[Cryptography] Homomorphic encryption prototype by microsoft

2011-08-08 Thread Ali, Saqib
Two years after Dr. Craig Gentry of IBM published the proof for fully homomorphic encryption, Microsoft has come up with a prototype that utilizes the technique: http://www.technologyreview.com/computing/38239/page1/ saqib http://redscarfvestpink.appspot.com/

ACM Workshop: Searching an Encrypted Cloud

2009-11-16 Thread Ali, Saqib
Followup from the workshop: http://www.technologyreview.com/computing/23951/ saqib http://enterprise20.squarespace.com On Thu, Nov 12, 2009 at 1:23 PM, Ali, Saqib docbook@gmail.com wrote: ACM Workshop on November 13th (yes it is Friday the 13th) will cover the the topic of Searching

First Test for Election Cryptography

2009-11-02 Thread Ali, Saqib
http://www.technologyreview.com/web/23836/ saqib http://replaycall.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

BusinessWeek article on IBM Research's Fully Homomorphic Encryption

2009-10-05 Thread Ali, Saqib
Good read: http://www.businessweek.com/technology/content/sep2009/tc20090930_463595.htm For more info: http://www-03.ibm.com/press/us/en/pressrelease/27840.wss http://portal.acm.org/citation.cfm?id=1536414.1536440 This is just a proof of possibility, not (yet) feasibility. saqib

Re: Privacy Plug-In Fakes out Facebook

2009-09-10 Thread Ali, Saqib
[Moderator's note: I don't want an extended discussion on this topic, but I'll allow this one message through. --Perry] Another fine example of throwing cryptography at a behavioral problem. And why should I trust a 3rd party server to protect the encryption keys I know that Facebook

Re: Unattended reboots (was Re: The clouds are not random enough)

2009-08-03 Thread Ali, Saqib
If you (or anyone on this forum) know of technology that allows the application to gain access to the crypto-hardware after an unattended reboot - but can prevent an attacker from gaining access to those keys after compromising a legitimate ID on the machine This is the conundrum of the of

The clouds are not random enough

2009-08-01 Thread Ali, Saqib
Why Cloud Computing Needs More Chaos: http://www.forbes.com/2009/07/30/cloud-computing-security-technology-cio-network-cloud-computing.html [Moderator's note: It is not supposed to be the moderator's job to read a link and then summarize for the readers it is interesting to click on. In the

Re: New Technology to Make Digital Data Disappear, on Purpose

2009-07-29 Thread Ali, Saqib
Online demo of Vanish: http://regina.cs.washington.edu/cgi-bin/vanishservice.py saqib http://kawphi.blogspot.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

New Technology to Make Digital Data Disappear, on Purpose

2009-07-21 Thread Ali, Saqib
The researchers said they had struck upon a unique approach that relies on “shattering” an encryption key that is held by neither party in an e-mail exchange but is widely scattered across a peer-to-peer file sharing system. The pieces of the key, small numbers, tend to “erode” over time as they

Re: Physical security rather than crypto---but perhaps of interest

2009-07-17 Thread Ali, Saqib
Since we are on this topic: You don’t need to be a crowned Ranger class master hacker to sneak into someone’s email or facebook account these days. Which means that you’re not simply being a nervous nellie if you’re worried about security. In fact, users of public WiFi should be worried. If you

Weakness in Social Security Numbers Is Found

2009-07-08 Thread Ali, Saqib
Read more: http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2ref=instapundit saqib http://www.capital-punishment.us [Moderator's note: this isn't really a weakness in SSNs, unless you're stupid enough to use them as a password -- which we already knew was bad. None the less, interesting

Transcripts of the NIST Sessions from the first SHA3 Candidate Conference

2009-06-17 Thread Ali, Saqib
The transcripts are available at: http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/Feb2009/program.html saqib http://www.capital-punishment.us - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to

OT: Presentation on Effectively and Securely Using the Cloud Computing Paradigm

2009-06-14 Thread Ali, Saqib
NIST has published a working draft of the Cloud Computing Security presentation: http://csrc.nist.gov/groups/SNS/cloud-computing/index.html Both of the documents on this page are excellent read for anyone interested in Cloud Computing. Some of the Security Advantages mentioned in the

