Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

academicpapers algorithms backdoors cryptanalysis cryptography encryption hashes russiaA pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor.

German SG-41 Encryption Machine Up for Auction

Schneier on Security

cryptography encryption germany historyofcryptographyA German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

G7 Comes Out in Favor of Encryption Backdoors

Schneier on Security

Some G7 countries highlight the importance of not prohibiting, limiting, or weakening encryption; There is a weird belief amongst policy makers that hacking an encryption system's key management system is fundamentally different than hacking the system's encryption algorithm.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson.

Tech Industry Pushes for Australian Encryption Law Changes

Data Breach Today

Senate Committee Reviewing Law With an Eye to Amend Technology organizations say Australia's anti-encryption law passed in December is already undermining trust in their local operations.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

Germany Talking about Banning End-to-End Encryption

Schneier on Security

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption.

How Encryption Became the Board’s New Best Friend

Thales eSecurity

For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. While 97% of IT experts indicated they are going through some type of digital transformation, only 30% have adopted an encryption strategy. Enter encryption.

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

The Last Watchdog

Related: Marriott reports huge data breach Ever thought about encrypting the data held on a portable storage device? I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in the encrypted portable drive space.

Intel Patches Firmware Flaw That Leaks ME Encryption Keys

Data Breach Today

It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. Researcher Finds Intel's Previous Management Engine Patches Weren't Foolproof Intel has had a challenging time of late on the vulnerability front.

FBI: Encryption Blocked Access to 7,800 Devices

Data Breach Today

Director Calls For 'Responsible' Solution That's Not a Backdoor FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement.

GDPR Compliance – Encryption

Perficient Data & Analytics

Nowhere GDPR Articles mention that encryption is necessary but implementing such measures can reduce the occurrence of a data breach. GDPR Compliant Encryption Methods. The two most commonly stated GDPR-compliant encryption methods mentioned in the GDPR Articles are as follows, 1.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. backdoors encryption keyescrow nationalsecuritypolicy vulnerabilities

Adiantum will bring encryption on Android devices without cryptographic acceleration

Security Affairs

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. Google announced Adiantum , a new encryption method devised to protect Android devices without cryptographic acceleration. SecurityAffairs – Android, encryption).

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. backdoors cryptowars cryptography encryption intelligence lawenforcement privacy

El Chapo's Encryption Defeated by Turning His IT Consultant

Schneier on Security

his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. courts drugtrade encryption fbi insiders keys

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

Virginia Beach Police Want Encrypted Radios

Schneier on Security

This article says that the Virginia Beach police are looking to buy encrypted radios. Virginia Beach police believe encryption will prevent criminals from listening to police communications. backdoors encryption lawenforcement police

The GDPR: Requirements for encryption

IT Governance

Six months since the GDPR (General Data Protection Regulation) came into force, pseudonymisation and data encryption remain the only technology measures specifically mentioned in the famously technology-agnostic Regulation. But what exactly is meant by ‘pseudonymisation’ and ‘encryption’?

Encryption trends and predictions over 50 years

Thales eSecurity

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. We’ve also seen promising approaches, such as homomorphic encryption, come out of academia that have yet to find common practice in real-world applications.

Is Payments Industry Ready for New Encryption Protocols?

Data Breach Today

PCI-DSS Requirement Looms on June 30 New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Database Encryption Key Management

Thales eSecurity

Large data scale breaches have led an increasing number of companies to embrace comprehensive encryption strategies to protect their assets. Solutions for Transparent Database Encryption. Streamlining operations and improving security.

Attackers Are Messing with Encryption Traffic to Evade Detection

Dark Reading

Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Apple to Store Encryption Keys in China

Schneier on Security

Apple is bowing to pressure from the Chinese government and storing encryption keys in China. apple china cloudcomputing encryption iphone keyescrow privacy

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The post GCHQ implements World War II cipher machines in encryption app CyberChef appeared first on Security Affairs.

Two New Papers on the Encryption Debate

Schneier on Security

Seems like everyone is writing about encryption and backdoors this season. Policy Approaches to the Encryption Debate ," R Street Policy Study #133, by Charles Duan, Arthur Rizer, Zach Graves and Mike Godwin. Encryption Policy in Democratic Regimes ," East West Institute.

Cracking Down on Criminals' Use of Encrypted Communications

Data Breach Today

An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management

Amazon, Google Block Trick That Let Encrypted Chats Flow

Data Breach Today

Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments

Thales Wins Cybersecurity Excellence Awards for Encryption and Identity and Access Management Solutions

Thales eSecurity

Thales’s SafeNet Data Protection on Demand and SafeNet Trusted Access solutions have won the gold award in the Encryption and Identity and Access Management categories of the 2019 Cybersecurity Excellence Awards.

Boards Now Face ‘the Encryption Question’

Thales eSecurity

So, what are we doing about encryption?”. A spokesperson later added that this will focus on ensuring universal encryption of passport numbers. Marriott’s response may well set a new normal, in the travel industry: all sensitive traveler data should be encrypted.

FBI Director's Encryption Comments Prove Controversial

Data Breach Today

An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

When Encryption Meets Flash Arrays

Thales eSecurity

To combat threats and keep data safe, IT teams must employ robust encryption, key management, and access controls. To secure storage, many organizations have been leveraging native encryption offerings from their storage vendors.

STOP ransomware encrypts files and steals victim’s data

Security Affairs

” One of the variants analyzed by BleepingComputer encrypts data and appends the.promorad extension to encrypted files, then it creates ransom notes named _readme.txt as shown below.