Welcome to cissp CISSP training Certified Information Systems Security Professional
Search
Nickname Password Security Code Security Code Type Security Code  

You are certified but are your qualified? Become qualified today.

Rated #1 Training

Library of Documents

Forum Postings

CISSP's Blogs

Recommended Podcasts

MISC Menu

Security Books

Surveys

Where do you find the best price for books?

Amazon.Com
Bookpool.Com
The ISC2 webstore
CISSPS.COM
Cheapbooks.com
Ecampus.com
Other (Please leave a comment with name of site)



Results
Polls

Votes: 1314
Comments: 33

Top10 Links

Top10 Downloads

Who's Online

There are currently, 91 guest(s) and 7 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

Training Classes Calendar

Test of Widget

 

cissp CISSP training Certified Information Systems Security Professional: Cryptography

Search on This Topic:   
[ Go to Home | Select a New Topic ]

Researchers demonstrate brilliant quantum hack
Posted by boss on Monday, 04 January 2010 @ 08:47:44 EST (331 reads)
Topic Cryptography

Anonymous writes "

Two researchers have shown how they can eavesdrop unnoticed on a provably secure quantum key distribution. To do so, Qin Liu and Sebastien Sauge did not of course change the laws of quantum physics. Instead, in archetypal hacker fashion, they successfully attacked the weakest point of a real world, and thus imperfect, implementation of a quantum key distribution system.

Quantum key distribution (QKD) is aimed at permitting absolute security in exchanging secret keys. Simplifying somewhat, it is based on sending two quantum mechanically entangled photons, which can be measured as having a value of 0 or 1, to Alice and Bob. Until either Alice or Bob actually determines the state of one of the photon, that state remains indeterminate. The only certainty is that if Alice at some point measures a 1, Bob will also subsequently measure a 1. If a malicious Eve intercepts the photons, she can read the value, but having done so is unable, according to Heisenberg's uncertainty principle, to generate another photon with the same properties, thus allowing Bob to discover the subterfuge.

And this is where many real – and in some cases already commercially available – QKD systems fall down. Their detectors for measuring individual photons are in fact macroscopic systems. Liu and Sauge gave a live demonstration in Berlin, in which they blinded the detector from a typical QKD system using a bright light source so that it no longer responded to individual photons. The researchers could, though, still trigger the detector using intense targeted pulses. Instead of acting as a quantum mechanical measuring device, they turned Bob's detector into a kind of macroscopic switch, which they operated manually to spoof Bob photons with a specific (polarization) value.

The team was able to use this technique to eavesdrop on a real world QKD system which distributed keys over distances of 290 metres via fibre optic cables. Eve was able to successfully insert herself into the optical fibre and eavesdrop the full secret key without either Alice or Bob becoming aware of her subterfuge.

URL of this Article:
http://www.h-online.com/security/news/item/26C3-Researchers-demonstrate-brilliant-quantum-hack-894215.html

Links in this Article:
  [1] http://events.ccc.de/congress/2009/Fahrplan/events/3576.en.html
"

(comments? | Score: 0)


Practical AES attacks get closer
Posted by boss on Monday, 03 August 2009 @ 16:15:27 EDT (951 reads)
Topic Cryptography

cdupuis writes "

NOTE FROM CLEMENT: Another great article by The H Security website at: http://www.h-online.com/

Practical AES attacks get closer

Cryptologists have now developed even more sophisticated attacks on AES encryption systems. According to crypto expert Bruce Schneier, a team consisting of Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir have managed to crack reduced versions of AES-256 in practical length of time. Attacking nine-round AES-256 required 239 time, which is even feasible with an ordinary PC, while ten-round would require 245. The time required for eleven rounds, however, is just above practicality at 270. The attack exploits a vulnerability in the key schedule, a function AES-256 uses to derive sub-keys from the main key.

While the new attacks represent major progress in the cryptanalysis of AES, they are still irrelevant for attacks against real-world AES implementations and this is not only because of the reduced number of rounds (by default, AES-256 uses 14 rounds). Also, the attack is a related-key attack, which means that the attacker must have access to the plaintext of several units of ciphertext encrypted with keys that are related in a specific way. Such scenarios can theoretically only be found, for example, in hard disk encryption and network protocols, where the individual block keys are generated in such a weak way.

