CAT | Cryptography
Yesterday Google announced that it was updating its certificates to use 2048 bit public key encryption, replacing the previous 1024 bit RSA keys. I have always found the short keys used by websites somewhat shocking. I recall back in the early 1990’s discussion about whether 1024 bits was good enough for PGP keys. Personally, I […]
The Register has an article on Firefox black listing an SSL Certificate authority. Certificates and certificate authorities are the underpinnings of our secure web infrastructure. When you see the lock on your browser, it means that the session is encrypted and the site has presented a valid site certificate (so it is who it claims […]
Gigaom reports on a major security issue at Nokia, first announced in the “Treasure Hunt” blog. Their Asha and Lumia phones come with something they call the “Xpress Browser”. To improve the browser experience, the web traffic is proxies and cached. That is a fairly common and accepted practice. Where Nokia has stepped into questionable […]
The FBI in conjunction with the Bureau of Justice Assistance and Joint Regional Intelligence Center have produced a number of fliers to help the public identify possible terrorists. While some of the points have merit, it is very likely that this will generate an extremely high proportion of false alerts based on perfectly reasonable and […]
Matt Blaze analyzes why the widespread use of cryptography has had almsost no impact on our practical ability to do wiretaps and gather information under legitimate court orders. Not too technical and absolutely worth a read. Matt Blaze: Wiretapping and Cryptography Today:
3 Comments · Posted by lance in Computer Security, Cryptography, First Amendment, Innovation, Internet, legal, Legislation, National Security, Online Privacy, Personal Privacy, Security Breaches, Surveillance
The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea. The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance and constitutional issues).
1 Comment · Posted by lance in Computer Security, Cryptography, Email Security, Internet, legal, Legislation, National Security, Online Privacy, Personal Privacy, Security Breaches, Stupidity, Surveillance
US Government Proposes to put back door in encrypted communications. Disastrous idea.
In a recent post on Privacy Digest, and an article in the NYTimes, there is a discussion of some major and well known vulnerabilities in the global public key infrastructure (PKI) and some examples of exploitations of that vulnerability. The issue is with the proliferation of certificate authorities on the Internet, and the low level […]
There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications. I have been following this story closely, but wanted to wait until I had all […]
This year the “Computers Freedom and Privacy” (CFP) conference is taking place in San Jose from June 15-18. This year is the 20th anniversary of the conference which helped shape my thinking about Internet Privacy and introduced me to many of the key players in this space. Around the same time in 1992 an email […]