NSA To Ensure Quantum Computers Can’t Break Encryption?

1000-Qubit-ChipThe NSA is worried about quantum computers. It warns that it “must act now” to ensure that encryption systems can’t be broken wide open by the new super-fast hardware.  In a document outlining common concerns about the effects that quantum computing may have on national security and encryption of sensitive data, the NSA warns

 “public-key algorithms… are all vulnerable to attack by a sufficiently large quantum computer.”

Quantum computers can, theoretically, be so much faster because they take advantage of a quirk in quantum mechanics. While classical computers use bits in 0 or 1, quantum computers use “qubits” that can exist in 0, 1 or a superposition of the two. In turn, that allows it to work through possible solutions more quickly meaning they could crack encryption that normal computers can’t.

It’s unclear if any public encryption algorithms are quantum computer-proof. In the document, the NSA explains that “while a number of interesting quantum resistant public key algorithms have been proposed… nothing has been standardized… and NSA is not specifying any commercial quantum resistant standards at this time.”  Instead, it suggests that companies and government departments concerned about the threat of quantum computing use one of a number of algorithms that don’t use a public key to encrypt data where possible.  By the way, OTPSME is not a public-key encryption system.

SOURCE – Gizmodo.com

Harvard Report Debunks Government’s ‘Going Dark’ Encryption Claim…

Federal investigative agencies like the FBI have long argued that encryption and other new technologies severely hamper their ability to spy on terrorists and other criminals, putting our safety at risk. A new report from Harvard debunks that “going dark” claim, concluding that the rise of network-connected devices will lead to more, not fewer, opportunities for surveillance.  Harvard’s Berkman Center for Internet & Society convened a group of security and policy experts to explore questions of surveillance and encryption at a time when major tech companies like Apple and Google are encrypting their phones and other products by default. The 37-page report, released Monday, concludes that the feds’ “going dark” argument falls flat on its face.

FBI Director James Comey, in an October 2014 speech, argued that the law hasn’t kept pace with technologies, like encryption, that have become “the tool of choice for some very dangerous people.”  What it means is this: Those charged with protecting our people aren’t always able to access the evidence we need to prosecute crime and prevent terrorism even with lawful authority,” Comey said. “We have the legal authority to intercept and access communications and information pursuant to court order, but we often lack the technical ability to do so.”

SOURCE – NBCNews.com

A New Largest Known Prime Number has been Discovered…

 

gimps

If you didn’t hate Math already…  A university computer in Missouri has found the new largest prime number. It is made up of 22,338,618 digits, nearly 5 million more than the previous record. The figure was identified after 31 days of non-stop computing on a machine used by Curtis Cooper, a professor of computer science at the University of Central Missouri, who has now detected four of these record-breaking primes. The new prime number, also known as M74207281, is calculated by multiplying together 74,207,281 twos then subtracting one. It is almost 5 million digits larger than the previous record prime number, in a special class of extremely rare prime numbers known as Mersenne primes. It is only the 49th known Mersenne prime ever discovered, each increasingly difficult to find. Mersenne primes were named for the French monk Marin Mersenne, who studied these numbers more than 350 years ago. GIMPS, founded in 1996, has discovered all 15 of the largest known Mersenne primes. Volunteers can download a free program to search for these primes with a cash award offered to anyone lucky enough to compute a new prime.  Full Disclosure – The VooDoo is a GIMPS contributor.

SOURCE – Time.com / Mersenne.org

Tor Project working to fix weakness that can unmask anonymous users

tor_nsaDevelopers of Tor software believe they’ve identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.

The Black Hat organizers recently announced that a talk entitled “You Don’t Have to be the NSA to Break Tor: Deanonymizing Users on a Budget” by researchers Alexander Volynkin and Michael McCord from Carnegie Mellon University’s Computer Emergency Response Team (CERT) was canceled at the request of the legal counsel of the university’s Software Engineering Institute because it had not been approved for public release.

“In our analysis, we’ve discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” the CERT researchers had written in the abstract of their presentation. “The total investment cost? Just under $3,000.”

In a message sent Monday to the Tor public mailing list, Tor project leader Roger Dingledine said that his organization did not ask Black Hat or CERT to cancel the talk. Tor’s developers had been shown some materials about the research in an informal manner, but they never received details about the actual content of the planned presentation, he said. The presentation was supposed to include “real-world de-anonymization case studies.”

Despite the lack of details, Dingledine believes that he has figured out the issue found by CERT and how to fix it. “We’ve been trying to find delicate ways to explain that we think we know what they did, but also it sure would have been smoother if they’d opted to tell us everything,” he said in a subsequent message on the mailing list.

Dingledine suggested that the issue affects Tor relays, the Tor network nodes that route user connections in a way that’s meant to hide the traffic’s origin and destination from potential network eavesdroppers.

“Based on our current plans, we’ll be putting out a fix that relays can apply that should close the particular bug they found,” he said. “The bug is a nice bug, but it isn’t the end of the world. And of course these things are never as simple as ‘close that one bug and you’re 100% safe’.”

Tor — originally called The Onion Router — started out as a project of the U.S. Naval Research Laboratory, but is now developed and maintained by a nonprofit organization called The Tor Project. The software allows users to access resources on the Internet without revealing their real IP (Internet Protocol) addresses, a feature appreciated by privacy-conscious users as well as criminals.

According to media reports last year based on documents leaked by former U.S. National Security Agency contractor Edward Snowden, both the NSA and the U.K.’s Government Communications Headquarters targeted Tor and had some success in de-anonymizing limited numbers of users.

SOURCE – ComputerWorld.com

Heartbleed? What the hell is that?

Heartbleed_svgHeartbleed is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of the host computer, allowing them to retrieve potentially privacy-sensitive data.  Based on examinations of audit logs by researchers, it has been reported that some attackers may have exploited the flaw for at least five months before discovery and announcement.  It also appears that the NSA knew about this flaw for at least 2 years and did nothing.  Nothing except further infringe on your privacy rights.  The author of the bug, Robin Seggelmann, stated that he “missed validating a variable containing a length” and denied any intention to submit a flawed implementation.  Friends, maybe this guy is an NSA contractor…  Check this out:

  • Ads