You can’t trust Internet email with potentially compromising information, such as your credit card or account numbers, social security numbers, or important passwords. As your message moves from one server to another, several people have the opportunity to read it.

o what should you do when you have to get sensitive information to someone, and snailmail just isn’t fast enough? I’ll give you several solutions.

Whatever option you pick, see What Is the Best Way to Create Strong Passwords? And if you have to share the password with the recipient, use the phone–just to be safe.

Public/Private Key Encryption: This elegant solution is supported by several programs, including Outlook 2007. The public key can encrypt but not decrypt, so you can safely share it with anyone. You keep the private key, which does the decrypting, to yourself.

Unfortunately, both the sender and the recipient must set up this type of encryption, and it’s not easy for the less technically inclined. That makes this a good choice in a business environment where everyone has an IT department, but not for occasional, personal communication.

Password-Protected .Zip Files: Depending on what software you use to create compressed .zip archives, you may or may not have an option to password-protect the files inside it. And that option may or may not support high-quality AES encryption.

And don’t go this route if it doesn’t support AES. The .zip format’s standard password protection is easy to hack.

Luckily, many third-party .zip programs support AES encryption, and they’re compatible with each other. These include industry leader WinZip, and the free, open-source 7-Zip. Whatever program you use, make sure you pick the AES option when you compress and encrypt your files.

Unfortunately, Windows’ built-in .zip tool doesn’t support AES, so you can’t simply assume that your recipient will be able to open your archive. If they don’t have a compression program that supports AES .zips, don’t want to install one, or don’t know what you’re talking about, this isn’t your option.

Secure Message and File-Sending Services: You don’t have to actually email your private information. You can upload it to a secure web site, and let the recipient download.

I’m recommending one service in particular: Send. (the period is part of the company name). It’s free, and you don’t even have to share your password with the recipient. Each person has their own private password.

When you post a message on Send., the site emails a notice to the recipient, who will need their own free Send. account to access your message.

There’s a slight chance that a criminal will intercept that first email and create the account before the legitimate recipient does. To avoid this, send an initial message with nothing confidential in it. That way, the recipient will be safely signed up, with their own, hopefully strong password, before you send them something important.

Source

Information that was previously available to a restricted number of researchers is now digital and accessible to many, making the issue of patient privacy prominent in discussions regarding the handling of these records.

Electronic medical records consist of very detailed patient data, where every disease, symptom or injury has its own code, which makes analysis easier and faster. But, the problem is that these codes are available through public databases and electronic medical records, and with this knowledge, this anonymized data can be still tied to the persons to whom it belongs.

To prove that this is a realistic problem, a research team form the Vanderbilt University in Nashville has conducted an experiment which resulted in 96 percent of the 2,762 patients belonging to the test group identified through diagnosis codes.

Scientific American reports that – as a solution to this problem – they introduced an algorithm that generalizes clinical information, but doesn’t interfere with the medical and genetic inter-data connections needed for research. The algorithm exchanges the publicly known ICD codes with an other code system.

They tested it by simulating a hacker attack, with the premise that the hacker is privy to the patients’ identity, their ICD codes and the fact that the patients’ data is included in the database. The test was completely successful – the hacker couldn’t uncover the patient’s private information, and the information remained useful for research.

Source

Advisory (c) 2010 Andreas Bogk

Product: PHP
Version: 5.3.2 and before
Type of vulnerability: Cryptographic weakness, session hijacking
Severity: Medium

Summary
=======

PHP utilizes a cryptographically weak random number generator to
produce session ID information. Additionally, not enough entropy is
used for the initial seeding of the RNG, and some of the entropy can
leak by careless use of the uniqid() PHP function. Under certain
circumstances, these individual weaknesses interact and reduce the
number of possible values of a PHP session ID so much that exhaustive
search for a valid session ID against the web server becomes feasible.