A Service to Prove You are Really You

2009-05-21 Thread Ali, Saqib
On the Internet, nobody knows you’re a dog, as the New Yorker cartoon famously said. But what if, while you are surfing, you want to prove your pedigree? Equifax, the big credit agency that already knows more about your flea count than you do, wants to help. :

Response to The Strange Rise and Fall of Hardware Disk Encryption

2009-05-01 Thread Ali, Saqib
Here is a response to Jon Callas'  The Strange Rise and Fall of Hardware Disk Encryption[1]: http://security-basics.blogspot.com/2009/04/re-fde-mgiebelpgpcom-has-shared-strange_6682.html 1. http://blog.pgp.com/index.php/2009/04/the-strange-rise-and-fall-of-hardware-disk-encryption/

How to Share without Spilling the Beans

2009-03-02 Thread Ali, Saqib
A new protocol aims to protect privacy while allowing organizations to share valuable information: http://www.technologyreview.com/communications/22238/?a=f saqib http://www.capital-punishment.net - The Cryptography Mailing

UK must balance surveillance and data collection with privacy

2009-02-12 Thread Ali, Saqib
Britain's House of Lords Constitution Committee released a report Friday saying that the country's use of widespread video surveillance and personal data collection pose a threat to citizens' privacy and freedom. The committee said that while such surveillance and data collection could serve

More on (no pun intended) D-wave quantum computer

2008-12-23 Thread Ali, Saqib
Source: http://bits.blogs.nytimes.com/2008/12/22/d-wave-arms-smoking-gun-proof-of-quantum-computer/ Once D-Wave collects the results of the simulations and processes the information, it will compare the simulation against an actual run of its latest quantum computer, which should be completed in

Lifting Some Restrictions on Encryption Exports

2008-12-05 Thread Ali, Saqib
Does anyone have more info on the following: http://snurl.com/75m3f I couldn't find any other article that talked about it. The pay per news is the only item I found. - The Cryptography Mailing List Unsubscribe by sending

Re: usable security at www.usable.com

2008-09-11 Thread Ali, Saqib
to make it easy to login to participating web sites. However, I don't see any details of the protocols or algorithms. The service looks very user friendly and secure (i.e. if implemented properly) It is unfortunate that being a security aware company they don't provide information about the

No Legitimate Expectation of Privacy for Data on Office Computer, Court Says

2008-09-08 Thread Ali, Saqib
An employee has no reasonable expectation of privacy in personal files stored on a company-owned computer and an employer's consent makes a police search lawful, an appeals court says in a ruling of first impression in New Jersey. We conclude ... that neither the law nor society recognize as

Re: Security by restraining order

2008-08-15 Thread Ali, Saqib
JOLT's coverage of the topic and some new updates: http://jolt.law.harvard.edu/digest/district-courts/mbta-v-anderson saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Introducing Cryptanalysis

2008-08-15 Thread Ali, Saqib
A informative blog post on the topic of cryptanalysis by Mark Chu-Carroll of Google: http://scienceblogs.com/goodmath/2008/08/introducing_cryptanalysis.php saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List

Re: Dutch chipmaker sues to silence security researchers

2008-07-19 Thread Ali, Saqib
Latest updates (17.07.08): Dutch courts OKs publishing how to hack NXP chip http://uk.reuters.com/article/governmentFilingsNews/idUKL186838820080718 saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List

Dutch chipmaker sues to silence security researchers

2008-07-10 Thread Ali, Saqib
Dutch chipmaker NXP Semiconductors has sued a university in The Netherlands to block publication of research that details security flaws in NXP's Mifare Classic wireless smart cards, which are used in transit and building entry systems around the world. More at:

Re: Permanent Privacy - Snake Oil or unbreakable encryption?

2008-07-08 Thread Ali, Saqib
This reads like snake oil. http://www.foxbusiness.com/story/hackers-hell-privacy-compromised/ This reads like a pump'n'dump stock scam. zdnet tries to expose the snake-oil crypto and the pump'n'dump stock scam: http://blogs.zdnet.com/security/?p=1448 good start. but i think they could have

Permanent Privacy - Snake Oil or unbreakable encryption?

