Saturday, 16 April, 2011
Something fun about cryptography. Enjoy.
Back in 1998, I wrote:
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.
In 2004, Cory Doctorow called this Schneier’s law:
…what I think of as Schneier’s Law: “any person can invent a security system so clever that she or he can’t think of how to break it.” Read the rest of this entry »
Saturday, 9 October, 2010
On the surface, it seems nice that RIM averts BlackBerry ban in UAE. For those who actually knows more about security like Bruce Schneier, here he talked about the possible price RIM might have paid in detriment to RIM users’ secure communications. Have a read of this telling excerpt,
“Am I missing something here? RIM isn’t providing a file storage service, where user-encrypted data is stored on its servers. RIM is providing a communications service. While the data is encrypted between RIM’s servers and the BlackBerrys, it has to be encrypted by RIM — so RIM has access to the plaintext.
In any case, RIM has already demonstrated that it has the technical ability to address the UAE’s concerns. Like the apocryphal story about Churchill and Lady Astor, all that’s left is to agree on a price.”
Without transparency of the compromises made, reading the following gives me no additional confidence of RIM’s “promise”,
“In a response to news of the agreement with the UAE, a RIM spokesperson e-mailed CNET the following statement dated today:
“RIM cannot discuss the details of confidential regulatory matters that occur in specific countries, but RIM confirms that it continues to approach lawful access matters internationally within the framework of core principles that were publicly communicated by RIM on August 12.”"
The following excerpted opinion makes sense to me,
“I’m actually sympathetic to the need for government to engage in surveillance where appropriate. But even if you think you can trust the government not to abuse this access—and I don’t think you can—backdoors in systems like RIM’s Blackberry e-mail may become available to other parties, including criminal enterprises.”
Wednesday, 30 December, 2009
Tuesday, 29 December, 2009
UK Guardian is reporting (emphasis added),
A German computer scientist has cracked the codes used to encrypt calls made from more than 80% of the world’s mobile phones.
Karsten Nohl [K: Nohl's U of Virginia page] and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.
[...] Nohl claims that armed with the code, which has been published online, and a laptop with two network cards, an eavesdropper could be recording phone calls within 15 minutes.
“This shows that existing GSM security is inadequate,” Nohl told the Chaos Communication Congress, an international annual meeting of hackers taking place in Berlin this week.
Nohl insisted that he had deciphered the code to force the global telecommunications industry to upgrade its security.
Nohl told the Guardian that important negotiations involving politicians or business leaders could easily be intercepted and they should invest in further encryption software to protect their privacy. “If there is anything secret going on using GSM, this should be of concern.”
More report in NYT and The Register.
Anyone who cares about our communication security based on Cryptography should know that the only way to keep our communication secure is to conduct open and active research in the field where weakness and problems are dealt with in a prompt and appropriate manner. Security through obscurity is NOT an option, and if I were less diplomatic, I would say it is plain stupid to rely our treasured security on obscurity.