Source

The world of cryptography is currently undergoing a quantum revolution. The weird laws of quantum mechanics allow cryptographers to create codes that guarantee perfect secrecy. Until recently, the best cryptographers could aim for was just pretty good secrecy with codes that were always compromised in some way or another. Quantum cryptography, on the other hand, is perfect: theoretically and practically secure.

A few companies have even sprung up to sell the gear that can send perfectly secure messages, mainly to banks and governments (although the gear itself creates some loopholes that eavesdroppers can attack).

But it’s still early days for this technology and naturally it suffers from several drawbacks. For example, one well known limitation is that quantum cryptography can only be used over point-to-point connections and not through networks where data has to be routed. That’s because the routing process destroys the quantum properties of the photons used to secure messages.

A lesser known limitation is that the sender and receiver of quantum encrypted messages–the famous Alice and Bob–must be perfectly aligned so that they can carry out well-defined polarisation measurements on the photons as they arrive. Physicists say that Alice and Bob must share the same reference frame.

That’s not so hard to do when Alice and Bob are both based in labs on the ground. But it’s much harder when one or the other is moving, in a satellite, for example, which would be both spinning and orbiting the Earth.

Today, Anthony Laing from the University of Bristol and a few pals show how to get round this. The trick is to use entangled triplets of photons, so-called qutrits, rather than entangled pairs.

This solves the problem by embedding it in an extra abstract dimension, which is independent of space. So as long as both Alice and Bob know the way in which all these abstract dimensions are related, the third provides a reference against which measurements of the other two can be made.

That allows Alice and Bob to make any measurements they need without having to agree ahead of time on a frame of reference. There is one proviso: Alice and Bob cannot move too quickly during the measurements since this changes their relative orientation and a new qutrit will be needed to establish a reference.

That’ll be useful for quantum encryption over satellite links, the kind of thing that government agencies and the military might want to do. But there’s another, more valuable application.

If quantum encryption is ever to be widely used, it’ll need to work between one microchip and another without the need to share a frame of reference in advance. That’s always been a problem because the chips inside computers are constantly on the move (relative the the wavelength of light) and because photon polarisations drift as they move through optical fibres, introducing another source of error.

That’s why quantum cryptography that is reference frame independent is an enabling technology and so potentially hugely valuable. It means that Laing and co may have made one of the key breakthroughs that will bring quantum cryptography to the masses.

Ref: arxiv.org/abs/1003.1050: Reference Frame Independent Quantum Key Distribution

Source

RSA authentication is a popular encryption method used in media players, laptop computers, smartphones, servers and other devices. Retailers and banks also depend on it to ensure the safety of their customers’ information online.

The scientists found they could foil the security system by varying the voltage supply to the holder of the “private key,” which would be the consumer’s device in the case of copy protection and the retailer or bank in the case of Internet communication. It is highly unlikely that a hacker could use this approach on a large institution, the researchers say. These findings would be more likely to concern media companies and mobile device manufacturers, as well as those who use them.

Andrea Pellegrini, a doctoral student in the Department of Electrical Engineering and Computer Science, will present a paper on the research at the upcoming Design, Automation and Test in Europe (DATE) conference in Dresden on March 10.

“The RSA algorithm gives security under the assumption that as long as the private key is private, you can’t break in unless you guess it. We’ve shown that that’s not true,” said Valeria Bertacco, an associate professor in the Department of Electrical Engineering and Computer Science.

These private keys contain more than 1,000 digits of binary code. To guess a number that large would take longer than the age of the universe, Pellegrini said. Using their voltage tweaking scheme, the U-M researchers were able to extract the private key in approximately 100 hours.

They carefully manipulated the voltage with an inexpensive device built for this purpose. Varying the electric current essentially stresses out the computer and causes it to make small mistakes in its communications with other clients. These faults reveal small pieces of the private key. Once the researchers caused enough faults, they were able to reconstruct the key offline.

