May. 9, 2018
Introducing WebAuthn This cryptographic proof makes U2F security keys a very strong form of two-step verification, but adoption of U2F has been limited by browser and hardware support. We hope WebAuthn will change that.
It’s a new way to interact with security keys and other “authenticators” that standardizes and builds on key parts of U2F, the result of a collaboration between the W3C and FIDO Alliance. While for years only Chrome supported U2F, browser vendors have committed to bringing WebAuthn to Chrome, Firefox, and Edge. More and more devices will have WebAuthn support built in, bringing stronger security to the many users who don’t own special security keys.
May. 8, 2018
In the debate over law enforcement access to encrypted devices, technical details matter. The rhetoric has been stark and, dismayingly often, divorced from technical reality. For example, two years ago we were told that only Apple could write software to open the phone of the San Bernardino terrorist; the technical reality turned out to be that an FBI contractor was able to do so.
Apr. 26, 2018
A source at an International Organization for Standardization (ISO) meeting of expert delegations in Wuhan, China, told WikiTribune that the U.S. delegation, including NSA officials, refused to provide the standard level of technical information to proceed.
Source: wikitribune.com
Apr. 12, 2018
The RSA cryptosystem has had its fair share of attacks over the years, but among the most impressive, you can find the infamous Bleichenbacher attack [Ble98], which doomed PKCS v1.5 in 1998. Nineteen years later, the ROBOT attack proved that the Bleichenbacher attack was still a concern today. Now, what alternatives to RSA PKCS v1.5 do we have?
Well, itssuccessor, RSA OAEP also known as RSA PKCS v2.1 is obviously a good candidate.
Apr. 12, 2018
In 2016, my colleague, Matt Braithwaite, ran an experiment in Google Chrome which integrated a post-quantum key-agreement primitive (NewHope) with a standard, elliptic-curve one (X25519). Since that time, the submissions for the 1st round of NIST’s post-quantum process have arrived. We thus wanted to consider which of the submissions, representing the new state of the art, would be most suitable for future work on post-quantum confidentiality in TLS.
Mar. 28, 2018
Early 17th- and 18th-century mathematicians and cryptologists such as John Wilkins and Philip Thicknesse argued that music cryptography was one of the most inscrutable ways of transporting secret messages. They claimed that music was perfect camouflage, because spies would never suspect music. When played, the music would sound so much like any other composition that musically trained listeners would be easily fooled, too.