Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 306

Encryption 306

Schneier on Security

AUGUST 22, 2022

“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. The search results pointed to a common public key that shows up in online tutorials like “ RSA Encryption & Decryption Example with OpenSSL in C.

Encryption 356

Encryption Firmware Manufacturing Software 356

Schneier on Security

FEBRUARY 26, 2024

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this.

Encryption 332

Encryption 332

Schneier on Security

SEPTEMBER 9, 2024

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. Examples include certain source code, encryption, cryptography, and electronic hardware. We in the encryption space call that last one “ nerd harder.”

Encryption 309

Encryption Computers and Electronics Government Security Intelligence 309

Schneier on Security

AUGUST 5, 2021

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

Encryption 361

Encryption 361

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. To begin with, all of today’s encrypted communications could potentially be at risk of being leaked and abused.

Encryption 363

Encryption Backups Banking Artificial Intelligence 363

Schneier on Security

JUNE 17, 2021

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.” That’s basically the intelligence agencies of the EU countries.

Encryption 343

Encryption Telecommunications Mobile 343

Schneier on Security

SEPTEMBER 6, 2023

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

Cryptocurrency 340

Cryptocurrency Encryption Technology 340

Schneier on Security

AUGUST 15, 2024

EDITED TO ADD: Good article : One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. My recent writings on post-quantum cryptographic standards. NIST plans to select one or two of these algorithms by the end of 2024.

Encryption 307

Encryption Backups Authentication Technology 307

Schneier on Security

FEBRUARY 9, 2022

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so.

Encryption 358

Encryption 358

Schneier on Security

JULY 18, 2022

Facebook has responded by encrypting the entire URL into a single ciphertext blob. Firefox users may enable URL stripping in all Firefox modes , but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well.

Encryption 363

Encryption 363

Joseph Steinberg

FEBRUARY 2, 2022

As I discussed last month, unless we take actions soon, a tremendous amount of data that is today protected through the use of encryption will become vulnerable to exposure. To protect data in the quantum computing era , therefore, we must change how we encrypt.

Encryption 357

Encryption Artificial Intelligence Risk Engineering 357

Schneier on Security

NOVEMBER 21, 2022

“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files! . “If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” ” they wrote. Technical details.

Encryption 279

Encryption Ransomware Advertising Cybersecurity 279

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Encryption 353

Encryption Cybersecurity Artificial Intelligence Backups 353

Schneier on Security

JANUARY 18, 2022

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” ” rhetoric we’re seeing in this current wave of the crypto wars.

Encryption 344

Encryption Government Advertising Marketing 344

Troy Hunt

SEPTEMBER 3, 2020

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Isn't the whole point of encryption that it protects data when exposed to unintended parties? They can't be unencrypted because they weren't encrypted in the first place. But you should change it anyway.

Passwords 363

Passwords Encryption Data breaches Risk 363

Schneier on Security

OCTOBER 22, 2024

The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” ” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion.

Encryption 301

Encryption 301

Schneier on Security

DECEMBER 16, 2024

Starting next year : Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days.

Encryption 264

Encryption 264

Tech Republic Security

MAY 30, 2024

The ShrinkLocker ransomware exploits the BitLocker feature on enterprise PCs to encrypt the entire local drive and remove recovery options.

Encryption 204

Encryption Ransomware Software Malware 204

Schneier on Security

DECEMBER 11, 2023

It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.

Encryption 316

Encryption Cybersecurity 316

The Last Watchdog

OCTOBER 18, 2023

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. ABE makes it much more difficult to fraudulently decrypt an asset in its entirety; it does this by pulling user and data attributes into the encryption picture — in a way that allows decryption to be flexible.

Encryption 264

Encryption Surveillance Internet Internet 264

Malwarebytes

DECEMBER 5, 2024

According to NBC news , two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at CISA– both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

Encryption 139

Encryption Identity Theft Media Telecommunications 139

Schneier on Security

DECEMBER 31, 2020

In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. x and inter-operates among all major e-mail software packages.

Encryption 360

Encryption Software 360

Malwarebytes

DECEMBER 9, 2024

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. de Vries in 2021.

Encryption 113

Encryption VPN Media Marketing 113

Schneier on Security

MARCH 1, 2022

Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data.

Ransomware 317

Ransomware Encryption 317

Security Boulevard

DECEMBER 9, 2024

The post We Need to Encrypt Clinical Trial Data appeared first on Security Boulevard. As we push the boundaries of medical science through innovative clinical trials, we must recognize that data security is not just an IT issue.

Encryption 119

Encryption Data breaches Security Awareness Cybersecurity 119

Security Boulevard

OCTOBER 21, 2024

Chinese researchers used a D-Wave quantum computer to crack a 22-bit encryption key, which can be used as a cautionary tale for what may lie ahead with future quantum systems but doesn't threaten the classical encryption being widely used today.

Encryption 126

Encryption Social Engineering Data privacy Engineering 126

Schneier on Security

AUGUST 3, 2021

Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said.

Manufacturing 363

Manufacturing Spyware Surveillance Encryption 363

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 116

Encryption Password Management Social Engineering Cryptocurrency 116

Schneier on Security

SEPTEMBER 26, 2023

if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving,” Whittaker said. ”

Encryption 333

Encryption 333

Schneier on Security

MAY 23, 2022

This file is encrypted using AES-256-CBC encryption combined with Base64 encoding. A 4-digit application PIN (which gets set during the initial onboarding when a user first instals the application) is the encryption password used to protect or encrypt the licence data.

Encryption 311

Encryption Backups Passwords 311

Schneier on Security

OCTOBER 23, 2023

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Encryption 307

Encryption Government Surveillance 307

Schneier on Security

JUNE 21, 2022

Both bills have provisions that could be used to break end-to-end encryption. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer). That is, end-to-end encryption products. There is a significant problem, though.

Internet 346

Internet Internet Encryption Backups 346

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk 331

Risk Encryption Government Artificial Intelligence 331

Schneier on Security

APRIL 7, 2021

.” Moxie Marlinspike, the creator of Signal and CEO of the nonprofit that runs it, describes the new payments feature as an attempt to extend Signal’s privacy protections to payments with the same seamless experience that Signal has offered for encrypted conversations. End-to-end encryption is already at risk.

Cryptocurrency 340

Cryptocurrency Encryption Mobile Government 340

Tech Republic Security

AUGUST 16, 2024

NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.

Encryption 192

Encryption Artificial Intelligence Cybersecurity 192

Schneier on Security

NOVEMBER 12, 2024

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too.

Encryption 305

Encryption Accountability Cybersecurity 305