This type of attack doesn’t damage the device, so no tamper evidence is left.

“RSA authentication is so popular because it was thought to be so secure,” said Todd Austin, a professor in the Department of Electrical Engineering and Computer Science. “Our work redefines the level of security it offers. It lowers the safety assurance by a significant amount.”

Although this paper only discusses the problem, the professors say they’ve identified a solution. It’s a common cryptographic technique called “salting” that changes the order of the digits in a random way every time the key is requested.

“We’ve demonstrated that a fault-based attack on the RSA algorithm is possible,” Austin said. “Hopefully, this will cause manufacturers to make a few small changes to their implementation of the algorithm. RSA is a good algorithm and I think, ultimately, it will survive this type of attack.”

Source

In the Cryptographers Panel session at the RSA Conference Tuesday, Adi Shamir said that he is working with a team of researchers who have put together a paper that describes an attack that will break AES 128 within 10 rounds.

“And if you go to AES 256, we can break the entire cryptosystem,” Shamir said.

Shamir, one of the inventors of the RSA algorithm, was speaking on the panel with Ron Rivest, Brian Snow of the National Security Agency, Martin Hellman of Stanford University, Whit Diffie, and Ari Juels of RSA Security. The panel, which is an annual event at the RSA Conference, usually provides some of the more interesting anecdotes of the conference, and this year’s was no exception.

In addition to the work against AES, which is the encryption standard used in many cryptosystems today, Rivest said that he expects 1024-bit RSA encryption to be broken relatively soon.

“I expect that RSA 1024 will be broken within a decade,” Rivest said. “People should start moving to 2048 soon.”

Rivest, a professor at MIT who worked with Shamir and Len Adleman to design the original RSA algorithm, also said that he still gets email and calls from people wanting to use the MD5 hash function, which he designed in 1991. MD5 was widely used, but has been shown to have several weaknesses in recent years.

“I always say to them, ‘Don’t you understand that MD5 is an extinct hash function? It’s dead,’” Rivest said.

Juels, chief scientist at RSA Labs, moderated the panel and asked all of the speakers whether they had ever done anything foolish.

“I’ve rarely done anything else,” Diffie said, which got a nice laugh from the crowd.

Hellman took the question a bit more seriously, but essentially echoed Diffie’s answer, saying that his original research with Diffie in the 1970s that led to the invention of public-key cryptography was looked at as a black hole when they started it.

“I was told by all of my colleagues that cryptography was a waste of time. The NSA had a massive budget, we didn’t know how big at the time, and they had been working on the problem for decades. We were told there’s no way we’d discover anything that they hadn’t already found, and if we did, they’d classify it,” Hellman said.

Source

PGP® Key Management Server provides organizations with the infrastructure and tools to manage large scale deployments of encryption keys and certificates. Instead of using proprietary standalone key repositories or custom single purpose tools, PGP Key Management Server delivers a better approach to managing encryption keys by starting with a design core around supporting different types of keys, trust models and applications.

* Pare down operational cost and complexity – Maintaining multiple key repositories requires extensive labor, resources, and expertise. PGP Key Management Server simplifies the environment with a consistent administrative interface.
* Reduce risk of unrecoverable data – Ensure that dependable key recovery methods are in place before the need arises.
* Prevent unexpected downtime – Unanticipated certificate expirations can bring business to a standstill. Automate certification updates and eliminate certificate accidents that lead to system outages.
* Stay in control – IT leaders need to know if their security policy matches reality. Key management helps organizations account for encryption keys throughout their environment and demonstrate proof of compliance.

PGP Key Management Server provides a versatile foundation to centralize management of encryption throughout the enterprise to help organizations take control over their encryption keys, strengthen security, and reduce operational cost.

Source

The attack is the first to crack the cipher at the heart of the DECT, or Digital Enhanced Cordless Telecommunications, standard, which encrypts radio signals as they travel between cordless phones in homes and businesses and corresponding base stations. A previous hack, by contrast, merely exploited weaknesses in the way the algorithm was implemented.

