indeed, I have written previously about how the support for Windows in devops tools -- such as the Chef and Puppet configuration and provisioning automation software applications -- reflects the extension of devops to more mainstream enterprises, where Windows and .Net are common.

We also have seen .Net rise in the polyglot programming trend: A much greater variety of languages, databases, infrastructure and other technologies are used in developing, deploying and managing applications in today's market.

While most PaaS platforms have become polyglot and support a variety of languages, the enterprise world is still largely a matter of Java and .Net. Thus, .Net has become an important part of PaaS, particularly private PaaS aimed at enterprises.

Read the original here:
Microsoft Opens .Net, Hops on Devops Bandwagon

The quest for true randomness and uncrackable codes

Posted on by

May 22, 2014 by Senne Starckx

Quantum cryptography is said to be uncrackable. It will stay safe, but only if true randomness, the generation and use of intrinsically random numbers, can be achieved.

Each time we read our e-mail, login to online shopping sites, watch a movie online or use our mobile phone, we are using random numbers to establish a secure connection. Randomness is a crucial ingredient in practically every area of information processing. And, most importantly, in cryptography. But because all conventional computing processes are based on classical physics, looking for true randomness is like searching for the pot of gold at the end of the rainbow. This explains why even the most sophisticated present-day encryption systems can fall prey to hackers.

Enter quantum computing. Incorporating the inherent random nature of the quantum world in a computer yields a revolutionary new way of producing true random numbers. Thanks to this, real uncrackable codes are in sight. The EU funded project RAQUEL, started in October 2013, evaluates the role played by randomness in quantum information processing. Project coordinator Jan Bouda, a researcher in Informatics at Masaryk University in Brno, in the Czech Republic, talks to youris.com why true randomness is so important and what it will mean for cryptography.

Why can my computer not produce true random numbers?

Conventional computing is based on classical physical principles. And in classical physics, there is not a single process that is intrinsically random. Hence, the randomness generated by classical devices, like your PC, is rather a consequence of our ignorance of the initial setup. On the contrary, randomness obtained from quantum computers is true, as the measurement is supposed to be intrinsically random. (ironically) That is if quantum physics is right.

So why is randomness so important?

Randomness is used in a huge number of efficient algorithms. In fact, for many problems, algorithms using random choices are far more efficient than the best-known deterministic algorithms. These algorithms are used to reduce the amount of communication for distributed computation, such as, in cloud computing, and more importantly, for cryptography. Any application that should work securely needs random numbers.

On the other hand, to produce high-quality random numbers is not easy. Even in specialised devices, like in quantum random number generators, the amount of random numbers you can produce per second is strictly limited. Random numbers are important in all areas of computer science. But in cryptography the quality is a deal breaker. In many applications, even a minor flaw in randomness can completely jeopardise the security.

What are your current research goals?

Link:
The quest for true randomness and uncrackable codes

How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency – Video

Posted on by


How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency
Follow along with this video: http://tinyurl.com/BTCServices Miss out on the DotCom boom? Miss out on the BitCoin boom? Hind sight is 20:20, but you can stil...

By: BTC Transaction Services

More:
How To Trade CryptoCurrency: Sign up to a safe and reliable exchange for trading CryptoCurrency - Video


« First...102030...2,3082,3092,3102,3112,312...2,3202,3302,340...Last »