9 Burst results for "Fifty Six Bit"
"fifty six bit" Discussed on Firewalls Don't Stop Dragons Podcast
"On a project to try to do that. But it was just too difficult to get the performance out of the hardware of the day and also nobody had broadband so right now. There was no point going with that. Be easier thing to accomplish though would secure email so then. It doesn't matter how long it takes to to do the computation. It's just email so much involved activism of time well in the nineteen eighties. I was I was active in trying to stop the nuclear arms race You know the cold war was going on and People were afraid that nuclear war was almost inevitable. Right yeah brezhnev was in the kremlin and Reagan was in the white house. And so i was active in teaching a class on military policy issues. I did civil disobedience at the nevada. Nuclear weapons test site was in jail with carl sagan. Oh and daniel ellsberg will severe audience is probably too young to remember. Oh i would be so sure and did that did that. Factor into this was that was that was that also behind. You're wanting to have secure communications. Yes my activism of the nineteen eighties. What largely about protesting against the government In the government had a lot of capabilities to intercept communication in third world countries human rights workers and grassroots political organisations. Were were targeted. So i wanted to have technology that could be used for that too and so years later in nineteen ninety-one when i did pgp. or when. I was our nine hundred ninety. S when i really started working on it. I was thinking of human rights projects. I was thinking of human rights groups and domestic grassroots political organizations to protect people from their own government. So that's what i had in my most about. Gp we'll say regular everyday people Have ready access to strike christian. If you know where to look and we've talked about it on the a lot but things were different back in the early nineties. I'm guessing so describe for us what we're things were back then it. I just objective technical standpoint. What we're kind of the what was kind of the state of the art. At the time and then politically was very different to. Because the government was the government did not like regular people having encryption so bring again brings back to that time like what. What were the technologies of the time before. Pgp and and how is the government kind of putting their thumb on the scales. Well there wasn't much strong encryption at the time even other software products that used public key. Cryptography were using fifty six. Bit dance says the lock cypher. And so that could be broken by any government or any resourceful organization and and so there really wasn't any way for the average person to protect themselves to communicate securely over great distances without the risk of interception and so the with pgp that changed it was possible for the first time to for the average person to communicate over great distances without the risk of interception now governments of course could communicate over great distances with you. Know strong encryption.
"fifty six bit" Discussed on Firewalls Don't Stop Dragons Podcast
"He was very much a part of but there were other efforts at that time to functionally break and back door encryption. So that our intelligence agencies law enforcement agencies could if they wanted to break into anybody's encryption and and it turns out you know everything old is new again. We are doing that oliver. get now. so we're gonna talk about all that today with phil zimmermann. There's such a rich history with this particular privacy tool and i'm so glad to have gotten fill on the program to finally get this together and talk about it. It was just a fascinating interview before it get to the interview. I want wanna talk about a couple of things as usual. If there's jargon in the interview. I want kind of you know. Put that out there up front so that now as we talk about it during the interview and we don't really explain it that you'll have some sense for what it means. But i just wanted generally say that even though there are some definite jargon guinea in technical terms that around here that is not the focus of the interview. And you don't have to understand that all to reap the benefits of the nostalgia in this discussion. We're about to have nevertheless. I do wanna throw out a few terms that that that we don't really define as we go To make sure that in the context or what they mean and one of the things we talk about his voip and that is spelled. Voip or voice over internet protocol. So that's a fancy term. It's really von age or your cable companies. Now if your internet provider off and offers some sort of digital phone plan that's all of this is in fact skype and facetime and all in any of these products where you are having a voice communication using an internet tool. That's voice over ip or voip. We'll also talk a lot about bits. Forty bit encryption. Or fifty six bit dez which was the digital encryption standard. I think is what does did for back in the day. All these things are bits. Or you know. Just computer bets ones or zeros and generally speaking and phil will drive this point home in the interview. You've got a good crypto agra and then the strength of your encryption comes down to how big or how good. Or how random or all the above of ed encryption key lead us and we talk about public and private keys so you know the longer. The key generally speaking heart aristocrat. Because if you can't guess that key then you actually have to go through every possible combination of bits to try to figure out what that is. And that becomes computational infeasible the longer that key becomes he also dropped a couple of names Carl sagan which. I imagine many know. Carl sagan was an astrophysicist astronomer and all around amazing person who had the show the original show cosmos back in the day which was a wonderful. I remember watching that as a kid. Neil degrasse tyson has since revived that cosmo series which is also a great series but he mentions carl sagan. That's who that is. But it also mentioned daniel ellsberg. You may not be with. But if you've heard of the pentagon papers. He was famous for leaking. Those i think back in the seventies so again another activist..
