Category Archives: Cryptography

Secured?

I’ve purchased a certificate for the blog so it can run on SSL/TLS, ie have an https address.

Little did I know how much grief this would cause. However, I only locked myself out of the blog once, and with the help of of a WordPress https plugin I am gradually reducing the number of mixed-content errors.

Security really shouldn’t be this hard …

Posted in Cryptography, Discourse.net | Leave a comment

Valde Mirum

This is soooo weird: Krebs on Security, Lorem Ipsum: Of Good & Evil, Google & China.

Posted in Cryptography, Internet | 1 Comment

Crypto Joke

Protocol

Really funny if you are into crypto. From xkcd of course.

Posted in Completely Different, Cryptography | Leave a comment

Happy Data Privacy Day

Today is Data Privacy Day. Start your celebration with Unqualified Offerings:

Snowden’s revelations must be especially hard on the psychiatric profession. If one patient dismisses the idea that the government is spying on him, and the other is convinced that the government is working with major electronics manufacturers to put listening devices in his personal belongings, which one do you diagnose as being unable to distinguish reality from fantasy?

At a University committee meeting recently, I suggested the University should provide us all with encryption so we can protect our data on our computers, and in transit, as it was at risk of interception. The ranking University official at the meeting smiled dismissively and said something along the lines of ‘Well, if you are worrying about that…”. I said, “but it’s national policy – the President announced it.” He stopped smiling.

Posted in Cryptography, Software, Surveillance | Leave a comment

EFF: Who’s Naughty & Nice on Encrypting Communications

New infographic from EFF:

And the press release:

Dropbox, Google, SpiderOak and Sonic.net Score Five out of Five in Crypto Best Practices

San Francisco – The Electronic Frontier Foundation (EFF) today published a new infographic to illustrate how 18 service providers are encrypting communication. The chart supplements EFF’s popular “Who Has Your Back” series, which evaluates how companies respond to government requests for user information.

Over the last three weeks, EFF surveyed the companies on whether they are now employing or have concrete plans to employ a set of five best practices: Encryption of data center links, Hypertext Transfer Protocol Secure (HTTPS) support, HTTP Strict Transport Security (HSTS) support, forward secrecy and STARTTLS for email encryption.

Four of the companies surveyed-—Dropbox, Google, SpiderOak and Sonic.net—-are implementing all of the measures. In addition, six companies-—the aforementioned four, plus Twitter and Yahoo–are taking, or have committed to taking, the critical step of encrypting the connections for their data centers to protect against backdoor access like the NSA’s MUSCULAR program.

“In light of the National Security Agency’s unlawful surveillance programs, as well as other threats to network security, it is now more important than ever to deploy strong encryption throughout networks,” EFF Senior Staff Attorney Kurt Opsahl said. Like all EFF content, the infographic is available for publication at no cost under the Creative Commons-Attribution License.

For a detailed explanation of the survey, the encryption practices and the chart: https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.

Posted in Cryptography | Leave a comment

xkcd Does Privacy

xkcd: Privacy Opinions

I guess I started somewhere between the crypto nut and the nihilist. These days some conspiracist sneaks in. The NSA really is building a huge data warehouse in Utah, you know….

Posted in Completely Different, Cryptography | Leave a comment

SHA-3 Draft Revisions Considered Mysterious, Maybe Dangerous

People who care about crypto should read CDT’s new post, What the heck is going on with NIST’s cryptographic standard, SHA-3?

Posted in Cryptography | 1 Comment