2008-07-07 Thread Ali, Saqib
Quoting the Foxbusiness article: PermanentPrivacy announces the world's first practical data encryption system that is absolutely unbreakable. And is offering a $1,000,000 challenge to anyone who can crack it. Permanent Privacy (patent pending) has been verified by Peter Schweitzer, one of

Re: Code makers and breakers of WWII era

2008-06-05 Thread Ali, Saqib
Actually the correct URL is: http://www.sscnet.ucla.edu/geog/gessler/collections/cryptology.htm On Wed, Jun 4, 2008 at 1:59 PM, Ali, Saqib [EMAIL PROTECTED] wrote: Here is another site that has a lot more details and photographs: http://www.sscnet.ucla.edu/geog/gessler/collections/crypto

Re: Code makers and breakers of WWII era

2008-06-05 Thread Ali, Saqib
Here is another site that has a lot more details and photographs: http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-hebern.htm saqib http://doctrina.wordpress.com/ - The Cryptography Mailing List Unsubscribe by sending

Re: Question re Turing test and image recognition

2008-05-22 Thread Ali, Saqib
Check out http://www.numenta.com/ . They have an SDK that you d/l and play with it. saqib http://doctrina.wordpress.com/ On Fri, May 16, 2008 at 8:36 AM, Allen [EMAIL PROTECTED] wrote: Hi gang, In looking at captchas that have been broken via software it dawned on me that the amount of

Re: It seems being in an explosion isn't enough...

2008-05-09 Thread Ali, Saqib
Edwards said the Seagate hard drive -- which was about eight years old in 2003 -- featured much greater fault tolerance and durability than current hard drives of similar capacity. I am not so sure about this statement. The newer drives are far more ruggedized and

Pentagon looks for 'Killer Switch'

2008-05-01 Thread Ali, Saqib
Not exactly related to Malicious Hardware/Software discussion, but interesting nonetheless: http://blog.wired.com/defense/2008/04/the-case-of-the.html http://spectrum.ieee.org/may08/6171 saqib http://doctrina.wordpress.com/ -

Snake oil crypto of the day: BabelSecure Samurai

2008-04-18 Thread Ali, Saqib
See: http://babelsecure.com/challenge.aspx Snake-oil sales pitch: The creators of BabelSecure are so confident in the ability and security of Samurai, they have created the Turing Challenge. The first individual or team to break the following code will earn $5000 saqib

Re: Levels of security according to the easiness to steel biometric data

2008-04-16 Thread Ali, Saqib
I believe ISC2 (https://www.isc2.org/ ) did some testing and published their findings. Maybe someone from ISC2 on this list can give you the exact reference to that material. saqib http://doctrina.wordpress.com/ On Mon, Mar 31, 2008 at 11:10 AM, Danilo Gligoroski [EMAIL PROTECTED] wrote: Hi,

Privacy as Contextual Integrity - A lecture by Dr. Nissembaum of NYU

2008-04-16 Thread Ali, Saqib
Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging and stimulating lecture entitled Privacy in Context at UC Berkeley: http://security-basics.blogspot.com/2008/04/fde-privacy-as-contextual-integrity.html (audio recording and lecture notes)

Re: cold boot attacks on disk encryption

2008-02-21 Thread Ali, Saqib
interesting paper. but i fail to see how this could be deadly (as the author puts it) to the disk encryption products. This methods requires the computer to be recently turned-on and unlocked. So the only way it would work is that the victim unlocks the disks i.e. enter their preboot password

Re: cold boot attacks on disk encryption

2008-02-21 Thread Ali, Saqib
(Seagate FDE) would easily deter this type of attacks, because in a Seagate FDE drive the decryption key never gets to the DRAM. The keys always remain in the Trusted ASIC on the drive. On Thu, Feb 21, 2008 at 11:51 AM, Perry E. Metzger [EMAIL PROTECTED] wrote: Ali, Saqib [EMAIL PROTECTED] writes