"fifty six bit" Discussed on Security Now
"Eleven only rely upon and use the newer to fifty six bit crypto technologies. And of course there are. Other new crypto technologies in t- pm two point. Oh that are not part of one point two but there may be three things that my earlier are three things that microsoft may have missed. The first is that dropping. Old and newer crypto technologies has traditionally been a matter of upgrading server or client software. If your browser doesn't support the latest protocol clip you click on upgrade but in the case of t. pm that cryptography is locked into the hardware by design it cannot be upgraded because it must be designed to be an inviolate black box so while it's easy for microsoft to say we're going to require the use of two fifty six bit crypto technologies which are missing from t. p. m. one point two and are present only in. Pm two point. Oh not only. Is it not easy. It's not possible for windows users to fix this. With a software upgrade the second thing they've missed is the lack of any compelling reason to move from windows ten to windows eleven during last week's windows weekly. Mary jo expressed her puzzlement about.
"fifty six bit" Discussed on Security Now
"Pm one point two bills in functions for sha one. H mac one sixty. Which is you know h mac based on sha one ten twenty four and twenty forty eight bit rsa public key ciphers to the to these two to those functions p. pm two point zero adds the to fifty six bit flavors of sha and h mac so as j two to fifty six and h mac to fifty six two point zero also adds several to fifty six bit elliptic curve ciphers and elliptic curve defined. Hellman since t. p. m. Two point oh is backward compatible with t. p. m. one point two software could simply continue using the t. p. m. one point two functions. Even if you had t- pm two point zero to run on platforms having either tps standard and this is of course what windows. Ten does today and will continue to do for the next four years until october fourteenth twenty twenty-five which is targeted end of support date for windows ten you know and we may see the extended support for for cost which microsoft is currently doing with windows. Seven but microsoft may have decided that it's time to force a change we've seen and discussed countless examples of this throughout the life of.
"fifty six bit" Discussed on Tech News Today
"Yeah that's a good question. So the the answer short the short answer is that you want to use both so software random number generators usually called pseudo random number generators and the naming here can lead you to pay a little bit You might hear the word pseudo and think. Oh that's a bad kind and then see the hardware. Random number generators typically called t. r. angie's true random number generators and think. Why don't want this pseudo random numbers i want the true random numbers. I want the goodwill. But that's not how this works. That's really the only distinction. Here's at one is made implemented in hardware and software so the names can really lead you astray here. So the the benefit that software random number generators the pr angie's have is that they are albums you can study them independently much the same way that we can study cryptographic algorithms and we can be reasonably sure that they do their job. Pretty well But they come with a pretty big subject so they come with the assumption that you start out with some seed some inter value beginning some two hundred fifty six bit number. Whatever your entry people. We'll happens to be that the algorithm you know for the chicken and egg sort of reason can't generate for you. And that's where the hardware random number generator comes in is able to produce that initial see that entropy source that you could actually use and this is more or less how the entire computing world uses a orange like in large operating systems. This is the way clinics works. Noah's and mac os the iot world however is different and that's sort of where The the our research falls. Yes so talk a little bit about your methodology then As far as that's concerned what caused you to look into the iot world in the first place and what did you notice. Exactly yes so. We're both pentastar bishop fox and on one occasion we had engagement with an it sort of device. Our client was producing like a security relevant device. They did a lot of cryptography. And as part of that needed a lot of random number generation to the coach and so on a lark sort of asked like hey you know what the random number generator beano is the device using and the client reply. I call it has a built in hardware orangey on the thing so thought. Surely that's the gold standard for generating hardware for generating random numbers right. It's a peripheral. Little piece of hardware is devoted to do doing just one thing. What's the worst that could happen there right so with just got a big Output from the random number a couple of gigabytes of data. Just numbers from the orangey. I noticed that like large swath of it were just zero and we thought surely there something terrible gone wrong here. Some horrible buggy code or something and so we went on to investigate other devices to try to see if this was a unique turned out into. It wasn't so much of the actual engineering effort in our research was finding all kinds of different denver words for iot devices these systems on a chip that bio t- developers typically use and write code for them. That will you know. Exercise the random number generator get a bunch of numbers out and then they analyze them off. Line so okay so then. So then. you've that there's something going on here. Alan what What does that lead to. Then these iot devices aren't truly generating random numbers thrown a lot of zeros. Back for whatever reason that might be like what does that lead to from a security standpoint so phrase it this way if you had a door lock. Let's just say had a smart door lock and You needed to generate a random password for that whatever. That might be a secret key. You're going to start with some source of entropy when you go to generate that password if everyone's source of entropy is zero. You're always going to get the same deterministic output. So you're everyone's cigarettes is the