Encryption

It seems like these days I can't eat breakfast without reading about some new encryption app that will (supposedly) revolutionize our communications — while making tyrannical regimes fall like cheap confetti.

This is exciting stuff, and I want to believe. After all, I've spent a lot of my professional life working on crypto, and it's nice to imagine that people are actually going to start using it. At the same time, I worry that too much hype can be a bad thing — and could even get people killed.

Silent Circle, a startup company that provides encrypted mobile communication services, released a new version of its Silent Text app for iOS that allows users to exchange encrypted files at the push of a button. The files can be set to self-destruct.

There’s two really useful parts to this hack which involves sniffing the HDMI protocol’s HDCP security keys. The first is just getting at the signals without disrupting communications between two HDCP capable devices.

If you lose possession of an Android phone, your PIN or pattern unlock might not be enough to protect the sensitive data stored on it. Not, at least, after it’s spent an hour in a hacker’s freezer.

I recently met with Ethan Oberman (above) CEO and co-founder of SpiderOak, a cloud based data storage service used for backups or syncing data. It promises a very high level of security because everything is encrypted -- SpiderOak has no idea what you are storing.

This is the same strategy that Kim Dotcom, the infamous founder of Megaupload has recently taken with his latest storage venture Mega. Megaupload was shut down by US authorities because it is alleged that it stored huge quantities of pirated movies and other copyrighted materials.

Enterprise security firm Venafi claims Kim Dotcom’s offer of €10,000 for the first person to crack his new Mega file storage site will be collected.

The challenge was announced through the site’s blog in response to criticism over its security procedures, including the fact there is no end-to-end encryption.

Two killjoy researchers from the University of Cambridge have cast doubt on whether quantum cryptography can be regarded as ‘provably secure’ – and are asking whether today’s quantum computing experimentation is demonstrating classical rather than quantum effects.

Computer scientists Ross Anderson and Robert Brady have published their discussion at Arxiv, here. In the paper, they examine two key issues in quantum research. As well as looking at the cryptography question, they also examine why quantum computing research is finding it hard to scale beyond three qubits.

Denial of service vulnerabilities have been found in cryptographic systems underpinning host of web applications including those offered by Google, Microsoft, Yahoo and those based on Java among scores of others.

The attacks target weaknesses in the hash algorithms that permit multiple hash collisions to take place. This can quickly overload any application using a vulnerable hash algorithm.

Mega's high-profile launch was under a lot of scrutiny, for obvious reasons, with many curious to see how the fabled encryption features would work. Mega boasted client-side encryption to ensure total privacy over the uploaded files.

But Mega also made it possible to share those files and didn't require users to actually remember or store any key, things which could mean weaker security.

A security researcher has found a cryptographic flaw in the Mega cloud service that could reveal user passwords.

The Mega cloud service was launched on Monday.