Cryptography
Cryptography
Cryptography or cryptology is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication. As the noted cryptologist Ron Rivest summarized: cryptography is about communication in the presence of adversaries.
Cryptography is an interdisciplinary subject, drawing from several fields. Older forms of cryptography were chiefly concerned with patterns in language. More recently, the emphasis has shifted, and cryptography makes extensive use of mathematics, particularly discrete mathematics, including topics from number theory, information theory, computational complexity, statistics and combinatorics. Cryptography is also considered a branch of engineering, but it is considered to be an unusual one as it deals with active, intelligent and malevolent opposition. Cryptography is a tool used within computer and network security.
Definitions provided by Wikipedia - The Free Encyclopedia
Cryptography Related Products
Cryptography Related Industry News
'Hack-proof' cryptography goes quantum Toshiba researchers demonstrate secure comms over 100km for the first time. Researchers have developed new technology that could allow companies to implement hack-proof communications in three years.
The technology, based on quantum cryptography, was demonstrated by Toshiba Research Europe this week working over distances of 100km for the first time.
Research laboratory group leader Andrew Shields explained that the technology will be applicable for......
[more] Is security getting any easier? Although governments and companies appear to be making significant headway on many security problems, don't expect headaches like spam to disappear anytime soon, according to security experts. Human error, combined with the increasing technical sophistication of malicious hackers, creates a situation in which security, ultimately, can never be perfect, security specialists on the cryptographer's panel at the RSA Conference here said Tuesday.
Invariably, indiv......
[more] Competing technologies could shake up e-mail Microsoft’s announcement at the RSA Conference last week of a host of initiatives to stop unsolicited commercial e-mail, or spam, highlighted some tectonic shifts taking place in the once staid world of Internet messaging. The company’s new e-mail authentication architecture, known as "Caller ID," is being met with cautious acceptance. However, Microsoft will probably not have the last word on secure e-mail, and a shake-out of antispam solutions backe......
[more] Earthlink to test sender authentication ISP (Internet service provider) Earthlink Inc. will soon begin testing new e-mail security technology, including Microsoft Corp.'s recently released Caller ID technology, a company executive said.
Earthlink will be experimenting "very soon," with "sender authentication" technology including Caller ID and a similar plan called Sender Policy Framework (SPF). The Atlanta-based ISP will be evaluating other e-mail security proposals as well, but is not bac......
[more] Competing Technologies Shake Up E-Mail How will rival authentication schemes change the way we communicate online? Microsoft's recent announcement of a host of initiatives to stop unsolicited commercial e-mail, or spam, highlighted some tectonic shifts taking place in the once staid world of Internet messaging. The company's announcement was made at the RSA Conference, a leading annual meeting on electronic data security that was held in San Francisco late last month.
Caller ID
The company's......
[more] Half of all email is now spam According to a recent Yankee Group report titled E-Mail Security Solutions Providers Seek to Stop Spam and Viruses at the Perimeter, half of all e-mail sent today is spam.
The report also claims that the challenge of filtering unwanted messages at the edge of U.S. businesses has created a $140 million market.
It's no secret that spam is a huge problem that the industry and governments are still trying to solve.
"Legislation alone is not sufficient; we a......
[more] Miscreants encrypt files, hold them for ransom In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information. In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts......
[more] Hackers cash in on 802.1x confusion Companies are leaving their wireless networks exposed to hackers because of widespread failure to understand or implement 802.11x security systems, a survey has claimed.
The study commissioned security vendor nCipher revealed less than half of firms plan to introduce the technology in the next two years. It comes as another blow to producers of 802.1x equipment, following Forrester research in March which showed the technology is more costly to implement tha......
[more] Wireless security cracked in a minute German researchers demonstrate new technique to break Wep-protected networks in 60 seconds. The security found in most wireless access points can now be cracked in under a minute, cryptographic researchers found.Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann at the cryptography and computer algebra group at the Technical University Darmstadt in Germany found that by refining and applying a form of attack against Wired Equivalent Privacy (Wep) developed......
[more] The top 10 reasons Web sites get hacked Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that Web security is at the top of customers' minds after many well-publicized personal data breaches, but the people who actually build Web applications aren't paying much attention to security, experts say. "They're totally ignoring it," says IT consultant Joel Snyder. "When you go to your Web site des......
