Julian Assange being arrested recently brought back memories of how he leaked Edward Snowden’s memos around the possible existence of an NSA-sourced cryptographic backdoor — the Dual EC standard (Dual_EC_DRBG). So let’s dive into the method and the trap door, and see the “magic” behind it.
With Elliptic Curve methods…
Before 1976, we struggled to quickly and effectively test if a number was a prime number. Up to that point, we used Euler and Solovay-Strassen tests, and which struggled to effectively find some prime numbers. For example, both Euler and Solovay-Strassen often identify Carmichael numbers as prime numbers [here]. …
Prime numbers are at the core of your online security. Without them, an intruder could listen to your secret communications, or pretend to be a server that you connect to. They are at the core of our key exchange (with ECDH) and in digital signatures (such as ECDSA). And so…
As an active researcher, I spend a few hours each week reading research papers. In fact each week, I select a new paper that is creating some impact, and I also pick a classic paper. My latest classic paper is from 1910, and written Robert D Carmichael [here][1]:
Cybersecurity, Cloud, Machine Learning, Data Science, Automation, IoT … you name it, Python does it!
Preface
I set a cryptography lab that used Python this week, and I observed that each student was implementing and running the coding in their own way. Some used Repl.it, while others dropped to the command line console in Kali, and others ran their code using Anaconda. Not one student had…
Yesterday was Global Encryption Day. But it shouldn’t just be about the present, but also planning towards a more secure future. So one of the most fundamental questions in cybersecurity is how we will replace our existing public key methods with something that cannot be cracked by quantum computers. We…
Yesterday was Global Encryption Day, so let’s look to the future, and one vision of the future is to encrypt all of our data — by default. Why can’t we have a Cloud environment where the original data is never actually revealed unless we really need to show it. …
Although we hardly ever use our wet signature, the methods we used with these are still around. We thus live in a fake digital signature world, and where your DocuSign signature looks more like the signature of Donald Trump than your own one. And when we look at signatures, what…
SSL/TLS is a poor security protocol, and where the secure tunnel can often be broken with a proxy/smart firewall. Those working in a secure environment should thus not rely on SSL/TLS to provide a secure environment. …
A symmetric key block cipher, such as AES and DES, uses a defined block size -and which stores a given number of bytes. These blocks are typically either 64-bits (8 bytes) or 128 bits (16 bytes). As we cannot fill all of the blocks, we must pad the last block…
