Cryptography News (12 Posts)

1 2 . Last - Previous >>

BUGS Package updated to version 4.1.3

Following our renewal support for the BUGS cryptography project, it came to our attention there was some compiling issues on newer linux systems (i.e.: the latest version of Debian/Kali Linux)
This is due to a change in GCC where the default behaviour related to global variable is stricter. Therefore, we have updated the BUGS Unix package to version 4.1.3 and it can now be compiled on newer Linux systems.
You can download it from our local BUGS Download page
Or it can also be downloaded from our GITHUB project page


The WhatsApp Privacy Question

With Facebook recently changing its terms and privacy policy for all its WhatsApp users outside of the EU, it seems to have made a lot of people angry.

When it comes to (your) data privacy and what this update means to non-EU WhatsApp’s users, in the end, I believe it does not mean much difference to what existed before! and if you are ok with targeted Marketing then there is no need to do anything different.

Facebook/WhatsApp just put the spotlight on how personal information is being crossed reference and used for marketing purposes. It happened before but it seems more people this time around are more receptive about the implication of such practice and thus it is creating a wave of exode to over more privacy conscious messaging platforms.

Let's ask ourselves 3x basic questions about this situation:
1. What can WhatsApp see now?
WhatsApp cannot see the content of the messages sent through its platform (allegedly, but let’s assume t...

Afer 17 years, a NEW BUGS Cryptography Package for Unix (version 4.1.2)

BUGS is a personal cyber security project from Sylvain Martinez, which started about 25 years ago and has enabled him to kick start his career in Cyber Security.
As such it has a special place in the heart of ELYSIUMSECURITY.
It is an open source project where Sylvain created his own symmetric cryptography algorithm along with a few applications to showcase the capability of his cryptography algorythm:
An application to encrypt/decrypt files, a simple encrypted chat application, a secure shell add-on, a password manager, etc.

This project is a hobby and should only be seen as that, any respectable professional cryptographer would tell you this: "Do not create your own cryptography algorithm"!
Furthermore, we always advise our clients to only use international standard algorithms (i.e.: AES)

Having said that, it doesn't mean we cannot have a go ourselves!
It had the merit of teaching us a lot about cryptography and after all, no one ha...

Securing your Cloud Storage with a Boxcryptor alternative called EncFS

Cloud storage providers such as Dropbox, Box, One Drive, etc. are increasingly being used for both personal and business reasons. On the Business side, often without the individual's company fully aware of what data is actually leaving their premises.

One of the issue with storing data in the cloud is Security. Looking at Dropbox in recent years, there has been a number of embarrassing blunders which resulted in their customers' data becoming available to anyone who knew where to look. We did blog about it several times: here, here and here. Many other security blogs also related those stories, such as this nice summary from Sophos.

To limit the risks relat...

Hackfu2015 Challenge 5 - Solution

This is part of my write up from the Hackfu 2015 Security Challenge..

The second challenge I solved was in fact quite easy because I solved a similar one for the SANS Summer challenge in 2014 (where it took me much longer to solve the first time I came across this type of steganography!)

The instructions given were:

  • An audio file to analyse
  • There is a hidden message in it, find it!

  • Below is how I solved that challenge:
  • Listening to the audio file only produces white noise.
  • Looking for strings added to the file does not produce anything.
  • Looking for hidden data using stenography extraction tool such as steghide does not produce anything either.

  • But, If you load the file in a windows software such as Sonic Visualizer, add a layer to show a Spectrogram ...
    >>[READ MORE]

    Hackfu Challenge 2015 - Solution for Challenge 1

    MWR ran a Security Challenge last April, unfortunately I only found out about it 3 days before the dead line! I still managed to solve 3 out of the 7 challenges and really enjoyed them.

    The first challenge was especially interesting, as I like cryptography. This was a tough one!!!

    The instructions given were

  • You are invited to a game of Poker but must find the password
  • You find a note with written "Pocket RC4"
  • You find a deck of card ordered from Ace to King with the following "couple" suits: {Diamond, Club}, {Heart and Spade}. This mean AD, AC, 2D, 2C....KH, KS
  • You find a note with the following written on it: "WEMUSTFOLLOWTHEWHITERABBITANHXJRAAZEBYYOMNWPBKGZOGY"

  • That's pretty much it! Below is how I solve this challenge and cracked the code:

    I used information on PocketRC4 f...
    >>[READ MORE]

    John Nash on Cryptography

    John Nash is a famous mathematician whose life inspired the Hollywood movie “A beautiful Mind”. However, summerizing his life through that light hearted movie would be very inadequate!

    So, this genius mathematician who worked in game theory, differential geometry, and partial differential equations as well as winning a Nobel Prize in 1994 appears to also have had some great insights into modern cryptography… back in the 1950s!

    As seen in this article, NSA recently released a series of documents related to letters/conversationa between the NSA and Nash in 1955, where the mathematician made an unsuccessful but noted attempt to communicate his own take on a crypto machine.

    If anything, reading at the hand written...
    >>[READ MORE]

    Attack on Quantum Cryptography

    There is a recent BBC article on a new attack against a key component of Quantum Cryptography: Key Transportation.

    There are 3 main components to a cryptographic system:
    – The strength of the algorithms used (close/open, random generator, collision, etc)
    – The integrity of the system (implementation, key storage, devices security, etc)
    – The transportation of keys (no full or partial interception of the keys, etc)

    Quantum Cryptography has for some been seen as the future for ensuring the integrity and detection of any interception attempts during key transportation.

    I am not a Quantum Physic expert, but what I understand is that key transportation is done through light, where photons of light are sent to the receiver who will inspect the states of those photons to reconstruct the key. It is similar of sending a stream of bits which make the key, apart from the fact that in Quantum Physics a photon has not just a binary state ...
    >>[READ MORE]

    Hot Random Numbers!

    The LavaRND project is a very interesting take on providing a cryptography strong random generator framework.

    Both in terms of plans for physical devices to software library.

    If only I had more time I would love to try building one of their device, nevertheless, I highly recommend this website as it is full of very interesting information related to randomness and they even have some interesting demo using their random framework. You do not require an interest in cryptography to appreciate the work done.

    Next time I need a strong random generator algorithm, I will know where to look :)

    >>[READ MORE]

    PS3 Hacked and Cryptography

    The recent hack on PS3 where the private key used by Sony to sign their games has been recovered is of course a very bad news for Sony. It finishes to open the door to piracy which started in January 2010. In theory, anyone could now sign (pirated) software to run natively on the PS3.

    It is a case of badly implemented cryptography algorithm, in that case, the use a proprietary signing algorithm with a faulty random generator.
    Crypto 101 says to NEVER use proprietary/secret algorithms. Now Sony’s will pay the price for not listening :)
    The PS3 hack story is a great example of badly implemented cryptography which is as important as the choice of the security controls used to protect an asset.


    The start of an answer from Sony, which seems to indicate they did not grasp the severity of the issue when first announced about a week ago
    >>[READ MORE]