Cryptosmith

I have been reading the ACM’s Model Curriculum on Information Technology (a prototype “IT” major) with a special eye towards the information security coverage. I’ve been teaching information security courses and recently developed a major in the area.

The curriculum provides minimum times to cover major topics in the field, like 3 hours to cover “Fundamental Aspects” including the “history” of information assurance and security. After factoring out the other dozen ‘learning outcomes’ for that topic, one is left with six minutes to cover the “history” of information security. Continue Reading »

Posted under History of Technology & Information Security | No Comments »

This is one for the books. Several OpenSSL implementations, including Denbian and its children, including Ubuntu, have been crippled since September 2006. It’s described on the metasploit web site.

The pseudo-random number generator (PRNG) was broken such that it only used the Unix process ID as the unchanging random input to the generator process. In other words, these security packages could not generate more than 32,768 different keys (since there were only 32,768 different process IDs on Unix). Continue Reading »

Posted under Information Security | No Comments »

The one-time pad is the only encryption technique that has been mathematically proven to be uncrackable. While hard to use, it has often been the choice for highly sensitive traffic. Soviet spies used one-time pads in the 1940s and -50s. The Washington-Moscow “hot line” also uses one-time pads. However, the technique is hard to use correctly.

Continue Reading »

Posted under Information Security | No Comments »

The exclusive or operation - a logical function applied to binary bits, like AND, OR, and NOT - is a fundamental encryption technique. It is often used in stream ciphers, which are widely used in web browsers when connecting to secure web servers. Continue Reading »

Posted under Information Security | Comments Off