 |  |  |
 |
OpenFortress : Cryptography weblogSecurity issues surrounding digital signing and related technical issues. Target audience includes technicians working on such systems. Note that there is a security news track with more general information. Links between the announcements on that track and this one will be made when proper.
RSS 2.0 news feed for this weblog Editors should exploit HashesPosted on Sun, 10 Apr 2005, 13:55. Editors of any kind are usually aware that a file has been changed and must be saved to disk before quitting the editor. On some occasions, this does not make sense. And it is so easy to avoid... Repairing Hashes by Wrapping them in Random DataPosted on Wed, 16 Feb 2005, 16:16. With the recent fall of sevaral hash algorithms, signing applications face a serious attack. For some applications, they are left without a well-researched hash algorithm. This article defines an approach to make the existing hashes more reliable for signing purposes. Collission attacks against SHA1Posted on Wed, 16 Feb 2005, 09:08. Although not formally confirmed yet, Bruce Schneier published information that the SHA1 secure hash algorithm is prone to collision attacks. Symmetric Encryption in OpenPGP under mild attackPosted on Fri, 11 Feb 2005, 09:21. Automated OpenPGP systems may have overlooked an issue that turns out to be open for exploits. With a human in the chain, nothing will happen but automated traffic handling should caution. Tightening the PGP Web of Trust with "same person" statementsPosted on Sun, 06 Feb 2005, 16:58. OpenFortress is investigating PGP's web of trust. One idea that occurred to us is that it might be advantageous for the Web of Trust if keys of the same owner can be considered as each other's replacements. |
More news and weblogs |  |