home.social
Sign in Create account

#encryption-keys — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #encryption-keys, aggregated by home.social.

fetched live
  1. tech news ᳇ eicker.news @[email protected] ·

    #Microsoft provided #encryptionkeys for #BitLocker protected data on three laptops to the #FBI, following a warrant. This is the first known instance of Microsoft providing encryption keys to law enforcement. Privacy experts argue it exposes users to unwanted access and highlighting the risks of storing encryption keys on Microsoft’s servers. forbes.com/sites/thomasbrewste #tech #media #news

    #microsoft #encryptionkeys #bitlocker #fbi #tech #media
  2. xoron :verified: @[email protected] ·

    @kkarhan

    thanks for the reply! far from being discouraged, i appriciate your engagement. i will try to be reasonably brief in my reponse to your points and give a general update on progress and objective.

    > scout out existing solutions

    i have seem similar #webapp implementation, i think so far for "that kind" of chat app, the chat app is able to demonstrate similar basic functionality. for a wider adoption, the user interface needs to be more appealing, but i think its important to have a working proof-of-concept first. the project is specifically aiming to be a #javascript #localFirst #webapp.

    a couple notable similar implementation to mine are:
    - github.com/cryptocat/cryptocat
    - github.com/jeremyckahn/chitcha
    (im sure there are many more, but i think my approach is yet different and unique to the ones i've come across.)

    > DO NOT DIY ENCRYPTION!

    this is indeed a reccomended practice i have seen several times. here is a previsous reddit post on the matter: reddit.com/r/cryptography/comm ... tldr; the underlying implementation provided by the browser is the best way to go. i have implemented the #encryption using the #webcrypto #api. i aim to not use a library for this.

    i generally try to word things in a way that users can provide feedback on features. the app is still in a very early stage, but has a reasonable amount of features. im generally open to requests and questions.

    > minimum viable product

    what you see as the chat app is also the #minimum #viable #product. i think its sufficiently demonstrates the basic functionality of a chat app. i think the next step is to make the app more stable and user friendly.

    those other apps youve mentions ive come across before. what sets my approach apart is that mine it's purely a webapp. with what id like to describe as #p2p #authentication over #webrtc, im able to remove reliance on a backend for #authenticate #data #connections. in some cases, bypass the internet (wifi/hotspot). while there are several ways to #selfhost, in this approach of a #javascript implementation, im able to store large amounts of data in the browser so things like images and #encryptionKeys can be #selfhosted" in the browser. while this form has nuanced limitations, it also has interesting implications to security and privacy.

    there are many nice features from the different apps you mentioned and i think i have some unique features too. the bottle neck in this project is that i dont put in enough time to the app.

    > feel free to slowly ibtegrate them.

    this is basically already my approach to get the app to where it is now.

    thanks for the luck, take care and i hope you stay tuned for updates.

    #webapp #javascript #localfirst #encryption #webcrypto #api
  3. BuZZ-dEE ☮️ 🇺🇦 🇪🇺 🇩🇪 @[email protected] ·

    #Signal under fire for storing #encryption #keys in #plaintext

    stackdiary.com/signal-under-fi

    #Security #EncryptionKeys #Cybersecurity #signalapp

    #signal #encryption #keys #plaintext #security #encryptionkeys
  4. Hostvix @[email protected] ·

    Signal president Meredith Whittaker has addressed concerns about unencrypted encryption keys on Signal desktop and the ability to clone entire sessions undetected.

    stackdiary.com/signal-under-fi

    #Signal #Security #Encryption #Privacy #Cybersecurity #TechNews #DataProtection #EndToEnd #EncryptionKeys #SignalApp #DesktopSecurity #TechSafety #DigitalPrivacy #SecureMessaging #InfoSec #UserSafety #DataBreach #SecurityUpdate #OnlinePrivacy #SignalUpdate #TechAlert #PrivacyConcerns #DigitalSecurity

    #encryption #privacy #cybersecurity #technews #dataprotection #endtoend
  5. Hostvix @[email protected] ·

    Signal under fire for storing encryption keys in plaintext

    stackdiary.com/signal-under-fi

    #Signal #Privacy #Encryption #Cybersecurity #Messaging #DataProtection #SecureComms #DesktopApp #Vulnerability #InfoSec #DigitalSecurity #EndToEnd #PlainText #KeyManagement #TechNews #PrivacyBreach #SecurityAlert #Cryptography #DataSafety #MobileApps #UserPrivacy #SecurityFlaw #EncryptionKeys #Tech #MessageSecurity #PrivacyRisk #SecureMessaging #CyberRisk #DataExposure

