Encryption

Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn't figure out how to enable airplane mode on his aging Android phone. But when Marlinspike saw the screen, he wondered for a moment if he was being trolled: Among just a handful of apps installed on the phone was Signal.

End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—internet-of-things devices?

Researchers have reached a new milestone in the annals of cryptography with the factoring of the largest RSA key size ever computed and a matching computation of the largest-ever integer discrete logarithm. New records of this type occur regularly as the performance of computer hardware increases over time. The records announced on Monday evening are more significant because they were achieved considerably faster than hardware improvements alone would predict, thanks to enhancements in software used and the algorithms it implemented.

Stop us if you've heard this one before: United States law enforcement officials want tech companies to undermine encrypted messaging protections. The latest salvo is a fresh spin, but the underlying intent remains the same. As does the fundamental danger it poses.

Attorney General William Barr plans to once again make his case against end-to-end encryption for the masses, this time in a public call for Facebook to ensure that law enforcement can decrypt messages when investigating terrorists, child abusers, and other criminals.

The past few years have seen some amazing progress in the deployment of encryption protocols. In less than a decade, encryption protocols like TLS have gone from a novelty to the “table stakes” for running a secure website. Smartphone manufacturers have deployed default device encryption to billions of phones, and and end-to-end encrypted messaging and phone calls are now available to more than two billion users.

Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden.

In a statement published Tuesday, Dutch police said officers achieved a “breakthrough in the interception and decryption of encrypted communication” in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.

Users whose believe the data on their drives are protected with Microsoft's Windows Bitlocker could be in for lengthy workarounds, after researchers showed that the default hardware-based encryption on solid state storage isn't secure.

Carlo Meijer and Bernard van Gastel of Radboud University, Netherlands, detailed in their paper [pdf] how techniques known to be used by the US National Security Agency (NSA) can get around encryption that looks strong and impenetrable on paper.

A new proposal by the Australian government that would mandate its ability to access encrypted data held by companies both foreign and domestic has been met with fierce opposition from many in the privacy and technology communities.

The bill, known as the "Assistance and Access Bill 2018," seeks to overcome what American authorities have spent years calling the "going dark" problem. The notion, as Canberra explains it, is to enhance "the ability of our law enforcement and security agencies to access the intelligible data necessary to conduct investigations and gather evidence."

You know two-factor authentication tokens, the ephemeral, six-digit numbers you use as a second layer of security when logging into, say, your email? Those constantly updating, randomly generated numbers are one of the easiest ways to protect your accounts from being hacked. But for some time now, I've harbored a pet conspiracy theory about those codes: Maybe they aren't as random as we're led to believe.