That the new methods are completely ineffective, or nearly so, when attacking AES-128, which has the shortest keys, seems at first glance, contradictory. The reason: Long keys provide a bigger target, that is more bits, for the cryptologists to establish mathematical relationships. To maintain the integrity of AES encryption Schneier suggests increasing the number of rounds before the first practical attacks reach reach the number of rounds used by standard AES: from ten to 16 for AES-128, from twelve to 20 for AES-192, and from 14 to 28 for AES-256. However, this considerably slows down the encryption process.

See also:

"

(Read More... | 3 comments | Score: 0)


Encryption with elliptical curves scratched
Posted by boss on Wednesday, 22 July 2009 @ 10:44:07 EDT (916 reads)
Topic Cryptography

cdupuis writes "

Source: lacal.epfl.ch

 

The PlayStation 3 cluster at the École Polytechnique Fédérale in Lausanne has cracked another cryptographic method: 112-bit elliptical curves

PlayStation 3 cluster

Researchers at the École Polytechnique Fédérale (EPFL) in Lausanne, Switzerland, have succeeded in cracking 112-bit encryption based on elliptical curves (ECCp-112). They calculated the secret key associated with a public key by solving the Discrete Logarithm Problem (DLP) for elliptical curves, which displays a complexity of 260 for the numbers involved. The cracked ECC system is a set of parameters defined by the secp112r1PDF standard. That puts it at the lower end of the specifications for ECC encryption systems.

The computation required around half a year on the EPFL cluster, consisting of some 200 PlayStation 3s that had already served to calculate the MD5 collision for creating a fake SSL issuer certificate from RapidSSL. The ECC code designed for the cell processor of the PlayStation 3 was optimised several times during the computation period, and the researchers say that, if the optimised code had been running from the start, the computation would only have taken three and a half months. The previous record was set in 2002, when a distributed cluster consisting of around 10,000 PCs cracked an ECC key within 549 days. At that time, researchers at Notre Dame University cracked an ECCp-109 key, three bits shorter than the new record.

Dr. Arjen Lenstra, who took part in the EPFL project, told heise Security that this result isn't actually a threat to the EC encryption systems used in practice. He said the weakest encryption encountered is based on 160-bit ECC and future developments in encryption standards would in any case have to be based on at least 224-bit ECC. According to the NIST transition proposalPDF, ECCp-160, whose encryption strength is comparable with RSA-1024, must be replaced with a stronger variant after 2010 in order to obtain FIPS certification.

See original article on the fabulous H Security website at:

http://www.h-online.com/security/Encryption-with-elliptical-curves-scratched--/news/113753

"

(Read More... | 4 comments | Score: 0)


Laser cracks 'unbreakable' quantum communications
Posted by boss on Friday, 03 October 2008 @ 14:58:31 EDT (1082 reads)
Topic Cryptography

03 October 20   NewScientist.com news service    David Robson

Quantum cryptography is supposed to be unbreakable. But a flaw in a common type of equipment used makes it possible to intercept messages without detection.

Quantum cryptography has been used by some banks to protect data, and even to hide election results in Switzerland last year. But it has been discovered that shining bright light into the sensitive equipment needed makes it possible to hijack communications without a trace.

"It turns the equipment into a puppet-box that an eavesdropper can control," says Vadim Makarov from the Norwegian University of Science and Technology in Trondheim, who uncovered the vulnerability.

Super secret

Quantum cryptography relies on both users sharing a secret key, each digit of which is encoded into the polarisation of an individual light photon.

"Alice", the sender transmits a stream of photons signalling either 1s or 0s. But for each one she randomly chooses from one of two ways to encode the digit.

Because the receiver, "Bob", doesn't know which system Alice has used he must be able to decode both types and has two pairs of photon detectors – one for each system.

A beam splitter randomly directs each photon received to one of the pairs. If a photon reaches the correct pair it is decoded correctly, if not Bob receives a false result.

Once the transmission is over, Alice uses an unencrypted channel to tell Bob which system she used for each photon. Digits decoded wrongly are discarded to reveal the final secret key used to secure later communications.