same so it'd be like everyone's door lock having exactly this combination key right. I'm not saying that it's that bad exactly. But it's not far off one of the things that we discovered. Is that pretty much. Every stage of trying to work with random numbers on iot devices there are major pitfalls all the way down from the very bottom of the stack to the top. One of the things that was a big issue is a lot of times. If you're a program where you're not going to go write code scratch. There's already examples out there but a lot of the examples didn't do things like handle error codes and one of the things we run into is if you're trying to make say Twenty forty eight bit Rsa security key for ssh for instance. You're going to need a lot of entropy at once but one of the things that happens with these quote unquote true are harbor angie's of i don't like using the n. g. because it's kind of a misnomer hardware devices that create random numbers and they can only provide some random numbers at a time or You can only get so many an arro- before it starts running out of entropy running out of numbers to give you so what happens. Is they sent an error code. And if you're not looking for that area code you just keep asking for numbers and it's now giving you bad. Numbers possibly zero possibly even on initialized memory So there's all kinds of interesting things that can happen if you ignore those error codes. So that's the first problem a lot of libraries. Just don't bother to check next thing. That might happen is the implementation. It might be wrong. One of the things we found with a i believe it was tiki. Might be wrong in this one but The used lipsey rand instead of what you'd expect. So it's calling hardware random number generator but then it was using the not cryptographic secure lipsey ran function and handing you. You're random number so you thought you were getting a truly random number but you weren't and there are some major consequences. Dan talk about their But even if you get lower than that the next probably ran into is a lot these devices even if you did everything right still didn't have enough. Entropy you got sawtooth patterns where you'd see the same repeating bites appear here over and over or in other words if you laid out all of your random numbers in looked at looked at the distribution of zero three two hundred and fifty five. You'd see some bites happened far more frequently than others and even more disturbingly sometimes even repeating patterns. Or you'd see the number zero repeat every fifty bytes a very unusual pattern so even the actual results from the hardware if you were doing everything else. Rate was sometimes unusual so we definitely saw a lot of variety. And how are angie on. Iot devices failed but but consistently saw failure at every point. And that's what makes this so alarming especially when you know when he the thirty five billion iot devices number. It's like holy cow. That's like all of them are i. Don't know if it's all of them but it certainly a lot so dan. This also kind of brings to mind..
Microsoft announces passwordless authentication in Azure
"Microsoft announced his end to end encryption support for teams plus password list loggins microsoft announced that it is adding end to end encryption support to microsoft teams later this year at its ignite conference yesterday. It stated that preview of end to end encryption teams will be available in the first half of this year for commercial customers it will be available for one to one unscheduled teams calls and is designed for more sensitive conversations. This is something that its main competitor. Slack does not currently have microsoft also announced that it is making password list lugging a standard feature for as your active directory. A cloud based service customers can use to handle their employees logging chores. Us unprepared for a competition with china. Commission finds a comprehensive report released this week by the national security commission on artificial intelligence states that white house leadership and a substantial investment will both be needed to ensure us superiority in artificial intelligence by twenty twenty five commission. Chair and former. Google chief executive eric schmidt said he believes china is catching the. Us up on a initiatives proposed by the commission include the creation of technology competitive council within the white house to be chaired by the vice president. A steering committee on emerging technology within the defense department to coordinate an advance implementation of technology and d creation of an accredited degree granting digital services academy to help build a pipeline of civil service tech tyrant. Tom cruise deepfake videos rattled security. Experts three mysterious deepfake videos of tom cruise. That have gone. viral on. Tiktok are the handiwork of chris. Ume a video visual effects specialist from belgium. The videos have drawn attention from experts and non experts alike for being among the most convincing. Examples of the genre of fake videos yet produced deepfakes created using artificial intelligence that uses a technique to train to neural networks in tandem to either create or identify facial imagery while some technologists security experts. Fear deepfakes will become a potent weapon for political disinformation. Chris downplays such concerns saying quote consumers. Just need to become more skeptical of what they see and quote carmen. Ransomware makes it easy and cheap to launch attacks. A new ransomware. Do it yourself. Kit called carmen k. A. r. m. e. n. Is making it easy. For one of these cybercriminals to launch ransomware attacks packaged with small loader and also small in size it can detect if it is operating in a sandbox environments and can automatically delete portions of its code to prevent security researchers from analyzing it carmen scrambled files with eighty s. Two fifty six bit encryption and operates with minimal connections to its command and control server as a ransomware as a service product. Carmen automates many processes including payment processing so users can concentrate on distributing the rent somewhere at one hundred and seventy five dollars. Carmen lowers the barrier to entry to the ransomware market.
