Cryptography News, Articles and Updates

Bouncy Castle let down by inadequate protection of BKS-V1 keystore files

The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can easily be cracked by hackers.

Why is crypto so slow? What factors are behind such cautious development?

Tech moves fast, but cryptography - the field which holds it all up - runs at a decidedly slower pace, marking its breakthroughs in years, not quarters. With something so inherently important, why would it be so slow to evolve?

The threat quantum computers pose to modern security

The clock is ticking and in few years, quantum computers will become powerful enough to break the all-important encryption techniqueused billions of times every day by businesses, banks, credit cards, government and consumers.

ROCA, the role of key generation and decrypting of private keys

Richard Moulds takes a look behind recent crypto vulnerability headlines - the ability to calculate the private key of an RSA keypair purely by knowing the public key - and asks if they are a prelude to a 'cryptoapocalypse'.

Estonia suspends national 760,000 ID cards found prone to encryption vulnerability

Estonia on Friday blocked the certificates of 760,000 national ID cards in response to a cryptographic vulnerability that researchers have discovered is even more dangerous than originally reported.

Surprising amout of cryptographic mistakes in IEEE standards allow IP theft

Weak cryptography in a standard developed by the IEEE could result in hackers bypassing encryption safeguards to steal intellectual property in plaintext, scientists discover.

IP Expo: Where IT & physics collide - the relevance of quantum computing

Brian Cox explained that the use of quantum computing for factoring large numbers for cryptography was so effective that it makes classic cryptography redundant.

Quantum computing breaks encryption next decade; current data at risk

Quantum computing is arriving now and could break public key encryption in a decade - so long term valuable data could be obtained and held now to be decrypted later warns Graeme Park.

Is China's newly built quantum crypto-network really unhackable?

It looks like China is the latest to apply quantum cryptology to create a supposedly unhackable network. But just how valid are these claims?

Researchers open sliding window to completely break libgcrypt RSA-1024

Researchers from five universities have published a paper demonstrating full key recovery for libgcrypt's implementation of RSA-1024.

Quantum-powered random numbers could provide key to better cryptography

True randomness is impossible to achieve with conventional hardware, and some applications are terrible at it, but are our current random number generators 'good enough' and is it worth using quantum technology to achieve better randomness?

German researchers find flaws in nine major password managers

TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities. All vulnerabilities have been patched prior to publication.

Secret key-finding tool launched

TruffleHog could be used to search for secret keys used to access servers

Researchers spot first cryptor to exploit Telegram protocol

Kaspersky Lab researchers Anton Ivanov and Fedor Sinitsyn spotted what they are calling the first encryption malware to exploit the Telegram protocol.

Vendors leave crypto key in the door when it comes to security

The problem of certificates baked into firmware continues to jeopardise the security of consumer internet devices despite warnings to vendors, according to a researcher.

Crypto student accuses WhatsApp of blocking calls to Saudi numbers

A cryptography Ph.D. student has accused WhatsApp of blocking calls to Saudi Arabia phone numbers and deceiving users

Diffie and Hellman named winners of the ACM AM Turing Award

The RSA cryptographers' panel was the occasion Tuesday for the announcement of the winners of the annual ACM AM Turing Award.

ICYMI: Russian bank attack; UK CISO?; banks suspended; Crypto hack, hospital ransom

The latest In Case You Missed It (ICYMI) looks at Rusian bank attack thwarted; need for UK CISO?; banks hack themselves; Cypto key hack; US hospital ransomed.

Tel Aviv team first to steal high-level PC crypto - through a wall

An Israeli security research team has described how to steal a cryptographic key from a computer simply by monitoring the radio waves it emits while decrypting a cipher.

OpenSSH vulnerability means your keys are OpenPREY

Two vulnerabilities have been discovered (and fixed) in OpenSSH which could have been exploited by hackers to force clients to leak cryptographic keys.

Researchers find hole in quantum cryptography that reveals the key

Researchers at Linkoping University and Stockholm University find a vulnerability that compromises the integrity of quantum cryptography technologies.