Free Republic

An international team of mathematicians announced in May that they had factored a 307-digit number—a record for the largest factored number and a feat that suggests Internet security may be on its last legs. “Things are becoming less and less secure,” says Arjen Lenstra, a computer scientist at the École Polytechnique Fédérale (EPFL) in Switzerland, who organized the effort. Messages in cyberspace are encrypted with a random 1,024-bit number generated by multiplying two large primes together. But if hackers using factorization can break the number into its prime multipliers, they can intercept the message. Factorization currently takes too long to...

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency. Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper...

Canadian encryption vendor Certicom yesterday filed a wide-ranging lawsuit against Sony, claiming that many of the products offered by the electronics giant infringe on two Certicom patents. This might sound like business as usual until you realize what's being targeted: AACS and (by extension) the PlayStation 3. Certicom has done extensive work in elliptic curve cryptography (ECC), and the patents in question build on this work. The patents have already been licensed by groups like the US National Security Agency, which paid $25 million back in 2003 for the right to use 26 Certicom patents, including the two in the...

Excerpt - The folks at Digg.com have let the social news genie out of the bottle, and now they can't control it. Since the HD-DVD encryption code was discovered and published, readers at Digg have been repeatedly submitting stories with the 16 digit hex code in the titles and bodies. Just as quickly as these posts crawl up the Digg charts, admins seem to be deleting them. Just search Google for 09 F9 and you'll find the key. Will AACS send a Cease and Desist to InfoWorld because I posted the text "09 F9"? If so, we might as well...

TAIPEI—Within four years, the U.S. government will cease to use SHA-1 (Secure Hash Algorithm) for digital signatures, and convert to a new and more advanced "hash" algorithm, according to the article "Security Cracked!" from New Scientist . The reason for this change is that associate professor Wang Xiaoyun of Beijing's Tsinghua University and Shandong University of Technology, and her associates, have already cracked SHA-1. Wang also cracked MD5 (Message Digest 5), the hash algorithm most commonly used before SHA-1 became popular. Previous attacks on MD5 required over a million years of supercomputer time, but Wang and her research team obtained...

"Second Life," the fast-growing online site where hundreds of thousands of people play out fantasy lives online, has suffered a computer security breach that exposed the real-world personal data of its users. Linden Lab, the San Francisco-based company behind the "Second Life" site, said in a letter to its 650,000 users this weekend that its customer database, including names, addresses, passwords and some credit card data, had been compromised. All users--or residents in "Second Life" parlance--are being required to request a new password. Some 286,000 residents have used the site in the past 60 days, according to a count on...

Two Atlanta-area men met with Islamic extremists in Toronto, where they discussed "strategic locations in the United States suitable for a terrorist strike," according to an FBI affidavit made public Friday. Syed Haris Ahmed and Ehsanul Islam Sadequee -- U.S. citizens from the Atlanta area -- met with at least three other targets of FBI terrorism investigations during a trip to Toronto last month, according to the affidavit. The affidavit said the men discussed attacks against oil refineries and military bases. They also planned to travel to Pakistan for military training at a terrorist camp, which authorities said the 21-year-old...

INTELLIGENCE OPERATIONS: Phone Taps Just Got Impossible April 12, 2006: Eavesdropping on phone calls just got a lot harder. Phil Zimmermann, the guy who invented PGP encryption for Internet mail, has developed a similar product, Zfone, for VOIP (telephone calls over the Internet). Zfone, like PGP, is free and easy to use. PGP drove intelligence agencies nuts, because it gave criminals and terrorists access to industrial grade cryptography. PGP doesn't stop the police or intel people from reading encrypted email, but it does slow them down. Zfone, however, uses stronger encryption. This means more delays, perhaps fatal delays, in finding...

BEIJING (AP) - The world industrial-standards association has rejected China's controversial wireless encryption standard for global use, news reports said Monday, dealing a blow to Beijing's effort to promote its own standards for computers and telecoms. China is promoting its WAPI system in a campaign to reduce reliance on foreign technology and give its companies a competitive edge. Members of the International Organization for Standardization rejected WAPI in favor of an American standard known as 802.11i in balloting that ended March 8, the U.S.-based electronics industry newspaper EE Times and the Chinese government's Xinhua News Agency said. But Chinese officials...

UK officials are talking to Microsoft over fears the new version of Windows could make it harder for police to read suspects' computer files. Windows Vista is due to be rolled out later this year. Cambridge academic Ross Anderson told MPs it would mean more computer files being encrypted. He urged the government to look at establishing "back door" ways of getting around encryptions. The Home Office later told the BBC News website it is in talks with Microsoft....

