“CryptoHack is a fun platform for learning cryptography. The emphasis is on breaking bad implementations of “modern” crypto, such as AES, RSA, and Elliptic-curve. The format is a series of puzzles that teach small lessons and motivate further research.”–cryptohack.org
Not hard enough? Try CryptoPals.com.
Bob Barr has recently added his voice to the ongoing call of law enforcement to provide exceptional access to encrypted communications. Here’s why that’s not going to work.
“Exceptional access — as governments propose — is the problem of making a system selectively secure. I can tell you, it’s hard enough to make a secure system. It’s vastly harder to make a system secure except for governments, and only available to governments that consist of ‘democratically elected representatives and [a] judiciary’ as the GCHQ authors imagine.”—Jon Callas, “The ‘Ghost User’ Ploy to Break Encryption Won’t Work.” DavisVanguard.org. July 24,2019.
Is being able to access the encrypted communications of everyone enough? Between the drone’s Gorgon Stare above, the Ring camera on every other front door for police to access, televisions tracking every show being watched, phones and digital assistants listening in on conversations, fitness trackers as evidence in court cases, Stringray and other technology for phone tracking, license plate readers to track vehicle movement over time, surveillance balloons and so on, it feels to me like the police and military are a little under-powered these days.
I was promised a camera in my television watching my every move, a Room 101 for not sufficiently toeing the line and a boot stomping on a face of humanity forever. Was Uncle Orwell lying to me?
Zero-knowledge cloud encryption. ~$50 for 500 GB / year or ~ $100 for 2 TB / year.
“Data privacy matters, and we all deserve respect and consideration from those we visit on the internet. As shown by the numerous data breaches that have affected companies and individual users around the world, individuals and governments, however, we must also look out for our own personal data and privacy. Using a VPN to obfuscate your location and encrypt data is a powerful way to prevent the tracking, stalking and theft of personal and private data.”
—Eric Jeffrey, “How to Boost Your Data Privacy With a Virtual Private Network.” Security Intelligence. November 2, 2018.
A layman’s explanation of VPNs and why you should be using them. I’ve mentioned VPNs before. If interested in using one, check this website for a comparison of different services.
“Intra protects you from DNS manipulation, a cyber attack used to block access to news sites, social media platforms and messaging apps.”
An app from Google’s Jigsaw Team that incorporates encrypted DNS lookups that come stock in 9 into older versions of Android. Not as good as using a VPN, but better than nothing.
“WireGuard is a new type of VPN that aims to be simpler to set up and maintain than current VPNs and to offer a higher degree of security. The software is free and open source—it’s licensed GPLv2, the same license as the Linux kernel—which is always a big plus in my book. It’s also designed to be easily portable between operating systems. All of that might lead you to ask: in a world that already has IPSEC, PPTP, L2TP, OpenVPN, and a bewildering array of proprietary SSL VPNs, do we need yet another type of VPN?”
—Jim Salter. “WireGuard VPN review: A new type of VPN offers serious advantages.” Ars Technica. August 26, 2018.
Do we need yet another type of VPN? Why, yes. Yes, we do.