0411, 2023

Fight the EU Law for attacking Cryptography

René Pfeiffer/ November 4, 2023/ Security

The Crypto Wars have been one topic that DeepSec keeps addressing in public. The conference and our blog documents countless attempts to weaken algorithms, introduce mandatory back-doors, and compromise of operating systems. The European eIDAS (electronic IDentification, Authentication and trust Services) regulation is a proposal that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments. This destructively changes the IT security landscape. To quote from Mozilla’s open letter: These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic across the EU. Any EU member state has the ability to designate cryptographic keys for distribution in web browsers and browsers are forbidden from revoking trust

Read More

2110, 2023

Global Encryption Day 2023

René Pfeiffer/ October 21, 2023/ Security

Wshpq mu Fknadp Icuvaoshnq Hen. Wreqxoslsr xk spd ne ski fjapfhmf aosgzk sh hmenuqeiasp rdbtumxn. Omvgnts hrggqtvhnm, skivt oswkc ad qs att wjnor, mr wirmvg ldrrdkmcy, rq dkdbwvscag dzmjhqk, rd hvqsdbslsr dx wgbqdsv altf xtzmrehvvxfk cmc rsrvmcy mpenqldxmdf. HgdoRdf lehs pqmf sqdhmiasp ne roheoxfk km ezuryv dx gtxosnjveezc. Yd gzc ryv usmt rgzqh sj ejiudmszwmsck hgzkhmj amiz ftdzjhqk eaysthsglv ers xmpchmf ipelk mp sgdl. Wli umpn eqnmwep plxcbj ax wli Tmvqodzm Fsqbawuhnm nq irrjcrshnm ec esvmpf azbnhsdjw vn bnlpyrxuevhnm chzmrww ugnvr wlei kietqd brqqjfmezshnq mw cgx c fhudq vmvzx. Ks ltrw fi swjgmcdc wshpq, xqlnqqra, ecv mp sgd exxygw. Ipbqxowmsc xeedr sguieik, fqsg nkg ers fiy. Lzjd bsyg nskbd gddvh pfh vdkk hw xs izi ynqkc! Rv ftlxgq xds: Fsrijmdtsd slqi, uarcmbhzo wyehsts, nq tvi icuvaoshnq mr ejsftbsr dpp dx xjd shlh. Hikwpqodqr uipn

Read More

2608, 2022

DeepSec 2022 Talk: Post-quantum Verkle Signature Scheme – Maksim Iavich

Sanna/ August 26, 2022/ Conference

We expect mass production of quantum computers in the near future. Quantum computers can easily break cryptographic schemes that are used in practice. Thus, classical encryption systems become vulnerable to attacks using quantum computers. There are research efforts to find encryption schemes that are resistant to attacks using quantum computers. Digital signatures are an important technology in securing the Internet and other IT infrastructures. A digital signature provides the authenticity, integrity, and identification of data. We use digital signatures in identification and authentication protocols. So, these secure digital signature algorithms are crucial in terms of IT security. Today, in practice, digital signature algorithms such as RSA, DSA, ECDSA are used. However, they are not quantum stable, as their safety relies on large composite integers, complex factorization and the computation of discrete logarithms. We asked

Read More

1002, 2022

Blockchain, bad data, and bad code

René Pfeiffer/ February 10, 2022/ Scuttlebutt, Security

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 11 January 2022.] Dear readers, the pandemic is still not over. 2022 greets us with a new variant of SARS-CoV-2. I hope all of you stay safe and stay healthy. The organisation of DeepSec events continues. The wonderful world of IT has plenty of topics to research and check for security vulnerabilities. There is one issue I would like to describe in some more depth. DeepSec itself and parts of its staff and helpers have strong ties to cryptography. We supported the Crypto Party events in Vienna back in 2012. Back then, Bitcoin (₿) was three years old. It was regarded as a curiosity. For us, crypto still means cryptography. We considered accepting Bitcoin

Read More

3103, 2021

Translated Article: EU-US Summit Against Secure Encryption

Sanna/ March 31, 2021/ Legal, Stories

Gipfel EU-USA gegen sichere Verschlüsselung by Erich Moechel for fm4.ORF.at The agenda of the virtual meeting at a high-ranking official level in two weeks features pretty much all data protection-related topics that are currently controversial in Europe. Joe Biden’s appearance before the EU Council of Ministers will be followed by a two-day video conference on April 14th at the top level of officials in the field of justice and homeland security between the EU and the USA. Practically all currently controversial issues around data protection are on the agenda, from cross-border data access for law enforcement officers to joint action against secure encryption. This is also the case with the “fight against child abuse”, which is once again being instrumentalized for these general surveillance projects. Ylyva Johansson, EU Commissioner for Home Affairs and Justice, commissioned a

Read More

3103, 2021

All your Content are belong to Us – how the Crypto Wars continue

René Pfeiffer/ March 31, 2021/ Discussion, High Entropy, Internet, Legal

Encryption is one of our favourite topics. This blog and our events feature discussions, tools, and content regarding cryptography. The first DeepSec conference in 2007 even had a presentation about a practical attack on GSM’s A5/1 algorithm. Subsequent conferences followed up on this, for example, the state of affairs of mobile network security in 2010. We use encryption and high levels of privacy in our own communication. Certain published documents emphasize the importance of using uncompromised and modern encryption algorithms. In the meantime, users have moved to messengers using TCP/IP on top of the mobile network transmissions. This enables full end-to-end encryption and privacy. The problems are still the same as in the 1990s. Enter the continuation of the Crypto Wars. On 23 March the Oberlandesgericht (Higher Regional Court) Rostock in Germany argued that

Read More

2511, 2019

DeepSec 2019 Press Release: High-quality Randomness protects Companies

Sanna/ November 25, 2019/ Conference, Training

The ‘bugs’ of the’ 90s are still alive – hidden in IoT devices, integrated systems and industrial controls. Modern information security can’t manage without mathematics. It is less about statistics in the form of operational data or risk analysis. It’s about cryptography, which is constantly used in everyday life. It uses elements that build on high-quality random numbers to protect information from attacks. This year’s DeepSec Security Conference addresses key aspects of product implementation – data protection during transport and storage. Protecting the Digital Transformation Whether “intelligent” bulbs and illuminants, heating or building controls, tv-sets, industrial plants or entire production lines – the digital transformation covers all areas of our lives and leads to changes. On the one hand, digitization opens up opportunities such as the optimization of processes, the more efficient use of

Read More

2011, 2019

DeepSec 2019 Talk: Demystifying Hardware Security Modules – How to Protect Keys in Hardware – Michael Walser

Sanna/ November 20, 2019/ Conference

[Editorial note: Cryptography is one of our favourite topics. This is why we invited experts from sematicon AG to show some of their skills and help you navigate through the jungle of false promises by vendors, magic bullets, and misuse of the word „crypto“.] A secure crypto-algorithm is based on the fact that only the key needs to be kept secret, not the algorithm itself. The key is of high value and must be protected. In this talk we will have a look at how to protect keys and why a dedicated hardware is needed to make sure the key is kept secret and always under the control of the owner. Different use cases require different HSMs (Hardware Security Modules). We will have a look at data centres and cloud HSMs as well as

Read More