Search results “Schneier 1996 applied cryptography by bruce”
The Ten Commandments of Encryption Policy
Here's something I wrote a few weeks ago and I've been spreading around, and encouraging others to do so as well. The formatted version I put on my DeviantArt journal is linked to below, and I've provided the raw text as well; feel free to copy it and spread it around anywhere you think it'll do good--especially to politicians. The Ten Commandments of Encryption Policy by shanedk on DeviantArt http://shanedk.deviantart.com/journal/The-Ten-Commandments-of-Encryption-Policy-634133886 So many politicians, bureaucrats, and pundits are proposing weakening our crypto to allow searches by law enforcement without understanding the issue, so I thought it'd be good to have a quick reference to explain why this is a bad idea. Feel free to copy this and send to politicians, news reporters, or anyone else you think needs to know this. The Ten Commandments of Encryption Policy 1. In "Applied Cryptography" (2nd Ed., John Wiley & Sons, 1996), Bruce Schneier wrote: "There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files." Therefore, anything that allows our government to read our messages will automatically put our crypto into the "kid sister" category. 2. Anything that allows government to read your message will also allow hackers to read your message. Cryptography is just math, and math works the same for everybody. It doesn't distinguish between good people and bad, or who has a warrant and who doesn't. 3. When strong crypto is outlawed, only outlaws will have strong crypto. The encryption genie is already out of its mathematical bottle. Weakening our crypto so our governments can read it will only make us vulnerable to hacker groups and terror organizations like ISIS, who will have no hesitation about breaking the law to use strong crypto themselves. 4. "If you have nothing to hide, you have nothing to worry about" is a very dangerous mantra. Just ask anyone who's had their identity stolen. 5. When people talk about giving law enforcement authorities access to our data, remember that they're talking about the same law enforcement authorities who illegally tapped Martin Luther King Jr.’s phones. 6. Terror attacks, mass shootings, and mass hackings are all proof that we cannot rely on laws to protect us. We need to protect ourselves with math. Protecting our data is too important to be left to governments. 7. Always remember that lawmakers want solutions that are visible, that they can point to and say, "See? It works." But security solutions that ACTUALLY work are invisible. People go about their lives unaware of the attacks they were protected from. People don't notice the days their house DOESN'T get burgled. 8. Don't be caught up in considering how much security you "need." You won't know how much that is until after the worst happens and it's too late. We need to be able to give ourselves every last bit of security that we can. 9. Before you bring up the founders or the Constitution, remember that they themselves often communicated using ciphers. Thomas Jefferson even invented a wheel cipher for this purpose. 10. We need to consider the consequences of constant observation. Every bit of human progress began as an idea that most people opposed. The last thing we want to do is make people afraid to express those ideas.
Views: 782 Shane Killian
DEF CON 22 - Dan Kaminsky - Secure Random by Default
Secure Random By Default Dan Kaminsky Chief Scientist, White Ops As a general rule in security, we have learned that the best way to achieve security is to enable it by default. However, across operating systems and languages, random number generation is always exposed via two separate and most assuredly unequal APIs -- insecure and default, and secure but obscure. Why not fix this? Why not make JavaScript and PHP and Java and Python and even libc rand() return strong entropy? What are the issues stopping us? Should we just shell back to /dev/urandom, or is there merit to userspace entropy gathering? How does fork() and virtualization impact the question? What of performance, and memory consumption, and headless machines? Turns out the above questions are not actually rhetorical. Just because a change might be a good idea doesn't mean it's a simple one. This will be a deep dive, but one that I believe will actually yield a fix for the repeated *real world* failures of random number generation systems. Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya, and Microsoft.Dan spent three years working with Microsoft on their Vista, Server 2008, and Windows 7 releases. Dan is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time. Of the seven Recovery Key Shareholders who possess the ability to restore the DNS root keys, Dan is the American representative. Dan is presently developing systems to reduce the cost and complexity of securing critical infrastructure.
