The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: RSA keys

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates

98% of SSL enabled websites still using SHA-1 based weak Digital Certificates
February 06, 2014Anonymous
The National Institute of Standards and Technology (NIST) had published a document on Jan 2011 that the SHA-1 algorithm will be risky and should be disallowed after year 2013, but it was recently noticed by Netcraft experts that NIST.gov website itself were using 2014 dated SSL certificate with SHA-1 hashes. " From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation. The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit. SHA-1 shall not be used for digital signature generation after December 31, 2013. " NIST in the document. Digital signatures facilitate the safe exchange of electronic documents by providing a way to test both the authenticity and the integrity of information exchanged digitally. Authenticity means when you sign data with a digital signature, someone else can verify the signature, and can confirm that the data originated from you and was not

Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners

Cyber criminals targeting another cryptocurrency 'Primecoin' with malicious miners
January 16, 2014Mohit Kumar
Like Bitcoin, There are numerous other cryptocurrency similar in nature, including  MasterCoin , ProtoShares, Litecoin, Peercoin, BitBar and many more. One of them is  Primecoin  (sign: Ψ; code: XPM),  a peer-to-peer open source cryptocurrency that implements a scientific computing proof-of-work system. Unlike Bitcoin or other virtual currencies, only Primecoin provides a proof of work that has intrinsic value. It generates a special form of prime number chains, known as ' Cunningham chains & bi-twin chains ' and has a real world importance in mathematical research. Worldwide famous RSA Encryption basically uses two prime numbers for generating a RSA key pair. If you are able to factorize the public key and find these prime numbers, you will then be able to find the private key. Thus, the whole Security of RSA encryption is based on the length of prime numbers. So, Primecoin plays a great role for crypto researchers to get large... and a very large number of Primes. Like

NSA will not stop spying on us, next move Quantum computer to break strongest Encryption

NSA will not stop spying on us, next move Quantum computer to break strongest Encryption
January 04, 2014Swati Khandelwal
Image Credit: The guardian  If I say that  NSA (National Security Agency) will never stop spying on us then it won't be wrong. After the exposure of the large number of surveillance scandals including PRISM, DROPOUTJEEP, XKeyscore and many many more which are now publicly known as well as unknown, Will NSA ever stop Privacy  breach? Obviously ' NO' . That I can predict from another Snowden leak published by the Washington Post news website recently i.e. US National Security Agency (NSA) is trying to develop a futuristic super computer called ' Quantum computer'  that could be capable of breaking almost every kind of encryption on the computer used to protect banks, medical, business including top-secret information held by government around the world. The Project is specified as " Penetrating Hard Targets " in the document and is a part of $79.7 million research program. The Washington Post says that the research is being done at the University of Maryland

Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound

Acoustic Cryptanalysis: Extracting RSA Key From GnuPG by capturing Computer Sound
December 20, 2013Mohit Kumar
' RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis ', is an interesting paper recently published by Three Israeli Security Researchers at Tel Aviv University . They claimed that, they have successfully broken one of the most secure encryption algorithms, 4096-bit RSA , just by capturing Computer's CPU Sound while it runs decryption routines. Daniel Genkin, Adi Shamir (who co-invented RSA), and Eran Tromer , uses a side channel attack and through a process called " acoustic cryptanalysis ", they successfully extracted 4096-bit RSA key From GnuPG. " We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away, " The paper specifies some possible implementations of this attack. Some email-client softwares i.e. Enigmail can automatically decrypt incoming e-mail (for notification purposes) using GnuPG. An attacker can e-mail suitably-

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption

CloudFlare's Red October Crypto app with two-man rule style Encryption and Decryption
December 06, 2013Mohit Kumar
It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication
August 15, 2013Mohit Kumar
This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.