In practise, these steps are carried out automatically by a computer system.

An eavesdropper, "Eve", who intercepts the transmission, must emulate Bob's detection method and then pass the data on to him unaltered to fool him everything is normal.

But quantum mechanics makes that impossible. The message will have been changed by Eve's interception to contain errors that reveal her presence when Alice and Bob compare notes later.

Dead giveaway

Now, however, Makarov and colleagues from Sweden and Russia have shown that Eve could control Bob's equipment, so that they both decode exactly the same digits from Alice's transmission.

When Alice later tells Bob which photons he encoded wrong, Eve can learn the key by listening in on the unencrypted message, and there are no extra errors to give her away.

The method exploits the way a common type of photon counter can have its sensitivity reduced by a very bright flash of light. The attack begins when Eve fires a pulse of laser light to all four detectors in Bob's equipment.

After that, Eve can send a second pulse and target it to just one of the four detectors. The pulse is a burst of many single photons all encoded using the same of the two quantum systems, and all carrying the same digit.

Bob's beam splitter initially sends half the photons to each pair of detectors. Photons that reach the detector that is not designed for that encoding system are split again between the two detectors. But not enough power reaches them to exceed the newly raised sensitivity threshold.

The half of the initial pulse that reaches the pair designed for that encoding system are all directed to a single detector – this time with enough intensity to exceed its raised threshold, and it registers a digit.

So by sending on a sequence of encoded photons that are identical to the ones she receives from Alice, Eve can safely intercept a message without leaving the tell-tale quantum errors.

Flash in the pan?

Makarov and colleagues have now uncovered such vulnerabilities in two of the three types of quantum equipment commonly used. They are now investigating ways to solve the flaw without introducing more weaknesses.

Norbert Lütkenhaus from the Institute for Quantum Computing in Waterloo, Canada, acknowledges Makarov's team has discovered a flaw. But he points out that the stronger laser pulses used to prime the detector might be noticed by Bob, giving away the attack.

"I don't think it's a serious flaw," he says. Makarov counters that the initial bright flash would likely be mistaken for noise.

A paper on Makarov's work is available on the arXiv preprint server

Related Articles
Weblinks
See original story at: 

http://www.theglobeandmail.com/servlet/story/RTGAM.20081003.wrskype03/BNStory/Technology/?cid=al_gam_nletter_dtechal

(Read More... | 1 comment | Score: 3.5)


Quantum Key Cryptography Paper by At&T
Posted by boss on Thursday, 28 August 2008 @ 13:34:32 EDT (1073 reads)
Topic Cryptography

cdupuis writes "

NOTE FROM CLEMENT:

Quantum cryptography and more specifically Quantum Key Cryptography or the Quantum Key Distribution Protocol is one of the new subjects covered within the CBK of ISC2.    Here is a nice white paper you can read on the subject.  It is detailed enough for the purpose of the exam.

Executive Summary

Quantum Cryptography is an emerging technology that may offer new forms of security protection. Relying on the laws of quantum mechanics, transmission is carried by a single particle that can only be measured one time, making encryption and decryption difficult to compromise.

Businesses are evaluating architectural solutions using Quantum Cryptography to understand its potential benefits. Future implementations of the technology may soon make it more available for enterprise business.

Click HERE to download Article [PDF, 412KB]

"

(comments? | Score: 0)


Quantum Cryptography Cost are being reduced greatly
Posted by boss on Wednesday, 04 June 2008 @ 01:22:07 EDT (1235 reads)
Topic Cryptography

cdupuis writes "

Two for One: NIST Design Enables More Cost Effective Quantum Key Distribution

schematic drawing

A highly simplified schematic of a recipient's detectors in a quantum cryptography setup. Conventional cryptography setups (left) require at least two detectors, and the most common setup, known as BB84, requires four. By adding an optical component that delays the travel of photons to the detector, the number of required detectors is cut in half.