Re: cold boot attacks on disk encryption

2008-02-21 Thread Ali, Saqib
PROTECTED] wrote: Ali, Saqib [EMAIL PROTECTED] writes: How about TPM? Would this type of attack work on a tamper-resistant ver1.2 TPM? The phrase is tamper resistant, not tamper proof. Depending on how determined your attackers are, pretty much anything depending on tamper resistant

Re: cold boot attacks on disk encryption

2008-02-21 Thread Ali, Saqib
Umm, pardon my bluntness, but what do you think the FDE stores the key in, if not DRAM? The encrypting device controller is a computer system with a CPU and memory. I can easily imagine what you'd need to build to do this to a disk drive. This attack works on anything that has RAM. How

Re: Open source FDE for Win32

2008-02-13 Thread Ali, Saqib
I installed TrueCrypt on my laptop and ran some benchmark tests/ Benchmark Results: http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks Pros: 1) Easy to use product. Simple clean interface. Very user-friendly! 2) Free and Open Source 3) Multiple Encryption and Hashing

Re: patent of the day

2008-01-23 Thread Ali, Saqib
can anyone please shed more light on this patent. It seems like a patent on the simple process of cryptographic erase.. saqib http://www.full-disk-encryption.net/wiki On Jan 22, 2008 7:29 PM, Perry E. Metzger [EMAIL PROTECTED] wrote: http://www.google.com/patents?vid=USPAT6993661

DRM Helps Sink Another Content Distribution Project

2007-12-31 Thread Ali, Saqib
See: http://msl1.mit.edu/furdlog/?p=6538 And Foxtrot on DMCA: http://www.gocomics.com/foxtrot/2007/12/30/ And Opus on e-books: http://www.salon.com/comics/opus/2007/12/30/opus/ saqib http://www.quantumcrypto.de/dante/ - The

Electronic Voting: Danger and Opportunity

2007-12-24 Thread Ali, Saqib
University of Illinois will hold a talk on Electronic Voting: Danger and Opportunity. Professor Edward W. Felten of Princeton University will be speaking.See: http://webtools.uiuc.edu/calendar/Calendar?calId=504eventId=78090ACTION=VIEW_EVENT saqib http://www.quantumcrypto.de/dante/

Re: gauging interest in forming an USA chapter of IISP

2007-12-14 Thread Ali, Saqib
How will this be any different from being a member of ISC2 or ISACA? Why do we need to be a member of yet another organization? saqib http://www.quantumcrypto.de/dante/ On Dec 12, 2007 12:21 PM, Alex Alten [EMAIL PROTECTED] wrote: Would anyone on this list be interested in forming a USA

Perfect Storm is gathering

2007-10-29 Thread Ali, Saqib
I a good artikle about Storm worm in Guardian: http://observer.guardian.co.uk/business/story/0,,2195730,00.html saqib http://security-basics.blogspot.com/2007/10/execute-spammers.html - The Cryptography Mailing List Unsubscribe

Re: Commercial CAPTCHA-breakers for sale

2007-10-23 Thread Ali, Saqib
On 10/22/07, Ian G [EMAIL PROTECTED] wrote: Peter Gutmann wrote: http://www.lafdc.com/captcha/ is a site that sells commercial CAPTCHA-breaking software. The complexity of some the captchas shown on this web-site made me think. We have gone to such extents to prevent against spammers.

Re: Full Disk Encryption solutions selected for US Government use

2007-10-08 Thread Ali, Saqib
security solution and they don't realize that the state of the art has already shifted under their feet. Arshad Noor StrongAuth, Inc. - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] On Mon, 18 Jun 2007 22:57:36 -0700 Ali, Saqib [EMAIL PROTECTED] wrote: US Government

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-05 Thread Ali, Saqib
I think the really interesting question is what happens when you lose a FDE-ed hard drive. Do you still need to publish the incident and contact potentially affected individuals? If the answer is no, I'm sure this technology will be quickly adopted, independently of its actual

