Les fabuleux progrès des 80 dernières années en matière d'informatique, de réseaux et de chiffrement ont bien souvent été le fruit de la collaboration entre les militaires, les académiciens et occasionnellement, des entreprises privées. Ces technologies, qui ont permis de changer la manière dont l'humanité interagit, ont également créé de nombreux points de friction entre les autorités militaires, souhaitant en limiter l'utilisation à des fins sécuritaires, et les défenseurs des droits de l'homme qui en ont vite compris l'intérêt.
Just as Doctors can’t solve healthcare, Hackers can’t solve surveillance. Doctors can’t make human frailty disappear with some sort of clever medical trick. They can help mitigate issues, fight emergencies, they can be selfless, heroic. but they can’t, on their own, solve healthcare. One of the ways that Hackers can fight surveillance is to develop better cryptographic communications tools, and train people how to use them.. This is certainly critical work that hackers can contribute to, but we can’t, on our own, solve surveillance. Nothing that Hackers can do on their own can eliminate surveillance. [...] Hackers need to understand that there is no business model for secure mass communications. In order to achieve a society where we can expect privacy we need more hackers and hackerspaces to embrace the broader political challenges of building a more equal society.
Traduction en français:
Le terrorisme ne se nourrit pas de la technologie, mais de la colère et de l’ignorance
http://www.lemonde.fr/pixels/article/2015/11/27/le-terrorisme-ne-se-nourrit-pas-de-la-technologie-mais-de-la-colere-et-de-l-ignorance_4818981_4408996.html
A noter que ses cours d'intro à la crypto donnés au Loop, sont en ligne ici https://www.courscrypto.org/
Paris is being used to justify agendas that had nothing to do with the attack
http://www.theguardian.com/commentisfree/2015/nov/20/paris-attacks-political-agenda-immigration-encryption-surveillence
Slides, video et mp3 // Partie 2 https://www.courscrypto.org/cours-crypto-2
Depuis les révélations d'Edward Snowden, les entreprises d'Internet et de télécommunications ont commencé à utiliser souvent du chiffrement dé-centralisé qui rend de plus en plus difficile techniquement l'interception légale par les autorités nationales compétentes, ou même impossible", regrette-t-il.
"La Commission (européenne) devrait être invitée à étudier de nouvelles règles obligeant les entreprises d'Internet et de télécommunications opérant dans l'Union Européenne à fournir sous certaines conditions telles que décrites dans les lois nationales et dans le plein respect des droits fondamentaux l'accès aux communications par les autorités nationales compétentes (par ex. partager les clés de chiffrement)".
Première rédaction de cet article le 27 février 1995. Dernière mise à jour le 17 décembre 2014. «Il est donc nécessaire de corriger cette archaïsme qui consiste à traiter la cryptographie comme une arme ultra-secrète dans un pays en guerre. Le développement de l'utilisation des réseaux ne peut pas se faire sans les techniques de la cryptographie.»
« Le débat qui consiste à se demander s’il faut autoriser la cryptographie n’est pas neuf. On l’a eu en France il y a 20 ans. Nous étions arrivés alors à la conclusion que chercher à interdire la cryptographie c’était totalement passéiste et préhistorique. Je ne vois pas pourquoi cela deviendrait aujourd’hui une bonne idée alors que la cryptographie est partout ! »
Cryptographers devote their careers to the science of securing your communications. Twenty-four-year-old Nadim Kobeissi has devoted his to the art of making that security as easy as possible. His software creations like Cryptocat and Minilock encrypt instant messages or shared files with three-letter-agency-level protection, with user interfaces that require Lincoln-Log-level skills. Now he’s combining elements of his dead-simple apps into what he’s calling his biggest release yet, a single platform designed to encrypt everything you and any group of collaborators do on the desktop. || Une autre approche que celle de Caliopen.
This talk will explain how to work with elliptic curves constructively to obtain secure and efficient implementations, and will highlight pitfalls that must be avoided when implementing elliptic-curve crypto (ECC). The talk will also explain what all the buzz in curve choices for TLS is about. This talk does not require any prior exposure to ECC.
Unfortunately with so much material, it can be a bit hard to separate the signal from the noise. In this post I’m going to try to do that a little bit -- point out the bits that I think are interesting, the parts that are old news, and the things we should keep an eye on.
Les centaines d’activistes et militants qui ont applaudi, debout pendant plusieurs minutes, à la fin de la présentation de ces documents ont donc de quoi avoir la migraine devant les capacités de la NSA. Mais aussi de quoi se réjouir : « ce n’est pas sans espoir, la résistance est possible » a ainsi lancé M. Appelbaum. « Le logiciel libre et une cryptographie bien implémentée fonctionnent.
It was December 11, 2012, and in a small art space behind a furniture store in Honolulu, NSA contractor Edward Snowden was working to subvert the machinery of global surveillance.
Snowden was not yet famous. His blockbuster leaks were still six months away, but the man destined to confront world leaders on a global stage was addressing a much smaller audience that Sunday evening. He was leading a local “Crypto Party,” teaching less than two dozen Hawaii residents how to encrypt their hard drives and use the internet anonymously.
A workshop about catastrophic events related to cryptography and security. And their prevention, detection, recovery, solutions ...
The main point is: many cryptographic protocols are only based on the security of one cryptographic algorithm (e.g. RSA) and we don't know the exact RSA security (including Ron Rivest). What if somebody finds a clever and fast factoring algorithm? Well, it is indeed an hypothesis but we know several instances of possible progress. A new fast algorithm is a possible catastroph if not handled properly. And there are other problems with hash functions, elliptic curves, aso. Think also about the recent Heartbleed bug (April 2014, see http://en.wikipedia.org/wiki/Heartbleed): the discovery was very late and we were close to a catastrophic situation.
So we are thinking about a regular workshop, the name is CATACRYPT, about these possible problems and their solutions. It includes problems with cryptographic algorithms, protocols, PKI, DRM, TLS-SSL, smart cards, RSA dongles, MIFARE, aso. Quantum computing, resilience and agility are also on the program.
The workshop aims at bringing together researchers and practitioners working in cryptography and security, from academia and industry. A large committee including many founders of the main concepts of public-key cryptography is pushing this important topic.
ist of recommendations for using cryptography which, if followed, will make sure you get things right in the vast majority of situations.
Explication simple du Diffie-Hellman Key Exchange
Telecomix Crypto Munitions Bureau is part of Telecomix. This wiki is used for discussing technology and philosophy. For other Telecomix projects, see the the Blue Cabinet Wiki (on Tor) (data on surveillance companies, products) and WeRebuild (Heavily outdated)
Crypto MuseumWelcome at the Crypto Museum website. At present we are a virtual museum in The Netherlands, that can only be visited on the internet. We do, however, regularly organize exhibitions in co-operation with other museums. Examples of such exhibitions are Secret Messages, held in Museum Jan Corver in the Netherlands between October 2008 and February 2009, the Enigma Reunion 2009 at Bletchley Park, Super TU/esday in February 2010 at the Eindhoven University of Technology (TU/e), Tijdrekken in 2010 and 2011, Secret Communications in Duivendrecht (near Amsterdam) in 2014 and currently the open-end mini-exhibition at Radboud University.
Voici un bref état des lieux d'un domaine encore expérimental de la cryptographie : le chiffrement homomorphe. Un schéma de chiffrement homomorphe permet d'effectuer des opérations sur des données chiffrées sans jamais avoir à déchiffrer ces dernières.