Credit: NIST

Researchers at the National Institute of Standards and Technology (NIST) have demonstrated a simpler and potentially lower-cost method for distributing strings of digits, or “keys,” for use in quantum cryptography, the most secure method of transmitting data. The new “quantum key distribution” (QKD) method, outlined in an upcoming paper,* minimizes the required number of detectors, by far the most costly components in quantum cryptography. Although this minimum-detector arrangement cuts transmission rates by half, the NIST system still works at broadband speeds, allowing, for example, real-time quantum encryption and decryption of webcam-quality video streams over an experimental quantum network.

In quantum cryptography, a recipient (named Bob) needs to measure a sequence of photons, or particles of light that are transmitted by a sender (named Alice). These photons have information encoded in their polarization, or direction of their electric field. In the most common polarization-based protocol, known as BB84, Bob uses four single-photon detectors, costing approximately $5,000-$20,000 each. One pair of detectors records photons with horizontal and vertical polarization, which could indicate 0 and 1 respectively. The other pair detects photons with “diagonal”, or +/- 45 degree, polarization in which the “northeast” and “northwest” directions alternatively denote 0 and 1.

In the new method, the researchers, led by NIST’s Xiao Tang, designed an optical component to make the diagonally polarized photons rotate by a further 45 degrees and arrive at the same detector but later, and into a separate “time bin”, than the horizontal/vertical polarized ones. Therefore, one pair of detectors can be used to record information from both kinds of polarized photons in succession, reducing the required number of detectors from four to two. In another protocol, called B92, the researchers reduced the required number of detectors from two to one. And in work performed since their new paper, the researchers further developed their approach so that the popular BB84 method now only requires one detector instead of four.

Although in theory quantum cryptography can transmit absolutely secure keys guaranteed by fundamental physical principles (measuring them will disturb their values and make an eavesdropper instantly known), the imperfect properties of photon detectors may undermine system security in practice. For example, photon detectors have an intrinsic problem known as “dead time,” in which a detector is out of commission for a short time after it records a photon, causing it to miss the bit of data that immediately follows; this could result in non-random (and therefore more predictable) bit patterns in which 0s alternate with 1s. Furthermore, inevitable performance differences between detector pairs can also cause them to record less random sequences of digits. The new design avoids these issues and maintains the security of quantum-key-distribution systems in practical applications.

* L. Ma, T. Chang, A. Mink, O. Slattery, B. Hershman and X. Tang. Experimental demonstration of a detection-time-bin-shift polarization encoding quantum key distribution system. IEEE Communications Letters Vol. 12, No. 6, June 2008. In press.

Media Contact: Ben Stein, bstein@nist.gov, (301) 975-3097

http://www.nist.gov/public_affairs/techbeat/tb2008_0528.htm#qkd

"

(comments? | Score: 0)


Federal Government to deploy Full Disk Encryption on all government owned system
Posted by boss on Thursday, 28 December 2006 @ 20:23:21 EST (2435 reads)
Topic Cryptography

Anonymous writes "

By Saqib Ali


December 28,2006

 

To address the issue of data leaks from stolen or missing laptops, US Government is planning to use Full Disk Encryption (FDE) on all of the Government owned computers. On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The US Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The selected product will be deployed on Millions of computers in the US federal government space. The evaluation will come to a end in 90 days.

The list of vendors partipicating in this contest, requirements, and other related documents are available at:
http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html

Some of the popular FDE vendors participating in the Contest include Seagate, Mobile Armor, Pointsec, SafeNet, and Credant

As with any other encryption product being used by Federal Government, the selected FDE product must have FIP 140-2 certification. Currently Pointsec and Utimaco hold this certification for the software based FDE solutions.

Full disk encryption (or whole disk encryption) is a kind of disk encryption (software or hardware) which encrypts every bit of data that goes on a disk. The term "full disk encryption" is often used to signify that everything on a disk including the operating system is encrypted. There are also programs capable of encrypting an entire disk fully but cannot directly encrypt the system partition or boot partition of the operating system (e.g. TrueCrypt, which can fully encrypt, for example, an entire secondary hard disk).

Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption:

1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data.
2. With full disk encryption, the decision of which files to encrypt is not left up to users.
3. Support for pre-boot authentication.

