Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?...

Security Analysis of the EU’s Digital Wallet

A group of cryptographers have analyzed the eiDAS 2.0 regulation electronic identification and trust services that defines the new EU Digital Identity Wallet...

Mary Queen of Scots Letters Decrypted

This is a neat piece of historical research. The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo--all keen cryptographers--initially thought the batch of encoded documents related to Italy, because that was how they were filed at the...

“Crypto” Means “Cryptography,” Not “Cryptocurrency”

I have long been annoyed that the word "crypto" has been co-opted by the blockchain people, and no longer refers to "cryptography." Im not the only one...

Security Risks of Client-Side Scanning

Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldnt touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. Its not a cryptographic backdoor, b...

Contact Tracing COVID-19 Infections via Smartphone Apps

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Details, such as we have them, are here. It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy...

Why Are Cryptographers Being Denied Entry into the US?

In March, Adi Shamir -- that's the "S" in RSA -- was denied a US visa to attend the RSA Conference. He's Israeli. This month, British citizen Ross Anderson couldn't attend an awards ceremony in DC because of visa issues. You can listen to his recorded acceptance speech. I've heard of two other...

Defeating the iPhone Restricted Mode

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson...

Il (triste??) stato della crittografia (applicata) in Italia

Ho appena finito di scrivere a proposito dei miei 3 giorni trascorsi al Real World Crypto 2018 il blog post per chi legge inglese e' qui e mi sono accorto che non c'e' traccia di nessuna Universita' ma anche azienda italiana. Tutto cio' non puo' che rendermi un po' triste. L'Italia aveva una...

Google's OSS-Fuzz Finds 1,000 Open Source Bugs

The numbers are in, and judging by them, OSS-Fuzz, the program Google unveiled last December to continuously fuzz open source software, has been a success. In five months the effort has unearthed more than 1,000 bugs, a quarter of them potential security vulnerabilities, Google says. OSS-Fuzz,...

Design/Logic Flaw

An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPTRIJNDAEL256 function the 256-bit block version of Rijndael, not AES instead of MCRYPTRIJNDAEL128 real AES could help...

Cryptographers Dismiss AI, Quantum Computing Threats

SAN FRANCISCO—Cryptographers said at the RSA Conference Tuesday they’re skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security. “I’m skeptical there will be much of an impact,” Ron Rivest, a MIT professor and inventor of several...

Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story

A coalition of some of the globe’s top researchers and cryptographers are pleading with The Guardian to retract a story it published last week in which it suggested the encrypted messaging app WhatsApp contained a backdoor. The article, citing research by Tobias Boelter, a cryptography and securi...

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum...

Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed "The GCHQ Puzzle Book," the book features more than 140 pages of codes, puzzles, and challenges created by expert cod...

Crypto Panel Experts Clash on FBI-Apple Debate

SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference. The debate over whether Apple should assist the...

How to Crack GCHQ Crypto Puzzle? — Here's the Solution

GCHQ has finally released the solution to their head spinning Xmas Puzzle, after all, the participants failed to reach the final answer. GCHQ had released a crypto puzzle, dubbed Xmas Puzzle, on 9th December in the form of a Christmas Card that went viral online soon after its release. Nearly...

Cryptographers Concerned Over NSA's Deprecation of ECC

The National Security Agency has long cuddled up to Elliptic Curve Cryptography, swaying standards bodies away from RSA crypto and toward ECC in the late 1990s, as well as recommending it as a strong enough solution for sensitive government agencies to use in guarding their biggest secrets. In...

Peerio — End-to-End Encrypted Secure Messenger and File Sharing App

On one end, where governments of countries like U.K is criticizing end-to-end encryption and considering to ban the encrypted communication apps like Snapchat, CryptoCat, WhatsApp and Apple’s iMessage. On the other hand, the Internet community has come up with a new and rather more secure encrypt...

Outside Panel Finds Over-Reliance on NSA Advice Led to Dual EC Problems

A group of outside experts found that the process that led to the inclusion of the weakened Dual ECDRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of...