Tag: Crypto
-
How is NSA breaking so much crypto?
There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at…
-
Engineering an insider-attack-resistant email system and why you wouldn't want to use it
Earlier this week, Felten made the observation that the government eavesdropping on Lavabit could be considered as an insider attack against Lavabit users. This leads to the obvious question: how might we design an email system that’s resistant to such an attack? The sad answer is that we’ve had this technology for decades but it…
-
Silk Road, Lavabit, and the Limits of Crypto
Yesterday we saw two stories that illustrate the limits of cryptography as a shield against government. In San Francisco, police arrested a man alleged to be Dread Pirate Roberts (DPR), the operator of online drug market Silk Road. And in Alexandria, Virginia, a court unsealed documents revealing the tussle between the government and secure email…
-
How the Nokia Browser Decrypts SSL Traffic: A "Man in the Client"
Over the past couple of days there has been some press coverage over security researcher Guarang Pandya’s report that the browser on his Nokia phone was sending all of his traffic to Nokia proxy servers, including his HTTPS traffic. The disturbing part of his report was evidence that Nokia is not just proxying, but actually…
-
Understanding the HDCP Master Key Leak
On Monday, somebody posted online an array of numbers which purports to be the secret master key used by HDCP, a video encryption standard used in consumer electronics devices such as DVD players and TVs. I don’t know if the key is genuine, but let’s assume for the sake of discussion that it is. What…
-
Pseudonyms: The Natural State of Online Identity
I’ve been writing recently about the problems that arise when you try to use cryptography to verify who is at the other end of a network connection. The cryptographic math works, but that doesn’t mean you get the identity part right. You might think, from this discussion, that crypto by itself does nothing — that…
-
Transit Card Maker Sues Dutch University to Block Paper
NXP, which makes the Mifare transit cards used in several countries, has sued Radboud University Nijmegen (in the Netherlands), to block publication of a research paper, “A Practical Attack on the MIFARE Classic,” that is scheduled for publication at the ESORICS security conference in October. The new paper reportedly shows fatal security flaws in NXP’s…
-
Why Don't NFL Teams Encrypt Their Signals Better?
Yesterday the National Football League punished the New England Patriots and their coach, Bill Belichick, for videotaping an opposing team’s defensive signals. The signals in question are used by coaches to tell their on-field defensive unit how to line up and which tactics to use for the next play. The coach typically makes hand signals…