UPDATE: I've added a link to the presentation slides and some other sites providing coverage of this.The following paper was published today at the CCC conference by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger. "We have identified a vulnerability in the...
"The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said. A number of sites host such cipher...
"Executive Summary Skein is a new family of cryptographic hash functions. Its design combines speed, security, simplicity, and a great deal of flexibility in a modular package that is easy to analyze. Skein is fast. Skein-512 -- our primary proposal -- hashes data at 6.1 clock cycles per byte on a...
Stefan Esser has written a great article on attacking php PRNG's. "PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these...
My week at RSA has been fairly interesting. One of the highlights was getting to see an enigma at the NSA booth. Here is a short video I made of the NSA Museum employee explaining how it works.
"The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a...
"TJX’s failure to upgrade its encryption system allowed the electronic eavesdropping beginning in July 2005 and continuing for a year and a half, the report says. At least 45 million credit and debit cards were exposed to potential fraud, according to an Associated Press story" Article Link: http://www.itbusinessedge.com/blogs/hdw/?p=945
Piotr Musial writes "Ccrp was designed to be a highly secure private key encryptor for small files and messages, and uses bit-move logic as the primary means of "scrambling" the plaintext. Ccrp also uses a lookup table instead of a pseudorandom bit generator, and so to obtain good se curity with...
