The Netherlands' Lower House has thrown its weight behind a plan to improve key open source security solutions, and has voted €500,000 towards a range of projects.
According to Dutch infosec site Security.nl, Verhoeven said (Google translation): “Encryption allows private communication ... and enables journalists, researchers, lawyers and others ... to protect their sources, customers or partners.”
https://tweakers.net/nieuws/106723/open-encryptieprojecten-krijgen-half-miljoen-euro-van-nederlandse-overheid.html
https://www.security.nl/posting/453680/Tweede+Kamer+trekt+500_000+euro+uit+voor+encryptieprojecten
https://joinup.ec.europa.eu/community/osor/news/nl-government-bodies-develop-secure-file-hosting
http://www.libbit.eu/en/localbox
Traduction en français:
Le terrorisme ne se nourrit pas de la technologie, mais de la colère et de l’ignorance
http://www.lemonde.fr/pixels/article/2015/11/27/le-terrorisme-ne-se-nourrit-pas-de-la-technologie-mais-de-la-colere-et-de-l-ignorance_4818981_4408996.html
A noter que ses cours d'intro à la crypto donnés au Loop, sont en ligne ici https://www.courscrypto.org/
Paris is being used to justify agendas that had nothing to do with the attack
http://www.theguardian.com/commentisfree/2015/nov/20/paris-attacks-political-agenda-immigration-encryption-surveillence
What’s the Difference Between Encryption and Authentication?
The leading German computer club has rejected EU anti-terror plans to tap online chatter, instead calling for all online communication to be encrypted. Politicians, meanwhile, are seeking ways to read encoded messages.
A top EU official wants internet and telecommunication companies to hand over encryption keys to police and spy agencies as part of a wider crackdown on terrorism.
Un Internet de flux indéchiffrables: depuis l'affaire Snowden, l'utopie libertarienne des années 1990 s'est muée en feuille de route des opposants à la surveillance numérique. La quête du «cypherspace», le «crypto-cyberespace», ultime rempart de la vie privée en ligne? Pas simple.
Trousseau, a portable encrypted keyring
What
Trousseau is a gpg encrypted key-value store designed to be a simple, safe and trustworthy place for your data. It stores data in a single multi-recipients encrypted file and can supports both local and remote storage sources (S3 and ssh so far) import/export.
Create a trousseau store, specify which gpg recipients are allowed to open and modify it, add some key-value pairs to it, export it to S3 for example, and re-import it on another device. As simple as that.
Whether you're a devops, a paranoid guy living in a bunker, or the random user who seeks a simple way to store it's critical data in secured manner. Trousseau can do something for you.
Why
Storing, transporting, and sharing sensitive data can be hard, and much more difficult when it comes to automate it.
Trousseau was created with private keys transportation and sharing across a servers cluster in mind. However it has proved being useful to anyone who need to store and eventually share a passwords store, bank accounts details or even more sensitive data.
Real world use cases
For the devops out there
Trousseau can be useful to you when it comes to:
Store sensitive data: Your brand new shiny infrastructure surely relies on many certificates and private keys of different kinds: ssl, rsa, gpg, ... Trousseau provides a simple and fine-tuned way to store their content in a single file that you can safely version using your favorite cvs. No more plain certificates and keys in your repositories and configuration files.
Share passwords, keys and other critical data with co-workers and servers in your cluster in a safe manner. Trousseau encrypts its content for the specific recipient you provide it. Only the recipient you intend will be able to import and read-write the Trousseau store content. Trousseau proved itself to be a great way to share some services passwords with your co-workers too!
Deploy keys to your servers in a safe and normative way. Encrypt the trousseau store for each server selectively.
For the common users
Store your sensitive data like passwords, bank account details, sex tapes involving you and your teachers or whatever comes to your mind in an encrypted store.
Sync your sensitive data store to remote services and easily share it between your unix-like devices.
It's open-source
Trousseau is open source software under the MIT license. Any hackers are welcome to supply ideas, features requests, patches, pull requests and so on. Let's make Trousseau awesome!
See Contribute section.
A modern, fast web-mail client with user-friendly encryption and privacy features. 100% Free and Open Source software
US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.
Cryptocat is run by people that don't know crypto, make stupid mistakes, and not enough eyes are looking at their code to find the bugs. Cryptographers know the minimums or at least know you should look them up. Cryptocat tried BPKDF2, RSA, Diffie-Hellman, and ECC and managed to mess them all up because they used iterations or key sizes less than the minimums. There was a bug in the generation of ECC private keys that went unchecked for 347 days. They seem to not understand simple programming concepts such as a byte vs a decimal digit character: "Fix inaccurate comment". Both comments are wrong since "Cryptocat.randomString(64, 0, 0, 1, 0)" generates a string that is 64 decimal digits which is 212.6 bits or 26.6 bytes.
[...]
What do I think of Cryptocat?
Cryptocat's public key scheme is now good after being bad since pretty much the beginning. I would suggest not using Cryptocat as there's no telling how long it will be until they break their public key encryption. Good news is if they read this they'll make a better effort not to change public key algorithms or the way they generate private keys. I'm sure there are plenty of bugs and other bad crypto in other parts because I only looked at random generation and found a bug, at public key algorithm and found a bug, and quickly looked where random is used and found something scary.
What did I get out of this?
Even though I qualified for their bug bounty I never got anything. My guess is my bug is too big. Since it means that all messages after May 7th, 2012 are crackable. In a comment I was ask for my name, but I have not been added to their bug hunt page. I guess should have "t-shirt, sticker, money, and a mention on our Wall of Unquestionable Greatness!" coming sometime, but haven't heard anything about it.
Well I had fun writing DecryptoCat. Also I learned a new word "encraption". Thanks for that one azonenberg from irc.freenode.net. Also I learned that it means nothing when I hear "it is open source and peer reviewed".