TOR wdraża nowy silnik szyfrowania. Po ponad 20 latach nowy mechanizm załata podatność na ataki typu tagging

Każdy z nas, kto choć na chwilę szukał sposobu na zapewnienie anonimowości w sieci, spotkał się zapewne z pojęciem sieci TOR (The Onion Routing). I choć technologia ta pochodzi z lat 90, do chwili obecnej jest szeroko stosowana między innymi przez dziennikarzy, badaczy cyberbezpieczeństwa i każdego kto chce pozostać anonimowy...

#Aktualności #Cgo #Darknet #Darkweb #ForwardSecrecy #Tor

https://sekurak.pl/tor-wdraza-nowy-silnik-szyfrowania-po-ponad-20-latach-nowy-mechanizm-zalata-podatnosc-na-ataki-typu-tagging/

Someone who dreams about "the next internet"

An interconnected self-configuring, robust, redundant, delay and disruption tolerant, transport layer agnostic, local-first network, owned, grown, & maintained (for the common good) by communities & individuals, forever providing #DigitalLiteracy, #DigitalAutonomy, #ForwardSecrecy, #PrivacyAndSecurity, supporting being offline, portability, & roaming, without any permanent record, blockchain, middlemen, or any (global) authority getting in the way

#InterNet #LocalFirst #Community #CommunityEngagement

Discover the power of TLSv1.3, the latest in internet security! This article dives into its features, improved performance, and how to audit services with a RELIANOID ADC Load Balancer. Keep your online communications safe with TLSv1.3.#InternetSecurity #Cybersecurity 🌐🔒

https://www.relianoid.com/resources/knowledge-base/troubleshooting/auditing-tlsv1-3-is-enabled-for-your-services/

#TransportLayerSecurity #Encryption #DataProtection #ForwardSecrecy #SSLProtocol #SecurityUpdates #CyberThreats #OnlineSecurity #WebBrowsing #LoadBalancer #SSLDebugging #OpenSSL #SecurityAuditing

So, it turns out the new "ECIES" #iMessage #encryption is actually vastly more secure. As far as I can tell, it addresses all of the concerns laid out in https://isi.jhu.edu/~mgreen/imessage.pdf

(Note that I am not an expert on #cryptography, I only vaguely understand these things. Hopefully someone can do a more formal analysis on the new version.)

Some examples:

• Like #Signal, it now uses ephemeral "pre-keys" to establish a new session key for every message. This means that the encryption has #forwardsecrecy even if your private key is exposed they will not be able to decrypt old messages
• Certificate pinning is now employed everywhere
• ECDSA keys are now used instead of shorter RSA keys

Puncturable Key Wrapping and Its Applications https://youtu.be/yh45UpVQjYA

By Matilda Backendal, Felix Günther, and Kenneth G. Paterson.

The end of the video contains an amazing rap video…

Paper: https://iacr.org/cryptodb/data/paper.php?pubkey=32444

via @philipp

#AsiaCrypt2022 #cryptography #ForwardSecrecy

https://blog.geoffroy.gramaize.eu/2013/08/02/tls-perfect-forward-secrecy-support-with-apache/
poke @isithran

Yes j'ai enfin une bonne source pour la #ForwardSecrecy 😅