ElcomSoft has built a utility that forages for encryption keys in snapshots of a PC's memory to decrypt PGP and TrueCrypt-protected data.
Forensic Disk Decryptor attempts to unlock information stored in disks and volumes encrypted by BitLocker, PGP or TrueCrypt. The tool is designed for criminal investigators, IT security bods and forensic specialists. PGP and TrueCrypt set the industry standard for whole-disk or partition encryption.
Computer scientists at the University of North Carolina have constructed (pdf) a system whereby a malicious virtual machine is used in a so-called access-driven side-channel attack for the first time.
Running on the Xen hypervisor, the attack succeeded in extracting an ElGamal decryption key from a victim virtual machine using the most recent version of the libgcrypt cryptographic library, the researchers wrote.
Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu, for many years. But until the recent release of Ubuntu 12.10, it was hidden away in the "alternate" text-mode installer of Ubuntu that many non-technical users don't even know exists.
Lately, Mike Janke has been getting what he calls the "hairy eyeball" from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world's most renowned cryptographers, was always bound to ruffle high-level feathers with his new project - a surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it.
A technicolour art space in south Sydney on a Saturday night is an unlikely gathering point for internet denizens interested in remaining private.
Welcome to a Cryptoparty, where privacy becomes public.
The 30-strong crowd are young and old, tech-savvy to tech-naive, and are part of a growing movement of people who believe that data privacy is not secrecy. Not only do they want to protect their emails, files and browsing history from governments, but also from corporations and other internet users. They are not necessarily hackers and what they are doing is not illegal.
L33tdawg: Here we go again...
Wannabe code-crackers have a fresh challenge to rise to, if DeTron has its way. The encryption company ran a full page ad in the New York Times late last week challenging code breakers, hackers and cryptographers to crack a message encrypted by Quantum Direct Key (QDK) – a personal identification encryption technology aimed at eliminating multiple passwords for cloud services and web apps.
Bringing to a close a five-year selection process, the U.S. National Institute of Standards and Technology (NIST) has selected the successor to the encryption algorithm that is used today to secure much of the information on the Internet.
For SHA-3 (Secure Hash Algorithm), NIST has selected Keccak (pronounced "catch-ack"), an algorithm authored by Guido Bertoni, Joan Daemen and Gilles Van Assche of STMicroelectronics, as well as MichaA<
Quantum cryptography is one of those amazing tools that came along before anyone really asked for it. Somehow there are companies out there selling very high end, and "provably secure" cryptography gear, all based on fundamental principles of quantum mechanics. Yet, despite being fundamentally unbreakable, there have been quite a few publications on more-or-less practical ways for Eve to eavesdrop on people whispering quantum sweet-nothings in darkened rooms.
A group of German researchers has taken a step closer to achieving quantum key distribution with satellites, receiving quantum keys transmitted by a moving airplane.
The experiment is described in this paper (PDF) presented to the QCrypt conference in Singapore last week.
Led by Sebastian Nauerth at the Ludwig Maximilian University of Munich, the researchers achieved a stable connection over 20 Km for ten minutes, and in that time achieved a key rate of 145 bits/s. While that’s far too slow for a data channel, this only refers to the rate at which the keys are transmitted.
Security researchers Juliano Rizzo and Thai Duong – who released details of an attack on SSL/TLS last year, along with a tool called BEAST – are preparing to present a new attack on SSL/TLS at the Ekoparty Security Conference in Argentina later this month, according to Threatpost. The new attack has been given the name CRIME by the researchers.