New 'spy' cell phone costs $2,500 06/11/2005 13:59 Russian Federal Security Service (FSB) has unveiled a cell phone at the International Show of Military Equipment, Technologies, and Arms VTTV-Omsk-2005 held in the city of Omsk. The special cell phone SPM-Atlas (M-539) was developed by Atlas Research and Development Center under the FSB. It is designed for scrambling voice data transmission. According to a representative of the FSB, the phone is already on sale in Moscow cell phone stores, its retail price is $2,500, Newsru.com reports. Western data encoding algorithms used to ensure the safety of cell phone conversations have not...

A Minnesota appeals court has ruled that the presence of encryption software on a computer may be viewed as evidence of criminal intent. Ari David Levie, who was convicted of photographing a nude 9-year-old girl, argued on appeal that the PGP encryption utility on his computer was irrelevant and should not have been admitted as evidence during his trial. PGP stands for Pretty Good Privacy and is sold by PGP Inc. of Palo Alto, Calif. But the Minnesota appeals court ruled 3-0 that the trial judge was correct to let that information be used when handing down a guilty verdict....

Internet security takes a hit Report says computer-code experts concerned after flaw discovered in popular encryption technique. NEW YORK (CNN/Money) - The discovery of a crack in a commonly used Internet encryption technique raised concerns among government agencies and computer-code experts, according to a report by The Wall Street Journal. "Our heads have been spun around," Jon Callas, chief technology officer at encryption supplier PGP Corp., told the newspaper. The technique, called a "hash function," has been commonly used by Web site operators to scramble online transmissions containing credit-card information, Social Security numbers and other personal information. Hash functions were...

Microsoft RC4 Flaw One of the most important rules of stream ciphers is to never use the same keystream to encrypt two different documents. If someone does, you can break the encryption by XORing the two ciphertext streams together. The keystream drops out, and you end up with plaintext XORed with plaintext -- and you can easily recover the two plaintexts using letter frequency analysis and other basic techniques. It's an amateur crypto mistake. The easy way to prevent this attack is to use a unique initialization vector (IV) in addition to the key whenever you encrypt a document. Microsoft...

"The Electronic Frontier Foundation (EFF) just announced that it has become a financial sponsor of Tor, an open-source project to help people 'engage in anonymous communication online.' It sounds like a simpler version of Freenet, e.g. 'a network-within-a-network that protects communication from ... traffic analysis.' Like Freenet, the source-code is freely available and binaries exist for Windows, Linux, etc." Read on for more details.The submitter continues "It also allows you to install Tor-aware apps, such as an HTTP proxy (for private browsing), or maybe private P2P? Unlike Freenet, it doesn't use massive encryption (as far as I can tell) and...

RFID Passports Since the terrorist attacks of 2001, the Bush administration--specifically, the Department of Homeland Security--has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status. These future passports, currently being tested, will include an embedded computer chip. This chip will allow the passport to contain much more information than a simple machine-readable character font, and will allow passport officials to quickly and easily read that information. That is...

Be advised. This will show you some nefarious things that can happen to your system. You're all reading this online so, yes, it affects you. Please read, then act accordingly. Click here. This is not a joke. You'll now be returned to your regular programming. A.K.A. Sleepy Brown

'This goes no further...'By Brian Wheeler BBC News Online Magazine Following revelations about bugging at the United Nations, is there any way of ensuring that your private conversations stay that way? News that Kofi Annan and other senior UN figures may have been routinely bugged by US or British security services has caused a huge political row around the world. But it will also have caused alarm among other people in the public eye who deal with sensitive information - or anyone, indeed, who values their privacy. If the secretary general of the United Nations cannot prevent his private conversations...

Intel's CTO to meet Chinese government over WAPI Pat Gelsinger to discuss concerns over China's national WLAN security standard By Martyn Williams, IDG News Service March 04, 2004 Pat Gelsinger, chief technology officer of Intel Corp., is to meet with Chinese government officials during the next few days to discuss Intel's concerns over China's national wireless LAN (WLAN) security standard and an impending June 1 deadline for compliance with the standard. The Standardization Administration of China (SAC) announced the development of a national WLAN standard in May 2003 and is demanding that all WLAN products sold in the country from...

Electronic Frontier Foundation Media Advisory DVD Descrambling Code Not a Trade Secret DVD CCA Surrenders in Bunner DVD Descrambling Case For Immediate Release: Thursday, January 22, 2004 San Jose, California - In a surprising retreat today, the consortium of entertainment and technology companies known as DVD CCA is seeking dismissal of a lawsuit against Andrew Bunner, a republisher of a computer program created to allow movie lovers to play their DVDs on computers running the Linux operating system. DVD CCA effectively gave up a multi-year effort to have the republication of the program, called DeCSS, declared a violation of trade...