Samsung Encryption Flaw

Schneier on Security

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. Here are the details: As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA.

Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. Uncategorized courts encryption lies videoconferencing

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. To begin with, all of today’s encrypted communications could potentially be at risk of being leaked and abused.

Best encryption software 2022

Tech Republic Security

Encryption software protects confidential and private data in transit and at rest by making it accessible only to authorized individuals. Learn about the best encryption software and techniques. The post Best encryption software 2022 appeared first on TechRepublic.

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Uncategorized child pornography children crypto wars cybersecurity encryption marketing privacy propaganda

Which Types Of Encryption Will Remain Secure As Quantum Computing Develops – And Which Popular Ones Will Not

Joseph Steinberg

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. To protect data in the quantum computing era , therefore, we must change how we encrypt.

Best Practices for Improving Cloud Encryption 

Security Boulevard

One way to enhance cloud security is to improve cloud encryption. Most cloud service providers include primary encryption features and. The post Best Practices for Improving Cloud Encryption appeared first on Security Boulevard.

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Schneier on Security

It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction time of 10 μ s, and a physical gate error of 10 -3.

Trend Micro Endpoint Encryption vs. Broadcom Symantec Endpoint Encryption

Tech Republic Security

The post Trend Micro Endpoint Encryption vs. Broadcom Symantec Endpoint Encryption appeared first on TechRepublic. Find out which endpoint protection product is right for your business.

Take a Diversified Approach to Encryption

Dark Reading

Encryption will break, so it's important to mix and layer different encryption methods

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

Joseph Steinberg

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon. Performing a transition to new, quantum-safe encryption is complex, timely, and expensive. CyberSecurity encryption quantum computing

Check Point Full Disk Encryption vs. Trend Micro Endpoint Encryption

Tech Republic Security

Cybersecurity powerhouses Check Point and Trend Micro offer good encryption options, but which one reigns supreme? The post Check Point Full Disk Encryption vs. Trend Micro Endpoint Encryption appeared first on TechRepublic.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.

Types of Encryption Algorithms

Security Boulevard

Types of Encryption Algorithms. How Do Encryption Algorithms Work? Encryption algorithms are mathematical formulas that transform plaintext into ciphertext. Put simply, algorithms make encrypting and decrypting code possible, specifically between the correct users.

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google

How Encryption Helps Restore Cloud Security Integrity

Security Boulevard

The post How Encryption Helps Restore Cloud Security Integrity appeared first on Security Boulevard. Cloud Security Cybersecurity Data Security Security Awareness Security Boulevard (Original) Cloud CSPs data encryption security

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencing

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

Dark Reading

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said

Enterprise Data Encryption Use Reaches Historic Highs

Security Boulevard

For decades, enterprise data encryption and effective key management were something most enterprises wanted to do but couldn’t — if they tried to do it at all. The post Enterprise Data Encryption Use Reaches Historic Highs appeared first on Security Boulevard.

Is 2022 the year encryption is doomed?

Tech Republic Security

Quantum computing has the potential to unlock most of the encryption algorithms in use by companies today. The post Is 2022 the year encryption is doomed? What should IT professionals do to secure their information? appeared first on TechRepublic. Security

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Particularly with respect to encryption marketed to consumers, the significance of the risk should be assessed based on its practical effect on consumer cybersecurity, as well as its relation to the net risks that offering the product poses for society. backdoors cryptowars encryption essays lawenforcement nationalsecuritypolicy

Breaking Encryption Myths (EU Commission on Encryption)

Adam Shostack

I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

Samsung Encryption Flaw

Security Boulevard

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. The post Samsung Encryption Flaw appeared first on Security Boulevard.

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. “It turned out that the key derivation function was PBKDF2 using 1000 iteration of MD5 to derive the encryption key.

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm. Both are ways of weakening encryption. backdoors encryption g7 hacking keyescrow keys lawenforcement terrorism

EU Has Lost the Plot, Will Ban Encryption — Think of the Children

Security Boulevard

The post EU Has Lost the Plot, Will Ban Encryption — Think of the Children appeared first on Security Boulevard. The European Union “is failing to protect children.” Something must be done—and, yes, what they’re proposing is indeed something.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. We oppose efforts by governments to restrict the use of strong encryption and/or to mandate exceptional access mechanisms such as "backdoors" or "key escrow schemes" in order to facilitate government access to encrypted data. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data. backdoors cryptowars cryptography encryption keyescrow lawenforcement securityengineeringIt's a weird article.

WhatsApp starts offering password enabled encryption to user backups

CyberSecurity Insiders

From now on, all WhatsApp backups will be protected by a password enabled encryption method offering an extra layer of security protection to users from spying eyes. The post WhatsApp starts offering password enabled encryption to user backups appeared first on Cybersecurity Insiders.

Another Story of Bad 1970s Encryption

Schneier on Security

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. Philips, together with Siemens, built an encryption machine in the late 1970s.

Here's How Fast Ransomware Encrypts Files

Dark Reading

New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files