New Articles for This Topic
Last Update Date: Tue, 14 Mar 2006 12:57:59 -0500 (EST)
- http://www.wired.com/news/technology/0,70524-0.html?tw=wn_index_1
"A Pretty Good Way to Foil the NSA"
Wired News (04/03/06); Singel, Ryan
Phil Zimmerman, author of the PGP email encryption program, has developed
an open-source software application to secure Internet phone calls. Zfone
is currently only available for OS X and Linux, though a version for
Windows is expected this month. The program encrypts and decrypts voice
calls as traffic moves in and out of the computer, and does not require
users to predetermine an encryption key or enter lengthy passwords. Zfone,
which has already been tested with X-lite, Free World Dialup, and the Gizmo
Project, is intended to be compatible with any VoIP client using the
standard industry SIP protocol. During the call, the software displays a
three-character code for each caller to read aloud to defend against
man-in-the-middle attacks, where eavesdroppers intercept the cryptographic
keys between two callers. If someone is attempting to intercept the
communications, the spoken codes will not match what appears on the
callers' screens, and they will know that someone is attempting to listen
in. Zfone is based on the SRTP system that adds a 3,000-bit key exchange
to the 256-bit AES cipher to generate the three-character codes that users
read aloud to each other. The protocol has been submitted to the IETF for
standardization. Zfone is intended principally to compete with Skype's
proprietary encryption system, which is not available for peer review and
is alleged to contain demonstrated vulnerabilities. - http://www.nytimes.com/2006/05/22/technology/22privacy.html
"Voice Encryption May Draw U.S. Scrutiny"
New York Times (05/22/06) P. C11; Markoff, John
The FCC, in trying to force Internet and VoIP service providers to adopt
technology that will enable law enforcement to monitor phone calls, has
left a backdoor open--encryption programs that operate directly between
computers and not through a hub. Walking through that door is Philip
Zimmermann, creator in 1991 of Pretty Good Privacy, software used to
encrypt and decrypt email that drew government scrutiny for possible
violations of export restrictions on cryptography technology, and more
recently Zfone, which encrypts computer-to-computer phone conversations.
Unlike similar technology, Zfone performs decryption within the digital
voice channel as the call is set up rather than leaving the decryption key
residing on a network of computers. For now, the technology does not
violate any U.S. regulations due to this difference, but in England, where
the government wants to give law enforcement the power to force businesses
and individuals to disclose encryption keys, the issue is not so clear.
Zfone works on free VoIP software programs such as X-Lite and Gizmo but not
on Skype calls, which German officials recently announced they can now
intercept and decrypt. Zimmerman's software is downloadable for free for
now though its creator hopes one day to license it to VoIP software and
hardware developers.
New Topics
New Articles for This Topic
Last Update Date: Sat, 29 Oct 2005 23:04:10 -0400 (EDT)
- http://www.usatoday.com/money/industries/technology/2006-02-16-skype-wiretap
"Calls Made Over Skype Internet Service Make Eavesdropping Tougher"
USA Today (02/17/06) P. 2B; Svensson, Peter
The debate over the legality of the Bush administration's warrentless
eavesdropping could become a moot point if more providers follow in the
footsteps of Skype, which encrypts its free Internet calls, making them
almost immune to eavesdropping. Though encryption techniques for Internet
communication have been around for years, most users have not felt
vulnerable enough to justify the hassle of security programs such as the
cumbersome email application Pretty Good Privacy. Counterpane Internet
Security CTO Bruce Schneier notes that Skype's ease of use made it popular,
rather than its security. Skype boasted 75 million registered users of its
freely distributed software at the end of last year. Talking over the PC
is free, but telephone-based communication carries a fee. Calls placed
through Skype traverse the Internet encrypted with 256-bit keys, twice the
length of the keys typically used to transmit credit card numbers. "It's a
pretty secure form of communication, which if you're talking to your
mistress you really appreciate, but if al-Qaeda is talking over Skype, you
have probably a different view," said Verso Technologies CEO Monty
Bannerman. Schneier says that Skype's encryption is of sufficient strength
to foil the eavesdropping efforts of the National Security Administration,
as even a poorly encrypted call would take hours to crack. He adds,
however, that the government could still track Skype's calls, even if it
could not listen in on the content. Skype CEO Kurt Sauer claims the system
has no back doors to get around the encryption, though he also reports that
Skype is in full cooperation "with all lawful requests from relevant
authorities," declining to elaborate further.
New Topics
New Articles for This Topic
Last Update Date: Fri, 20 Aug 2004 15:56:34 -0500
- http://www.acm.org/technews/articles/2004-6/1227m.html#item12
"Maintaining Cryptographic Security in the Information Age"
Traditional approaches to data encryption and decryption are threatened by
the emergence of more powerful computer systems, so researchers are looking
to quantum computing in the hope of maintaining the security of
information. IST has focused on this area, first through the STORK ... - http://www.acm.org/technews/articles/2005-7/0128f.html#item18
"Best-Kept Secrets"
The emergence of quantum computing could spell the doom of
traditional public-key cryptography, since quantum computers are
theoretically capable of quickly carrying out the massively complex
factorizations needed to break the encrypted secret key transferred ... - http://www.acm.org/technews/articles/2005-7/0223w.html#item13
"Researchers Find Security Flaw in SHA-1 Algorithm"
Chinese university researchers have discovered a technique that
significantly improves the chances of cracking the data encryption
algorithm SHA-1. SHA-1 (secure hash algorithm) is used by a wide range of
companies and generates unique strings of values to both encrypt and ... - http://www.acm.org/technews/articles/2005-7/0325f.html#item8
"SHA-1 Flaw Seen as No Risk to One-Time Password Proposal"
A vulnerability in the SHA-1 one-way hash function discovered by Chinese
cryptographers in February does not affect most SHA-1-based applications,
including the Hashed Message Authentication Code (HMAC) from the Initiative
for Open Authentication (Oath). The proposed HMAC standard is a one-time ... - http://www.acm.org/technews/articles/2005-7/0427w.html#item8
"Encryption: The Key to Secure Data?"
Data encryption technology is now a mature market with infrequent updates,
but the failure of public key infrastructure (PKI) to take off in the
commercial sector has left a gaping hole in the encryption framework.
Encryption comes in two flavors: Traditional symmetric encryption and ...