The fatal flaw in the DECT Standard Cipher is its insufficient amount of “pre-ciphering,” which is the encryption equivalent of shaking a cup of dice to make sure they generate unpredictable results. Because the algorithm discards only the first 40 or 80 bits during the encryption process, it’s possible to deduce the secret key after collecting and analyzing enough of the protected conversation.

“This standard, as with everything else we have broken, has been designed some 20 years ago, and it is proprietary encryption,” said Karsten Nohl, one of the cryptographers who helped devise the attack. “It relied on the fact that the encryption was unknown and hence could not be broken. This is a case where something that has some potential for being strong is broken by just this one design decision that in any public review would have been spotted immediately.”

Nohl, 28, is the same University of Virginia microscope-wielding reverse engineer to crack the encryption in the world’s most widely used smartcard. In December, he struck again after devising a practical attack for eavesdropping on cellphone calls.

He and fellow researchers Erik Tews of the Darmstadt University of Technology and Ralf-Philipp Weinmann of the University of Luxembourg, plan to present their findings Monday at the 2010 Fast Software Encryption workshop in Korea.

Like several of Nohl’s previous hacks, it began with nitric acid and an electron microscope. After dissolving away the epoxy on the silicon chip and then shaving down and magnifying the section dedicated to the DECT encryption, he was able to glean key insights into the underlying algorithm. He then compared the findings against details selectively laid out in a patent and exposed during a debug process.

The results of all three probe methods revealed the fatally insufficient amount of pre-ciphering in the DECT Standard Cipher.

In practical terms, the attack works by collecting bits of the encrypted data stream with known unencrypted contents. In cordless phones, this often comes from a device’s control channel, which broadcasts a variety of predictable data, including call duration and button responses. Sniffing an encrypted conversation with a USRP antenna and the average PC, an attacker would need to collect about four hours of data to break the key in typical scenarios.

In others – such as where DECT is used in restaurants and bars to wirelessly zap payment card details – the time needed to crack the key could be dramatically shorter, Nohl said. The time can also be sped up in a variety of other ways, including by adding certain types of graphics cards to beef up the power of the attacking PC. In some cases, the attack can retrieve the secret key in 10 minutes.

“We expect that some smarter cryptographers than ourselves will find better attacks, of course,” Nohl told El Reg. “We found the algorithm and then implemented the first attack. It’s almost guaranteed that this is not the best attack.”

The DECT Forum, the international body that oversees the standard, said it takes the attack scenarios laid out in the paper seriously and “continues to investigate their applicability.”

The crack of DECT is only the latest time Nohl has defeated the proprietary encryption of a device with critical mass. His 2008 attack on the Mifare Classic smartcard used similar techniques of filing down a silicon chip and then tracing the connections between transistors. His proposed attack of GSM encryption affects cellphones used by more than 800 carriers in 219 countries. ®

Source

It took the team of researchers from Switzerland, Japan, Germany, France, the US and the Netherlands about two and a half years to perform the factorisation. The first step of the calculation, polynomial selection, required half a year on a cluster consisting of 80 PCs, while the second and considerably more labour-intensive sieving step took about two years on a cluster of several hundred computers. According to the researchers, a single Opteron processor with 2 Gbytes of RAM would have needed about 1,500 years to complete the sieving step.

As RSA-512 was cracked about a decade ago, the researchers assume that the computing power required to master RSA-1024 is likely to become available in about ten years. They therefore recommend that all 1024-bit RSA keys be decommissioned by 2014 at the latest.

Source

Based on exclusive InformationWeek Analytics research, it finds nearly all companies use some encryption, but only 14% says it’s pervasive at their companies. A fourth have database table-level encryption. And about 3 out of 5 companies don’t encrypt mobile devices, despite their habit of disappearing loaded with confidential data.

Source