In the light of recent laptops theft and data security breaches, large corporations and government institutions are looking at various Full Disc Encryption (FDE) solution to protect their confidential data on mobile devices. If you would like to discuss more about FDE deployment and FDE solution in general please join the FDE Mailing List

Original article at: http://www.full-disk-encryption.net/fde_govt.html
"

(comments? | Score: 0)


Great Crypto Tutorials available online for free
Posted by boss on Wednesday, 07 June 2006 @ 15:11:07 EDT (2360 reads)
Topic Cryptography

University of Washington is offering free courses and resources online.

Find Presentations, videos (mp3, WMV), homework, quizzes etc.

http://www.cs.washington.edu/education/courses/csep590/06wi/

http://www.cs.washington.edu/education/courses/csep590/06wi/lectures/

(Read More... | 7 comments | Score: 0)


Great presentation on Cryptography available for download
Posted by boss on Tuesday, 02 May 2006 @ 10:55:08 EDT (1763 reads)
Topic Cryptography

Good day to all,

I would like to bring to your attention a nice tutorial on the subject of Cryptography that has just been added to the www.cccure.org web site.

This tutorial was produced by Robert Beggs, it is a great document.

Thanks Robert for allowing me to report on http://www.cccure.org

You can get the document at:

http://www.cccure.org/modules.php?name=Downloads&d_op=getit&lid=262

(Read More... | 2 comments | Score: 0)


MindTerm SSH
Posted by boss on Tuesday, 02 May 2006 @ 09:45:16 EDT (1738 reads)
Topic Cryptography

jdupuis writes "

MindTerm

Appgate’s MindTerm SSH application runs either as a standalone application or as a java applet. This application is known to work with Windows 95, 98, ME, NT, XP, 2000, Linux, Solaris Sparc and x86, HP-UX, Nokia Communicator, Psion Netpad and many other hand held devices.

MindTerm features include SSH1 & SSH2, TCP traffic tunnelling, X11 forwarding, full feature terminal emulator, terminal cloning, SOCKS & FTP proxy, SFTP, SCP and a variety of ciphers such as AES(128, 192, 256), blowfish and cast128 as well as hmac-md5, hmac-sha1, hmac-md5-96 and hmac-sha1-96 hashes.

Appgate’s MindTerm SSH is offered for personal or limited commercial use or as a fully licensed commercial product which provides added features to the ones mentioned above. For the LINUX enthusiasts who want to get MindTerm to work as a java applet on their web server, an index.html file is required with the parameters provided from the Appgate manual which can be downloaded at the following URL http://www.appgate.com/products/80_MindTerm/110_MindTerm_Download/ and many other features are also available for configuration. To provide the SFTP and SCP features of MindTerm, a signed java applet is needed for direct access to the hard drive, below is simple instructions to accomplish this task.

To get started simply download MindTerm from the above link to your Linux web server in the DocumentRoot path to allow for web access. In order to sign the MindTerm java applet install Sun’s j2sdk package and run the following commands.

1. keytool -genkey -keyalg rsa -alias MyCert -validity 3650

2. jarsigner mindterm.jar MyCert

3. copy HTML and signed JAR file to the server’s DocumentRoot path /var/www/html and chmod 644

Once the above has been performed you have full SSH web base client with tunnelling, SFTP and many other access capabilities to your site or home office. This java application has been developed with security in mind with the many ciphers, hashes and configuration features that are available. The convenience of the web base client and port forwarding provides IT professionals with secure communication with the internal LAN without the inconvenience of carrying around the required software for remote access.

"

(comments? | Score: 0)


NSA advises switch to faster, lighter crypto
Posted by boss on Monday, 12 December 2005 @ 08:16:20 EST (1491 reads)
Topic Cryptography

cdupuis writes "
BY Florence Olsen
Published on Dec. 9, 2005

More Related Links

The National Security Agency wants federal agencies to consider using a group of algorithms it refers to as Suite B to satisfy future cryptographic requirements. Suite B contains NSA-approved cryptographic algorithms of various key sizes to protect classified and unclassified but sensitive information. NSA has posted a notice about Suite B on its Web site.

With little fanfare, the federal government has been conducting a cryptographic modernization program for the past several years. Suite B is part of that modernization effort.

Agencies preparing to issue mandatory federal identity cards containing cryptographic software should be aware of Suite B, even though the Federal Information Processing Standard (FIPS) 201 for identity cards makes no specific reference to it, said Brendan Ziolo, marketing director at Certicom. The company’s elliptic curve cryptographic (ECC) algorithms are included in Suite B.

