29.01.2020 Crypto Apero AI Edition

In this edition of the Crypto Apero we’ll explore the good, the bad and the plain stupid of everyday AI and investigate if we really want a computer programme to mix our cocktails….

crypto-apero.lu/crypto-apero-s

nytimes.com/2020/01/21/world/a

"Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. "

Seems like they most likely hacked Greenwald's mobile phone, since private keys for telegram secret chats are stored only on the mobile device.

Digital Privacy Salons are skill & knowledge sharing sessions which aim to teach people the basic ways of protecting themselves and their data from intrusive surveillance and unwanted/unwitting information gathering.

Tuesday 11/02/20, 19:00@Level2

privacysalon.lu/next-digital-p

Next pEp Engine release will drop support for GnuPG and will support only PGP Sequoia

Luxembourg and its liberal policy on cryptographic technologies has led to the emergence of a group of specialists campaigning for the use of absolute encryption.

siliconluxembourg.lu/encryptio

eprint.iacr.org/2020/014

When renting cheap GPUs, this translates to a cost of 11k USD for a collision, and 45k USD for a chosen-prefix collision.

Therefore, the same attacks that have been practical on MD5 since 2009 are now practical on SHA-1. In particular, chosen-prefix collisions can break signature schemes and handshake security in secure channel protocols (TLS, SSH).

We strongly advise to remove SHA-1 from those type of applications as soon as possible.

-1

Research publishing method that can accurately estimate the likelihood of a specific person to be correctly re-identified, even in a heavily incomplete dataset.

Basically how to de-anonymised people in random anonymised datasets:

nature.com/articles/s41467-019

DigiCert Inc. is requiring to create a new business listing on Google Business, Kompass or other specific B2B listing websites in order to verify an Extended Validation Certificate. Official company registration is not enough.

All these companies are re-selling provided data further. Seems lie extra revenue stream.

Any tips for less greedy, more privacy EV certs provider?

If you want to try the latest public testing build for pEp for iOS

you can do it over Apple Testflight:
testflight.apple.com/join/IjU0

Feel free to share a thoughts afterwards

A free implementation of OpenPGP in Rust - Project Sequoia is planning to release v1.0 at the end of January.

gitlab.com/sequoia-pgp/sequoia

Do you know you can use Google Fonts without Google tracking your visitors and stealing the metrics?

git.occrp.org/libre/fonts-dego

Frontex, the EU border agency, have cancelled plans to give up to €400,000 to a surveillance company to spy on the social media of migrants and “civil society and diaspora communities in destinations (EU)”.

privacyinternational.org/long-

Breaking Trusted Execution Environment (TEE) for mobile devices backed by ARM hardware-based access control

research.checkpoint.com/the-ro

Following are cipher suites that is being used for encryption in all pEp projects:

1 Curve25519
2 NIST P-256
3 NIST P384
4 NIST P521
5 RSA 2K
6 RSA 3K
7 RSA 4K
8 RSA 8K

Depending on the project, users will be able to choose themselves the cipher suite they want to use.

sequoia-pgp.org/status/#algori

Is RSA 2k enough to use as default cipher suite? If not, can you write some reasoning?

Show more