DROWN stands for Decrypting RSA with Obsolete and Weakened eNcryption. DROWN is another downgrade attack over SSL hence this time over SSLv2.
SSL has a good history with downgrade attacks likewise Lucky13, Crime, BEAST, Poodle. Currently %33 of internet servers uses SSLv2. With DROWN an attacker can decrypt connection with server which has SSLv2 enabled.
Microsoft Encryption Library for Healthcare Databases released.
Microsoft Encryption Library for Health Databases released.
“SEAL” (Simple Encrypted Arithmetic Library) is a homomorphic encryption algorithm and allows querying medical data without decryption.
The code contains a few basic examples, and more detailed documentation will be available soon.
World’s fastest and most advanced GPGPU-based password recovery utility oclHashcat is now open-source
World’s fastest and most advanced GPGPU-based password recovery utility oclHashcat is now open-source.
Hashcat and oclHashcat sources released at github
Encrypted Database provider zeroDB goes open source
ORACLE has a new site for SQL beginners – LiveSQL
Oracles new website aimed for Oracle SQL users. LiveSQL site has snippets and tutorials for Oracle Database Systems.
Microsoft producing new encryption algorithm for healthcare data
Microsoft is working on a new encryption algorithm for healthcare sector. Algortihm which called “SEAL” is a homomorphic encryption algorithm and allows querying medical data without decryption.
sslip.io, free wildcard SSL certificate for everyone
while we are waiting for free and open Certificate Authority “Lets Encrypt”, we got a new option.
sslip.io gives a subdomain based upon your ip and you just need to set up SSL key which released at GitHub to your server.
Finally you will have a ip based SSL subdomain address e.g. https://52-0-56-137.sslip.io/
Detail of SSLip.
Amazon introduces alternate TLS implementation s2n
Amazon Web Services introduced s2n; an Open Source implementation of the TLS protocol. s2n is a library that has been designed to be small, fast, with simplicity as a priority. s2n avoids implementing rarely used options and extensions, and today is just more than 6,000 lines of code. As a result of this, Amazon developers expected that it is easier to review s2n; they have already completed three external security evaluations and penetration tests on s2n, a practice we will be continuing.
Mozvote a js/go implementation of homomorphic encryption for voting
Mozvote package implements a private voting protocol, as well as contains a demo.
Note that the public and private keys are hardcoded: you will want to use the
output of keygen.go to change them in a real application.
Ukraine’s new encryption standart: The Kalyna Block Cipher
The Kalyna block cipher was selected during Ukrainian National Public Cryptographic Competition (2007-2010) and its slight modification was approved as the new encryption standard of Ukraine in 2015. Main requirements for Kalyna were both high security level and high performance of software implementation on general-purpose 64-bit CPUs. The cipher has SPN-based (Rijndael-like) structure with increased MDS matrix size, a new set of four different S-boxes, pre- and postwhitening using modulo 2^{64} addition and a new construction of the key schedule. Kalyna supports block size and key length of 128, 256 and 512 bits (key length can be either equal or double of the block size).