FIPS 201 allows agencies to choose ECC or Rivest-Shamir-Aldeman (RSA) algorithms for digital signatures and cryptographic key exchanges. The standard is not yet completely aligned with NSA’s guidance on Suite B, Ziolo said. But if agencies want to simplify their transition to Suite B, he added, they should ask identity card suppliers about including ECC algorithms on the cards that agencies must begin issuing next year under Homeland Security Presidential Directive 12.

ECC offers greater security and more efficient performance than RSA and other widely used first-generation public key algorithms, according to NSA’s notice. “As vendors look to upgrade their systems, they should seriously consider the elliptic curve alternative[s] for the computational and bandwidth advantages they offer at comparable security,” the notice states.

Agencies and their suppliers might consider building FIPS 201-compliant identity cards with both RSA and ECC algorithms or, at least, they should have an ECC transition plan, Ziolo said.

For the federal identity card program, agencies have to buy more than smart cards. They must also acquire card readers and have access to a public-key infrastructure (PKI). “Card readers need to catch up so they can support ECC,” Ziolo said. “The PKI backend will need to support ECC as well,” he said.

In October 2003, NSA licensed 26 ECC patents from Certicom for $25 million. Because ECC offers small key sizes, it is suited for small devices, such as smart cards, for which speedy cryptography is also desirable, Ziolo said.

Original article at:
http://www.fcw.com/article91669-12-09-05-Web&newsletter%3Dyes


"

(comments? | Score: 0)


TrueCrypt Encryption Tool
Posted by boss on Thursday, 10 November 2005 @ 09:25:56 EST (1619 reads)
Topic Cryptography

Anonymous writes "T r u e C r y p t

Free open-source disk encryption software for Windows XP/2000/2003 and Linux

It can create a virtual encrypted disk within a file and mount it as a real disk.

It can encrypt an entire hard disk partition or a device, such as USB memory stick, floppy disk, etc.

TrueCrypt provides two levels of plausible deniability, in case an adversary forces you to reveal the password:

1) Through the use of Hidden Volumes. More information may be found at http://www.truecrypt.org/hiddenvolume.php

2) No TrueCrypt volume can be identified (TrueCrypt volumes cannot be distinguished from random data).

Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent (256-bit key), Triple DES, and Twofish (256-bit key). Supports cascading (e.g., AES-Twofish-Serpent).

This tool is based on Encryption for the Masses (E4M) 2.02a, which was conceived in 1997.

Further information regarding the features of the software may be found in the documentation located at: http://www.truecrypt.org/documentation.php

Find out what is new in TrueCrypt 4.0 at: http://www.truecrypt.org/history.php

Statistics (number of downloads) available at: http://www.truecrypt.org/statistics.php

"

(Read More... | 4 comments | Score: 0)


Cryptool A great tool to learn more about cryptography
Posted by boss on Thursday, 22 September 2005 @ 00:24:23 EDT (1548 reads)
Topic Cryptography

Hi Clement

I found a very good tool to learn Cryptography and Cryptanalysis. It is called Cryptool. Nice for novice or expert, especially good for learning / teaching crypt.

http://www.cryptool.org/

CrypTool

A free software program
 for creating awareness of IT security issues
 for learning about and obtaining experience of cryptography
 for demonstrating encryption algorithms and analysis procedures

1. What is CrypTool?

 a freeware Program with graphical user interface
 a tool for applying and analysing cryptographic algorithms
 with extensive online help, understandable without deep crypto knowledge
 contains nearly all state of the art crypto algorithms
 “playful” introduction to modern and classical cryptography
 not a “hacker tool”

2. Why CrypTool?

 origin in Deutsche Bank’s IT security awareness program
 developed in co-operation with universities
 improve IT security related courses in universities and companies
3. Audience
 target group: students of computer science, commercial IT and mathematics
 also aimed at: interested computer users and application developers
 prerequisites: secondary school mathematics or programming skills

Submitted by
Jaganmohan Kataru
CISSP, MCSE

(Read More... | 2 comments | Score: 0)


CryptoGram Newsletter
Posted by boss on Thursday, 15 September 2005 @ 12:27:37 EDT (1304 reads)
Topic Cryptography

September 15, 2005

by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
<http://www.schneier.com>
<http://www.counterpane.com
free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>.


