23166932
submission
betterunixthanunix writes:
Just presented at the rump session of CRYPTO2011: a key recovery attack on the full AES, for all versions (128, 192, 256 bit keys). The attack involves a novel method of cryptanalysis, and results in a key recovery faster than brute force. Luckily, "faster" in this context is still not nearly fast enough to be practical, and AES remains more secure than triple DES (so don't panic just yet).
22250170
submission
betterunixthanunix writes:
A mortgage-fraud case may have widespread implications for criminals who use cryptography to hide evidence. The US Department of Justice is pushing for the defendant to be forced to decrypt her hard drive, claiming that if they cannot force such decryptions that law enforcement will be unable to gather important evidence. The defendants lawyer and the Electronic Frontier Foundation have made the claim that forcing such a decryption would be a violation of the defendant's fifth amendment right not to self-incriminate. The prosecutor in the case has insisted that the defendant would not be forced to disclose her passphrase, but only to enter the passphrase into a computer to decrypt the drive.
21595660
submission
betterunixthanunix writes:
The New York Times is reporting that the new FBI operations manual suggests a broad increase in surveillance. Denoted the Domestic Investigations and Operations Guide, the manual officially lowers the bar of acceptability when it comes to engaging in surveillance activities, including allowing agents to perform such surveillance on people who are not suspected terrorists without opening an inquiry or officially recording their actions. The new manual also relaxes rules on administering lie detector tests, searching through a person's trash, and the use of teams to follow targeted individuals. It should be noted that these guidelines still fall within the general limits put in place by the attorney general.
20315170
submission
betterunixthanunix writes:
Several online Poker websites are under investigation by the US government, which has once again hijacked domain names to prevent US citizens from accessing the websites. Questions have been raised about the legality of the action as a whole, not just the specific seizure of domain names, since the action was based on state rather than federal laws. Has the tactic of seizing domain names already become established practice in law enforcement, to the point where it is not even questioned?
14709774
submission
betterunixthanunix writes:
Wikileaks has posted a mysterious "insurance" file, which has no description but is encrypted with AES256. Cryptome has posted some speculation that this file may have been posted in case something happens to the Wikileaks website, in which case the passphrase would be divulged by Wikileaks staff.
http://www.wired.com/threatlevel/2010/07/wikileaks-insurance-file/
13447230
submission
betterunixthanunix writes:
Another lawsuit has been filed against Limewire, this time by the National Music Publishers Association. They claim that Limewire also damaged them, and seek $150000 per infringement, putting the maximum possible damages in the hundreds of millions of dollars. Limewire seems to have become the latest music industry punching bag.