Re: flavors of reptile lubricant, was Another Snake Oil Candidate

2007-09-13 Thread Ali, Saqib
On 13 Sep 2007 13:45:42 -, John Levine [EMAIL PROTECTED] wrote: I always understood snake oil crypto to refer to products that were of no value to anyone, e.g., products that claim to have secret unbreakable encryption, million bit keys, or one time pads produced by PRNGs. hear hear! I

Re: Another Snake Oil Candidate

2007-09-11 Thread Ali, Saqib
On 9/11/07, Aram Perez [EMAIL PROTECTED] wrote: The world's most secure USB Flash Drive: https://www.ironkey.com/demo. you didn't explain why it is a Snake Oil Candidate.. - The Cryptography Mailing List Unsubscribe by

Re: New DoD encryption mandate

2007-08-19 Thread Ali, Saqib
On 8/17/07, Ivan Krstic [EMAIL PROTECTED] wrote: How so? If your computer goes bad, you need a *backup*. That's entirely orthogonal to the drive encryption problem. One of the functions provided by the TPM is to wrap/bind and store the bulk encryption keys. Now let's us say the mother board or

Re: New DoD encryption mandate

2007-08-19 Thread Ali, Saqib
I still don't follow. BitLocker explicitly includes a (optionally file-based) recovery password. If you want central management, why not centrally manage _that_? On if MS provided some way to manage them centrally. Using a encrypted DB to manually store the keys in it, is simply not feasible.

Re: Quantum Cryptography

2007-06-22 Thread Ali, Saqib
- Quantum Cryptography is fiction (strictly claims that it solves an applied problem are fiction, indisputably interesting Physics). Well that is a broad (and maybe unfair) statement. Quantum Key Distribution (QKD) solves an applied problem of secure key distribution. It may not be

Re: Quantum Cryptography

2007-06-22 Thread Ali, Saqib
...whereas the key distribution systems we have aren't affected by eavesdropping unless the attacker has the ability to perform 2^128 or more operations, which he doesn't. Paul: Here you are assuming that key exchange has already taken place. But key exchange is the toughest part. That is where

Full Disk Encryption solutions selected for US Government use

2007-06-21 Thread Ali, Saqib
US Government has select 9 security vendors that will product drive and file level encryption software. See: http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html OR http://tinyurl.com/2xffax - The

Re: question re practical use of secret sharing

2007-06-21 Thread Ali, Saqib
There is a opensource implementation available: http://point-at-infinity.org// On 6/13/07, Charles Jackson [EMAIL PROTECTED] wrote: A quick question. Is anyone aware of a commercial product that implements secret sharing? If so, can I get a pointer to some product literature? -- Saqib

Re: A crazy thought?

2007-06-09 Thread Ali, Saqib
Allen, I am not sure what you are trying to achieve. The CA never has your private key. They are just signing a X.509 certificate that holds your public key. This way they are vouching that that you own the public. Even if you subpoena a CA they won't be able to decrypt any information encrypted

Re: Enterprise Right Management vs. Traditional Encryption Tools

2007-05-12 Thread Ali, Saqib
Hi Jon, Rights management systems work against polite attackers. They are useless against impolite attackers. Look at the way that entertainment rights management systems have been attacked. The rights management system will be secure so long as no one wants to break them. There is tension

Enterprise Right Management vs. Traditional Encryption Tools

2007-05-09 Thread Ali, Saqib
I was recently asked why not just deploy a Enterprise Right Management solution instead of using various encryption tools to prevent data leaks. Any thoughts? - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: phone encryption technology becoming popular in Italy

2007-05-02 Thread Ali, Saqib
A notable mention is http://www.cryptophone.com/ . They are the only secure phone provider that allows for independent review of the source code. On 4/30/07, Steven M. Bellovin [EMAIL PROTECTED] wrote: According to an NY Times article

Re: crypto component services - is there a market?

2007-04-17 Thread Ali, Saqib
i am not sure what you mean by crypto component services. Can you please elaborate? saqib http://www.full-disk-encryption.net On 4/16/07, Travis H. [EMAIL PROTECTED] wrote: So back when I was reading about secure logging I thought it'd be a fun service to offer, but it doesn't seem like a