    #signal #privacy #encryption #cybersecurity #messaging #dataprotection
  6. 🛡 [email protected]/:~# :blinking_cursor:​ @[email protected] ·

    Unpatchable Vulnerability in Apple Chip Leaks Secret Encryption Keys

    Date: 03/21/2024
    CVE: Not provided in the source
    Sources: Ars Technica

    Issue Summary

    A vulnerability found in Apple’s M-series chips allows attackers to extract secret encryption keys during common cryptographic operations. This flaw, rooted in the chips' microarchitecture, is deemed unpatchable and can only be mitigated by adjustments in third-party cryptographic software, potentially impacting performance. The vulnerability exposes keys through a side channel when a targeted operation and a malicious app with normal privileges run on the same CPU cluster.

    Technical Key findings

    The vulnerability exploits the data memory-dependent prefetcher (DMP) in the chips, which anticipates future memory needs to reduce latency. However, the DMP can misinterpret encryption key material as pointers, attempting memory access and leaking the data. Attackers can't directly access keys but can manipulate data to make intermediate encryption algorithm data resemble pointers, leading to key exposure through cache side channels.

    Vulnerable products

    • Apple M-series chips, particularly M1 and M2 generations.

    Impact assessment

    Successful exploitation allows attackers to extract sensitive cryptographic keys, undermining the confidentiality and integrity of encrypted data. The broad application of cryptographic operations on vulnerable devices elevates the risk.

    Patches or workaround

    Direct patching of the hardware flaw is impossible due to its microarchitectural nature. Mitigation requires implementing defenses in cryptographic software, which may significantly affect the performance of cryptographic operations.

    Tags

    #Apple #M-series #EncryptionKeys #SideChannel #Vulnerability #CryptographicSoftware #PerformanceImpact

    #apple #m #encryptionkeys #sidechannel #vulnerability #cryptographicsoftware
  7. IT News @[email protected] ·

    In a first, cryptographic keys protecting SSH connections stolen in new attack - Enlarge (credit: Getty Images)

    For the first time, researchers... - arstechnica.com/?p=1983026 #encryptionkeys #features #security #bitflips #biz#ssh

    #ssh #biz #bitflips #security #features #encryptionkeys
  8. Dick Smiths Fair Go Supporters @[email protected] ·

    > Has contract with "#USDefence".

    > Must tell #China whatever the fuck he's told to.

    See #Swiss encryption company exposed for giving faulty #encryptionKeys on behalf of the #USA. So a company doesn't even need to pretend to be #USBased nor #USLaw-abiding to be an arm.

    Hands up if you ever for one second, thought an #internetConnected driving device would've worked?

    #analog #drivingDevice #spying #Tesla #byeByeAutonomousVehicles #degrowthNowPlease #plannedDegrowth #gamesOver #degrowth

    #usdefence #china #swiss #encryptionkeys #usa #usbased
  9. Dick Smiths Fair Go Supporters @[email protected] ·

    > Has contract with "#USDefence"…

    > Must tell #China whatever the fuck he's told to, right?

    See #Swiss encryption company exposed for giving faulty #encryptionKeys on behalf of the #USA. A company doesn't even need to pretend to be #USBased to be a piece of crap.

    Hands up if you ever for one second, thought that an #internetConnected driving device would've worked?

    #analog #drivingDevice #spying #byeByeAutonomousVehicles #degrowthNowPlease #plannedDegrowth #gamesOver #degrowth

    #china #swiss #encryptionkeys #usa #usbased #internetconnected
  10. Dick Smiths Fair Go Supporters @[email protected] ·

    @witchescauldron
    (2/2)

    Its deeply troubling that systems like Tor and i2p have existed for over a decade yet no one has had the guts to promote them strongly. We've had #netNeutrality destroyed, #dragNets built, #techGiants crush #independentMedia, and respected #certificateAuthorities exposed for issuing faulty #encryptionKeys...

    What more do we honestly need!?

    But when we try to suggest the alternative, many act like its too extreme. The #sleepwalking is real.

    #netneutrality #dragnets #techgiants #independentmedia #certificateauthorities #encryptionkeys
  11. Samuel Vermeulen :verified: @[email protected] ·

    #ActuLibre Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices -> feedproxy.google.com/~r/TheHac #TrustedPlatformModule #IntelServerChipsets #hardwaresecurity #encryptionkeys #intelprocessor #cybersecurity #cryptography #IntelCPU #TPMChip

    #tpmchip #intelcpu #cryptography #cybersecurity #intelprocessor #encryptionkeys