You can read this issue on the web at <http://www.schneier.com/crypto-gram-0509.html>. These same essays appear in the "Schneier on Security" blog: <http://www.schneier.com/blog>. An RSS feed is available.



(comments? | Score: 0)


SHA-1 compromised further
Posted by cdupuis on Sunday, 21 August 2005 @ 11:53:10 EDT (1531 reads)
Topic Cryptography

Original URL: http://www.theregister.co.uk/2005/08/19/sha-1_attack/

By John Leyden (john.leyden at theregister.co.uk)
Published Friday 19th August 2005 15:22?GMT

Crypto researchers have discovered a new, much faster, attack against the widely-used SHA-1 hashing algorithm. Xiaoyun Wang, one of the team of Chinese cryptographers that demonstrated earlier attacks against SHA-0 and SHA-1, along with Andrew Yao and Frances Yao, have discovered a way to produce a collision in SHA-1 over just 263 hash operations compared to 269 hash operations previously. A brute force attack should take 280 operations.

One-way hashing is used in many applications such as creating checksums used to validate files, creating digital certificates, authentication schemes and in VPN security hardware. Collisions occur when two different inputs produce the same output hash. In theory this might be used to forge digital certificates but it shouldn't be possible to find collisions except by blind chance. Wang and her team have discovered an algorithm for finding collisions much faster than brute force. The researchers released a paper (PDF) on their finding at the Crypto 2005 conference in Santa Barbara, California earlier this week.

(comments? | Score: 0)

Login here

Nickname

Password

Security Code:
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Our Sponsors

Recommended

CCCure Partners

USA

Security University

Security University

MIDDLE EAST

Dubai, Qatar, Kuwait, Oman

THE OISSG GROUP
The OISSG serving the Middle East security needs

EUROPEAN UNION

Dublin, Ireland
ESPION

Best security training you can get in Ireland

AFRICA

Yaounde-Cameroun
GetSec

The best training one can get in Cameroon

Lagos, Nigeria
Digital Encode

The best security training in Lagos and Nigeria

Most Active Members

· 1: side_winder
Total points: 11916
· 2: Lopezco
Total points: 8506
· 3: cissp_newbie
Total points: 7593
· 4: cdupuis
Total points: 6442
· 5: mikeyoung_fla
Total points: 5440
· 6: Vladimir
Total points: 4611
· 7: MMM
Total points: 2969
· 8: damoose
Total points: 2275
· 9: educk
Total points: 2171
· 10: vijayu
Total points: 1931

Today's Big Story

There isn't a Biggest Story for Today, yet.

Random Headlines

Past Articles

Friday, June 10
· MD5 hashing algorithm weakenesses
Saturday, June 04
· NIST announce Withdrawal of DES
Thursday, March 10
· Is SHA-1 dead? Read to find out below...
Monday, March 07
· Secure hash functions: Whither in 2005?
Thursday, February 24
· Crypto Quiz from Information Security Magazine
Sunday, March 09
· Non-repudiation
Wednesday, July 03
· Press Release
Wednesday, June 12
· Preventing PDF printing from browser
Thursday, May 30
· One-Time Pad - Key Transfer
Monday, October 15
· Excellent Cryptography lectures
Friday, April 13
· A new cryptography download area

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2007 by CCCure.Org, and the site maintainers Clement Dupuis and Nathalie Lambert. Reuse is strictly prohibited without written permission of CCCure.Org or it's maintainers.

This web site is not associated directly or indirectly with ISC2, the SANS Institute, ISACA, or other certification authority. The GCFW, CISSP, SSCP, ISSEP, ISSMP, CISA, and CISM are all the property of their respecful owners. The content of this site is provided to you freely due to the generosity of our sponsors.


  • Career
  • Magazines
  • Conferences
  • Study Books
  • Certifications
  • Training
  • Tutorials
  • Quizzes
  • Forums

    • Page Generation: 0.81 Seconds