[more] Securing the Enterprise Beyond the Perimeter Recent high-profile security breaches have taught us a clear lesson: organizations that rely primarily on a secure perimeter to protect sensitive data are fooling themselves. This year, hardly a week has passed without headlines about a security breach involving sensitive data. However criminals get the data, whether through a traditional perimeter breach, use of insider credentials or outright theft of physical storage media, the lesson is the same.......
[more] PlayStation a hacker's dream The powerful processors in Sony's PlayStation 3 gaming console now have another use: cracking passwords. New Zealand-based security researcher Nick Breese claims to have used the year-old gaming console to crack passwords at speeds 100 times greater than Intel hardware is capable of.Breese, a security consultant with Security-Assessment.com, presented his findings to the Kiwicon hacker conference in Wellington, New Zealand."Suddenly we have a massive increase in......
[more] MiFare RFID crack more extensive than previously thought The ubiquitous MiFare Classic RFID chip -- used daily by millions worldwide in access control keys, subway passes, and other applications -- is even easier to crack than previously thought, according to security researchers who announced the development Monday at the international cryptography conference EuroCrypt in Istanbul. Mere seconds are all that is required to crack the chip's security -- not a few hours, as estimated last month. K......
[more] Researcher: Debian cryptography may be flawed A security researcher has warned that cryptographic keys generated in the last year and a half using Debian OpenSSL may be invalid. HD Moore, director of research for network-security company BreakingPoint Systems, posted details of the compromise on Metasploit.com on Wednesday.According to Moore, a bug in a Debian OpenSSL package was created in 2006 by the removal of a piece of code, which was taken out to stop the Valgrind and Purify security tool......
[more] Swiss boffins sniff passwords from (wired) keyboards 65 feet away Swiss researchers have demonstrated a variety of ways to eavesdrop on the sensitive messages computer users type by monitoring their wired keyboards. At least 11 models using a wide range of connection types are vulnerable. The researchers from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne are able to capture keystrokes by monitoring the electromagnetic radiation of PS/2, universal serial bu......
[more] QuickStudy: Identity-based encryption Public-key cryptography offers very strong protection for electronic communications. Much of its strength comes from the use of paired keys, which are separate (but mathematically related) codes that encrypt and decrypt a message; one key is public and one is known only to the recipient. But hardly anyone uses public-key cryptography, because it's it's too much trouble. The recipient has to be prepared with both public and private keys, and the sender has t......
[more] Secure Encryption Key Lifecycle Management One of the essential components of encryption that is often overlooked is key management - the way cryptographic keys are generated and managed throughout their life. Because cryptography is based on keys that encrypt and decrypt data, your database protection solution is only as good as the protection of your keys. Security depends on two factors:Where are the keys stored andWho has access to them?When evaluating a data privacy solution, it is essenti......
[more] Medical data leakage rampant on P2P network The risk of patient information disclosures on peer-to-peer (P2P) networks is much higher than if a health care worker loses a laptop or removable storage device, according to new Dartmouth College research. Dartmouth College business professor Eric Johnson has written a report called “Data Hemorrhages in the Health Care Sector” and plans to present his findings later this month at the Financial Cryptography and Data Security conference, J......
[more] IBM touts encryption innovation IBM today said one of its researchers has made it possible for computer systems to perform calculations on encrypted data without decrypting it. IBM says the breakthrough would let computer services, such as Google Inc. or others storing the confidential, electronic data of others, fully analyze data on their clients' behalf without expensive interaction with the client and without seeing any of the private data. The idea is a user could search for information us......
[more] Webcams, printers, gizmos - the untold net threats Forget mis-configured Apache servers and vulnerability-laden Adobe applications. The biggest security threats to business and home networks may be the avalanche of webcams, printers, and other devices that ship with embedded web interfaces that can easily be turned against their masters. The web interfaces are designed to make it easy to manage the devices by allowing people to use a readily familiar medium to change settings such as file names......
[more] Want to keep eavesdroppers out? HP researchers think they have the answer Two researchers for HP have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from finding out confidential corporate information. Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary......
[more] Conficker talk sanitized at Black Hat to protect investigation The international security team tracking down Conficker thought the masterminds behind it would have been apprehended by now, according to one of the leaders of the effort to stamp out the resilient worm. But that’s not the way it has worked out, and a talk at Black Hat yesterday had to be scaled back because it contained information about Conficker that might tip investigators’ hand and send the perpetrators further und......
[more] AES encryption not as tough as you think Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought. In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit version of AES is susceptible to several so-called related-key attacks that significantly diminish the amount of time it takes to g......