"fifty six bit" Discussed on Heartland Newsfeed Radio Network
"It's the cas special twenty six year addition since we bring you cas. I'm dave grave line. Thanks for tuning in special. Thanks to our sponsors for bringing you this special edition coverage of the all digital cas including type wise make four times fewer typos with type. wise keyboard. download it now. by clifford. the science of security and by e for twenty twenty one the epicenter for emerging tech trends and mobility solutions. Checkout ifm dash. Berlin dot com. We're talking with the vp of sales and marketing with a company called. I lock chris janke. We talked about all these points of data earlier. And i'm i'm imagining my audience in my head saying yeah but how do they protect our data. Because we've said for years on the show forget privacy. It doesn't exist anymore but to some degree. We still have to have some privacy with our data. How are you handling that yeah. So we're we're actually collecting the biometric opting in while they're doing it so they know their irises are being collected. Then we take their irish templates the left and the right is when we combine them into one template and then we encrypt that template using two hundred and fifty six bit eighty s type dod your department of defense type encryption. Highly highly secure. And that's always store on the individual and when they look in one of our devices they're looking at the device we're comparing their actual Irises with the templates that are stored in a database. And that's it very good. We don't have to attach that to a name or anything like that. And i'm like facial recognition or not capturing. Someone's face which is easily identifiable. You can't tell somebody by just their irises. And we're not even storing the image of their irises. Just the numeric value of what their irises mean. That's very cool. Does your technology work if they're wearing glasses. Sunglasses or regular glasses prescription glasses reading glasses. How does that happen. And because we use and the industry as a whole us it's not something unique to walk all use near infrared light near infrared lights properties. It allows it to penetrate plastic. Contact lenses glasses. I wear things like that and even most sunglasses interesting. So of course it's always easy to have a sign if you're wearing sunglasses remove them I remember when you couldn't go into a bank if you had a hat on let alone a face mask or sunglasses now. You can't go in unless you do it. You gotta be all messed up to begin with. It's just so odd. Lot of gun shops though have said had signs no mask you know we. We're we're a gun shop. We wanna see who you are. But again i lock well. Identify the people appropriately and give them the needed peace of mind. Where do you think we're headed into tomorrow. If you will with iris recognition with things that you guys are working on what. Where do you think we're going to show us perfect. I mean our technology has a hall is a technology. That's gonna be used in the future. And it's not going to be so much on security physical security as it is in the embedded sector the embedded side of things. So as you go get a prescription at a doctor's office or something. They can hold up a cell phone or an ipad and identify you and make sure that you're the right person getting the prescription. They're just not an infinite number but there's a lot of uses for that down the road From from securing transactions and sales credit card transactions venues instead of buying a concert ticket. Your enrollment on your mobile devices. Your is you go to the venue. Look at the kiosk and you go in. It's really going to simplify everybody and again. We're not violating anybody's privacy by doing so and i like From a consumer standpoint how there's no passwords to remember. You are your password and that is awesome. As far as i'm concerned and certainly the future more and more of that that's why i'm glad that you also have a team working on things for us consumers as well as businesses That can help us take care of things and know that we're going to be more accurate more private in that sense to And of course. I think you being your own password. You don't have to carry anything around either. Hopefully you have yourself your eyes and again. It's way more accurate than a fingerprint. More accurate than facial. It's much more private. Sure and biometric. Other than right. I was gonna say the only thing better if you will is dna but then you gotta wait weeks for results. And that's not going to allow you to get into a bank or something. So i locked. Dot com e y e lac dot com chris janke vp of sales and marketing. With i lock. Thanks so much for spending time with us and being part of our cas specials this year. You've got awesome things you're working on. Keep up the good work. Keep us informed and we'll keep sharing. Thanks i appreciate it very much. I'm dave grave line. We continue bringing you further into tomorrow especially from our virtual. Cas this year right here.