Views: 46335 DEFCONConference
Cryptography is a systems problem (or) 'Should we deploy TLS'
Cryptography is a systems problem (or) 'Should we deploy TLS' Given by Matthew Green, Johns Hopkins University
Views: 5739 Dartmouth
"Restoring Personal Privacy without Compromising National Security" at ACM Turing 50 Celebration
We live in an era of mass surveillance. Private companies monitor our comings and goings, and ad-supported cloud services record and mine our online activities. At the same time, governments have been conducting extensive surveillance in the name of national security. To a large extent, citizens and lawmakers have accepted loss of privacy in exchange for increased security. Can computing technology promote both personal privacy and national security? Panelists will explore how state-of-the-art cryptography, security, networked systems, and data-management technology might enable government agencies to acquire actionable, useful information about legitimate targets of investigation without intruding upon the electronic activity of innocent parties. They will also address the need to use laws and policies in conjunction with technology to hold government agencies accountable for proper use of private information. Moderator: Joan Feigenbaum, Yale University Panelists: Whitfield Diffie (2015 Turing Laureate), Stanford University Bryan Ford, EPFL (Swiss Federal Institute of Technology) Nadia Heninger, University of Pennsylvania Paul Syverson, U.S. Naval Research Laboratory
Cryptography | Wikipedia audio article
This is an audio version of the Wikipedia Article: https://en.wikipedia.org/wiki/Cryptography 00:03:38 1 Terminology 00:07:53 2 History of cryptography and cryptanalysis 00:08:55 2.1 Classic cryptography 00:16:37 2.2 Computer era 00:19:13 2.3 Advent of modern cryptography 00:21:54 3 Modern cryptography 00:23:02 3.1 Symmetric-key cryptography 00:23:13 3.2 Public-key cryptography 00:23:28 3.3 Cryptanalysis 00:27:58 3.4 Cryptographic primitives 00:34:01 3.5 Cryptosystems 00:40:06 4 Legal issues 00:41:12 4.1 Prohibitions 00:43:02 4.2 Export controls 00:43:12 4.3 NSA involvement 00:45:45 4.4 Digital rights management 00:48:46 4.5 Forced disclosure of encryption keys 00:50:51 5 See also 00:53:36 6 References 00:55:46 7 Further reading Listening is a more natural way of learning, when compared to reading. Written language only began at around 3200 BC, but spoken language has existed long ago. Learning by listening is a great way to: - increases imagination and understanding - improves your listening skills - improves your own spoken accent - learn while on the move - reduce eye strain Now learn the vast amount of general knowledge available on Wikipedia through audio (audio article). You could even learn subconsciously by playing the audio while you are sleeping! If you are planning to listen a lot, you could try using a bone conduction headphone, or a standard speaker instead of an earphone. Listen on Google Assistant through Extra Audio: https://assistant.google.com/services/invoke/uid/0000001a130b3f91 Other Wikipedia audio articles at: https://www.youtube.com/results?search_query=wikipedia+tts Upload your own Wikipedia articles through: https://github.com/nodef/wikipedia-tts Speaking Rate: 0.8357640430680523 Voice name: en-US-Wavenet-D "I cannot teach anybody anything, I can only make them think." - Socrates SUMMARY ======= Cryptography or cryptology (from Ancient Greek: κρυπτός, translit. kryptós "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively) is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications. Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries. The cryptography literature often uses the names Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become increasingly complex and its application more widespread. Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist information-theoretically secure schemes that provably cannot be broken even with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to use in practice than the best theoretically breakable but computationally secure mechanisms. The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Cryptography also plays a major role in digital rights management and copyright infringement of digital media.
Views: 0 wikipedia tts
Digital rights management
Digital Rights Management (DRM) is a class of technologies that are used by hardware manufacturers, publishers, copyright holders, and individuals with the intent to control the use of digital content and devices after sale; there are, however, many competing definitions. With first-generation DRM software, the intent is to control copying; With second-generation DRM, the intent is to control executing, viewing, copying, printing and altering of works or devices. The term is also sometimes referred to as copy protection, copy prevention, and copy control, although the correctness of doing so is disputed. DRM is a set of access control technologies. Companies such as Amazon, AT&T, AOL, Apple Inc., Google, BBC, Microsoft, Electronic Arts, Sony, and Valve Corporation use digital rights management. In 1998, the Digital Millennium Copyright Act (DMCA) was passed in the United States to impose criminal penalties on those who make available technologies whose primary purpose and function are to circumvent content protection technologies. The use of digital rights management is not universally accepted. Some content providers claim that DRM is necessary to fight copyright infringement and that it can help the copyright holder maintain artistic control or ensure continued revenue streams. Proponents argue that digital locks should be considered necessary to prevent "intellectual property" from being copied freely, just as physical locks are needed to prevent personal property from being stolen. Those opposed to DRM contend there is no evidence that DRM helps prevent copyright infringement, arguing instead that it serves only to inconvenience legitimate customers, and that DRM helps big business stifle innovation and competition. Furthermore, works can become permanently inaccessible if the DRM scheme changes or if the service is discontinued. This video is targeted to blind users. Attribution: Article text available under CC-BY-SA Creative Commons image source in video
Views: 1079 Audiopedia