[more] Why malware writers are turning to open source Malware developers are going open source in an effort to make their malicious software more useful to fraudsters. By giving criminal coders free access to malware that steals financial and personal details, the malicious software developers are hoping to expand the capabilities of old Trojans. According to Candid Wüest, threat researcher with security firm Symantec, around 10 per cent of the Trojan market is now open source.
The move to an ope......
[more] Conficker baffles security experts Security experts have admitted that the Conficker worm has baffled them. The worm has infected more than five million computers in a botnet that is powerful enough to take out the internet in Australia, according to the Sydney Morning Herald. Rodney Joffe, a director of the Conficker Working Group formed to defeat the worm, said, "The general agreement in the security world is that Conficker is the largest threat facing us from a cyber crime point of view. It......
[more] Encryption is becoming more elaborate to ensure confidential business data is kept secret In 1597, Francis Bacon coined the phrase scientia potentia est, “for knowledge itself is power”, and this is as true today as it was then. Bacon could not have foreseen the change that has overtaken information, and business data in particular. Digital information is now one of the cornerstones of business, and never before has so much knowledge been available so easily. However, keeping business secrets ha......
[more] Leaking crypto keys from mobile devices Security researchers have discovered a way to steal cryptographic keys that are used to encrypt communications and authenticate users on mobile devices by measuring the amount of electricity consumed or the radio frequency emissions. The attack, known as differential power analysis (DPA), can be used to target an unsuspecting victim either by using special equipment that measures electromagnetic signals emitted by chips inside the device or by attaching a......
[more] 2010 predictions: Security The security landscape is a complex, multi-layered one that changes more subtly and indefinitely than the seasons. It is therefore hard to predict security trends with any degree of certainty. That said, by looking back at the security developments of the past year and talking to security experts, we believe we have come up with a list of key trends that any IT leader worth his or her salt would be wise to keep an eye out for in 2010. Spam, botnets, social networks -......
[more] UK registry to tighten web security The UK's domain registry Nominet, is set to implement DNS Security Extensions (DNSSEC), a security protocol designed to protect the DNS (Domain Name System). DNSSEC uses public key cryptography to digitally "sign" the DNS records for websites. It is designed to stop attacks such as cache poisoning, where a DNS server is hacked, making it possible for a user to type in the correct website name but be directed to a fake website. In 2008, security researcher Dan......
[more] Researchers claim major cryptography advance A pair of university researchers are presenting a system which could greatly advance the use of cryptography in computing. Bristol University computer science Professor Nigel Smart and Dr Frederik Vercauteren from Belgium's Katholieke University Leuven are planning to present a paper which outlines a scheme for handling and computing encrypted content. The scheme outlined in the paper, say the researchers, improves on a 2009 encryption scheme from IB......
[more] Location-based quantum crypto now possible, boffins say Researchers say they have devised a foolproof way to encrypt messages that can be unlocked only by a recipient physically located in a specific place, solving a problem that has vexed cryptographers for years. The technique for position-based quantum cryptography is scheduled to be presented at the 2010 IEEE Symposium on Foundations of Computer Science in October. It makes it theoretically possible for people to securely encrypt and decry......
[more] Privacy project uses cryptography to reduce shared info A project that could radically reduce the amount of personal information we share in our dealings has been revealed by IBM researchers. The ABC4Trust project is developing an "electronic wallet", with encrypted versions of all a person's details. A query by a device like a "chip and PIN" reader will involve only the information that is strictly necessary. The idea could also be applied to online transactions, and aims to......
[more] The encryption keys used to secure data have become the keys to the kingdom Back in the mid 70s, the use of encryption in enterprises was pretty much unheard of. Soon companies started to introduce some encryption in limited instances, such as encoders on communication lines to encrypt financial transactions. A major breakthrough in the 90s saw the rapid expansion of the use of encryption with the arrival of asymmetric key encryption. And asymmetric encryption gave birth to two technologies that......
[more] Meet the fastest public-key algorithm few have even heard of Here comes the fastest public-key algorithm that most people have never heard of: It's called NTRUEncrypt and this month was approved by the financial services standards body, the Accredited Standards Committee X9. The X9.98 standard specifies how to use NTRU, as it's called for short, in financial transactions. "The NTRU public-key algorithm competes with RSA and elliptic curve" says Ed Adams, CEO of Security Innovation, whi......
[more]
