Encryption

Toshiba Research Europe has used the science of quantum cryptography to transmit voice and video over a secure fiber link that is protected by the laws of physics. The demonstration is significant because it shows that the single-photon encryption technology is not only compatible with real Internet Protocol (IP) traffic but also robust enough for deployment on commercial fiber networks. The system was shown to financial institutions and government representatives in London last week by scientists working at Toshiba’s Cambridge Research Laboratory.

Quantum cryptography - long the stuff of cyberpunk novels and hi-tech spy stories - is leaving the laboratory and making its way into commercial markets. A briefing session at the UK's Department of Trade and Industry on Wednesday featured demonstrations of working quantum key exchange systems by QinetiQ, Toshiba Cambridge and US start-up MagiQ.

Quantum cryptography - using a private communication channel to lock down the exchange of sensitive data between two points has to date created much more discussion than it has practical applications.

The head of security at pharmaceuticals giant ICI has called for more businesses to encrypt their emails.

Paul Simmonds, one of the co-founders of security think tank The Jericho Forum, said that encryption would enable businesses to communicate with better levels of trust.

"It's available on every single email product," said Simmonds, global director of information security for ICI. "But nobody is using it. We need to talk it up on an industry level and get a critical mass on this."

UK reseller NOW Wireless has signed a deal to distribute MagiQtech's quantum cryptography solution, MagiQ QPN Security Gateway, in the UK.

Launched in the US in 2004, MagiqTech's two-box solution, provides secure quantum key exchange between two dedicated sites up to 120km apart. Once secure keys are exchanged, data can be encrypted using standard protocols, switching keys at up to 100 times per second.

L33tdawg: This sounds awfully a lot like TRANSLTR, the NSA's supercomputer in Dan Brown's Digital Fortress ;)

For law enforcement officials charged with busting sophisticated financial crime and hacker rings, making arrests and seizing computers used in the criminal activity is often the easy part.

With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late-model cars and gas them up for free to boot, according to research published by computer security experts at the Johns Hopkins University in Baltimore and RSA Security Inc.'s RSA Laboratories in Bedford, Mass.

With the recent news of weaknesses in some common security algorithms (MD4, MD5, SHA-0), many are wondering exactly what these things are: They form the underpinning of much of our electronic infrastructure, and in this Guide we'll try to give an overview of what they are and how to understand them in the context of the recent developments.

But note: though we're fairly strong on security issues, we are not crypto experts. We've done our best to assemble (digest?) the best available information into this Guide, but we welcome being pointed to the errors of our ways.

Storage experts said Bank of America's loss of tapes housing the personal information of 1.2 million government employees suggests the data on them was not encrypted. The case is seen spurring calls for encrypting customer data.

Data encryption renders files unreadable to users, greatly mitigating the security risk brought on by the theft or misplacement of tape cartridges that include stored files.

L33tdawg: Much love to Fyodor Yarochkin for the heads up on this ;)

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results: