Encryption

Vodafone has revealed it is developing a secure and encrypted data / password vault for smartphones. Known as Keeper Mobile, the encryption technology will be released by the mobile carrier's operations worldwide by the end of the year.

Central to the encryption technology - which will be downloadable from Vodafone's forthcoming mobile application service - is a highly secure environment developed by CallPod, a Chicago-based company that the carrier has contracted to develop the secure encryption software.

It's a security practitioners dream to deploy a technology that ensures perfect data protection 100 percent of the time. Short of unplugging a computer and locking it in a vault, few technologies come as close as encryption to nearly unbreakable data security; take the data, run it through an encryption algorithm, and it's unreadable to anyone who doesn't possess the right key to reverse the process. It can be mathematically demonstrated that retrieval of encrypted data without the encryption keys is computationally impossible within the expected lifetime of the universe.

Japanese researchers claim to have found a way to break the Wi-Fi Protected Access (WPA) encryption system used in wireless routers in just 60 seconds. Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University plan to explain their method at a technical conference on 25 September in Hiroshima.

Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm. The attacks pose no immediate threat to the security of AES, but they do illustrate a technique for extracting keys that is better than simply trying every possible key combination.

Instead of such a brute force approach, the researchers have derived a technique based on "finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle". Collisions in cryptographic happen when two different inputs produce the same output.

An SSL security guru is urging incentives to promote website certificate upgrade in response to problems with a widely-used digital-signature algorithm.

Collisions in the MD5 hashing algorithm mean that two different inputs can produce the same output. Last year independent researchers showed how the cryptographic flaw might make it possible to forge counterfeit digital certificate credentials.

I ran across a recent blog post by storage vendor Cleversafe titled "Three Reasons Why Encryption is Overrated," and as I suspected it generated a lot of discussion in online forums dedicated to those issues. Beyond the sensationalist headline, the post does raise some interesting points for consideration on the topic of encryption.

1. Future processing power--In the future, malicious hackers will be able to crack older encrypted files due to increases in processing speed.

Cryptographers have found new chinks in a widely-used digital-signature algorithm that have serious consequences for applications that sign email, validate websites, and carry out dozens of other online authentication functions.

Would you use a chocolate teapot to protect your data? Guess what, you might be doing just that. According to Origin Storage there is plenty of evidence to suggest that a growing number of organisations are now adopting data encryption, no doubt partly in the wake of a huge number of high profile data losses that we have all been reading about.

This paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission.

Losing your laptop can be expensive in three ways. First, you'll spend hundreds or thousands of dollars to replace the hardware. Second, you'll suffer the time and aggravation of restoring your data, all the while hoping you have everything backed up properly. But most expensive? Surviving the backlash and legal consequences of losing customer data, financial records and private company information.