Fabric vault for couples to share their finances
"Hiring is challenging, but there's one place you can go. We're hiring is simple. And smart that place is ZipRecruiter. Where growing businesses connect to qualified candidates. Try it for free at ZipRecruiter dot com slash tech talk. Ziprecruiter, the smartest way to hire. If you share your finances with someone you know that sometimes the other person knows where all the counselor in. We're all the information is in you may not know. Well, we may have a solution that it's called fabric vault and Adam early Bacher has just created. It's just launching on Tuesday February twelfth, and he's here on talking tech to tell you all about it. I'm Jefferson Graham. Stay tuned fabric is digital platform that helps new parents start their family's financial life. And when you become a parent, really, everything changes, you need to think about all these things that you've never had to think about before like sending up a wheel and getting life insurance. And and most importantly, really getting your and your spouse's finances organiz and so to solve that problem of getting organized comment Kim about if through my own personal experience, and my wife, and I had meant to write down a list of all of our financial accounts in case anything happens one of us. But. We never actually got around to it because they were tends to get lost. And you know, my dresser drawers in the most secure. So think about this problem. We wanted to create a easy and secure way that spouses could share important financial account for mation with one another and that really became fabric vault and the way that it works is you can share checking savings investment for one k IRA life insurance and any other important account information financial account information with your spouse through the vault. Your spouse will accept that can create his or her own vault ensure that back with you. So that in case anything ever happened to either view, you have this always accessible always on secure place to find this information or so how much does it cost? It's free. It's actually free copious with a free volt. So how you gonna make money doing this for free? So. The way that we make money is well, first of all we have a whole suite of free products like this last will intestine called fabric wills and then free educational content fabric fault is free as well. Will you we make money is by offering optional life insurance. So you can use all of our products for free. And if you want you can sign up for a life insurance through as well the wheels because I'm not familiar with with that product. How does that work? So fabric wills are also free. And we provide a tool that allows anyone to come in create a last will and testament at meet, fabric dot com slash wills. The exciting thing about that. Is that what we found is six out of ten adults with kids actually haven't created a will. And if you haven't created a will that means that a court can appoint guardians for your children? And so the most important reason to actually set up a will is to need guardians for your kids. I think a wreath Franklin died without a will. Right. That's correct. That is correct. Okay in how how does your will have legal standing? A will is is actually quite a a simple document to set up. And it it allows you to not only name the guardians of your children. But to explain how you'd like your assets to be divided up. So it's it's quite a simple documents about two pages long and many folks will actually create their own will by just writing it down. There's no there's no requirement that you do it through lawyer. But we do recommend that you have your your your personal lawyer wreck review anything that you've you've written. To make to make a will legally binding you need to print it out. And and have it signed by at least two a disinterested. Witnesses okay and giving back to the volt. How safe is that information from hackers? We use two hundred fifty six bit encryption on everything that we do in obviously dealing with life insurance. We take a security very very seriously. And that was the first product that we launched. So he's invested a lot of time in making sure that our infrastructure is safe and secure. It's something that we think about as a as a primary concern fabric. You can find out more about the fabric faulted, meet theft dot com. I'm Jefferson Graham, you've been listening to talking tech. Please subscribe to the show wherever you listen to find online audio and thanks everyone for listening. In need of great talent for your business. But short on time. You don't have to get lost in a huge stack of resumes to find your perfect hire. You just need the right tools smarter tools with ZipRecruiter you can post your job to over one hundred of the web's leading job boards with just one click then ZipRecruiter. Actively looks for the most qualified candidates and invites them to apply. So you never miss a great match. No wonder eighty percents of employers who post on ZipRecruiter get a quality candidate through the site in just one day. Find out today why ZipRecruiter has been used by businesses of all sizes and industries to find the most qualified job candidates with immediate results right now. Talking tech listeners can post jobs on ZipRecruiter for free. That's right free. Just go to ZipRecruiter dot com slash tech talk. That's ZipRecruiter dot com slash tech talk. One more time to try it for free. Go to ZipRecruiter dot com slash tech talk. Ziprecruiter, the smartest way to hire.