AusCERT History is filled with companies shamed by their shoddy cryptography implementations even though the underlying maths is bang on.

In a presentation titled "Crypto Won't Save You" at the AusCERT conference on Australia's Gold Coast, respected cryptographer Peter Gutmann of the University of Auckland took security bods through a decade of breaches featuring a laundry list of the world's biggest brands.

Gutmann's point was to demonstrate how the weakest point of cryptography was typically in its implementation rather than the maths itself. He demonstrated that consumer devices from the Amazon Kindle to the Sony Playstation and Microsoft Xbox consoles were hacked not because of weak cryptography, but due to poor deployment of security mechanisms, which were bypassed by attackers.

Many more systems have been broken due to poor implementations. The crypto used by lower-end ransomware to encrypt victims' files can be broken by security pros, allowing the documents to be rescued without having to pay the ransom.

"No matter how strong the crypto was, the attackers walked around it," the Cryptlib developer told delegates.

"Crypto is not any good to you when it can be so easily bypassed. The lesson is you need to secure every part of the system and not just throw crypto at one bit and assume that you'll be safe."

Prof Peter Gutmann at AusCERT

Gutmann highlighted further crypto bypass gore by pointing to the use of weak keys in DomainKeys Identified Mail (DKIM) by thousands of organisations including of Google, Paypal and Twitter.

While the US Computer Emergency Response Team (CERT) warned companies in October 2012 to upgrade to stronger keys to avoid being popped, Gutmann said attackers took the easier route and bypassed the implementations.

"There were so many other ways to render DKIM ineffective that no one bothered attacking the crypto," he said.

The rest is here:
Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough

9 hours ago

Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Universit de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm that calls into question the security of one variant of this problem, which has been closely studied since 1976.

This result, published on the site of the International Association of Cryptologic Research and on the HAL open access archive, was presented at the international conference Eurocrypt 2014 held in Copenhagen on 11-15 May 2014 and published in Advances in cryptology. It discredits several cryptographic systems that until now were assumed to provide sufficient security safeguards. Although this work is still theoretical, it is likely to have repercussions especially on the cryptographic applications of smart cards, RFID chips, etc.

To protect confidentiality of information, cryptography seeks to use mathematical problems that are difficult to solve, even for the most powerful machines and the most sophisticated algorithms.

The security of a variant of the discrete logarithm, reputed to be very complex, has been called into question by four researchers from CNRS and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC), namely Pierrick Gaudry, Rzvan Brbulescu, Emmanuel Thom and Antoine Joux. The algorithm they devised stands out from the best algorithms known to date for this problem. Not only is it significantly easier to explain, but its complexity is also considerably improved. This means that it is able to solve increasingly large discrete logarithm problems, while its computing time increases at a far slower rate than with previous algorithms. The computation of discrete logarithms associated with problems that are deliberately made difficult for cryptographic applications is thus made considerably easier.

Since solving this variant of the discrete logarithm is now within the capacity of current computers, relying on its difficulty for cryptographic applications is therefore no longer an option. This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration of the weakness of this variant of the discrete logarithm. Nonetheless, these results reveal a flaw in cryptographic security and open the way to additional research. For instance, the algorithm could be adapted in order to test the robustness of other cryptographic applications.

Explore further: NIST removes cryptography algorithm from random number generator recommendations

More information: "A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic," Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thom, Advances in Cryptology EUROCRYPT 2014, Lecture Notes in Computer Science, Volume 8441, 2014, pp 1-16. dx.doi.org/10.1007/978-3-642-55220-5_1

Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, ...

(Phys.org)Protecting sensitive electronic information in different situations requires different types of cryptographic algorithms, but ultimately they all depend on keys, the cryptographic equivalent ...

Go here to read the rest:
New algorithm shakes up cryptography