Taiwan gets first Quantum Resistant Hardware Devices worldwide #quantum #ai #military #microsoft #cryptographic

https://fullsteamahead365.com/2025/12/03/taiwan-gets-first-quantum-resistant-hardware-devices-worldwide/

Distributed.net is working on RC5-72 (breaking RC5 with a 72-bit key).

Cryptographic attack.
Long... long...
https://stats.distributed.net/participant/phistory.php?project_id=8&id=434892
#Cryptographic #attacks #security #rc5 #rc572 #crypto #distributed #dnetc

🎉 Wow, who knew #Kubernetes needed another layer of complexity? Enter #Flox, where you can now enjoy the thrill of pulling hash-pinned packages and living in fear of #cryptographic #hashes, all while pretending your deployments are suddenly faster. 🚀 Because nothing says "cutting-edge" like making your #DevOps life an even bigger nightmare. 😜
https://flox.dev/kubernetes/ #complexity #HackerNews #ngated

How long till encryption busting is applied to the Aus implementation of the OSA?

“Aside from #AgeVerification, the most controversial aspect of the act is power it gives to #Ofcom to require #tech firms to install “accredited technology” to ^monitor encrypted communications^ for #illegalContent.

In essence, this would mean tech companies using #software to bulk-scan #messages on #encrypted services (such as #WhatsApp, #Signal and #Element) before their #encryption, otherwise known as client-side scanning (#CSS).

Implementing such measures would undermine the #security and #privacy of encrypted services by scanning the content of every message and #email to check whether they contain illegal content.

This has been repeatedly justified by the #government as necessary for stopping the creation and spread of child sexual abuse materials (#CSAM), as well as violent #crime and #terrorism.

#Cryptographic experts, however, have repeatedly argued that measures mandating tech firms to proactively detect harmful content through client-side scanning should be abandoned.”

It just keeps getting better, doesn’t it? 🍿

#Straya / #secrecy / #information <https://www.computerweekly.com/feature/The-UKs-Online-Safety-Act-explained-what-you-need-to-know>

@berniethewordsmith The main way to respect #privacy is to avoid #scanning #private, end-to-end encrypted content at scale. Focus on:
- #Voluntary and opt-in tools for local scanning.

- #Serverside checks only for data that’s already leaving the private domain.

- #Cryptographic #protocols that verify matches without exposing the rest of users’ data.

🚀✨ Behold, a *groundbreaking* innovation: a "fast" #GUID #generator for Go! Because clearly, generating #random #numbers wasn't #fast enough without #cryptographic #safety. 😅 But hey, who needs actual #software #development when you can fiddle with GUIDs and call it a day! 🔒🎉
https://github.com/sdrapkin/guid #groundbreaking #innovation #Go #HackerNews #ngated

#WhatsApp provides no #cryptographic management for group messages
#encryption #e2ee #security #privacy

https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/

𝗗𝘆𝗻𝗲 💜 𝗦𝗽𝗵𝗶𝗻𝘅

SPHINX is a simple, elegant, & unconditionally secure zero-trust password manager. It stores a random numbers, not your password, ensuring the server knows nothing. Free, offline-bruteforce resistant, self-hostable, and extensible.

Built on a well-studied #cryptographic algorithm by respected experts, SPHINX brings password management into the 21st century.

𝗜𝗻 𝗳𝗮𝗰𝘁 𝘄𝗲 𝗹𝗼𝘃𝗲 𝗶𝘁 𝘀𝗼 𝗺𝘂𝗰𝗵 𝘁𝗵𝗮𝘁 𝘄𝗲 𝗮𝗿𝗲 𝗵𝗼𝘀𝘁𝗶𝗻𝗴 𝗮 𝗽𝘂𝗯𝗹𝗶𝗰 𝘀𝗲𝗿𝘃𝗲𝗿!

🔗 https://sphinx.pm/servers.html

#PasswordSecurity

But cryptography is hard. Until recently, institutions and individuals who need to run #cryptographic operations had to rely on specialists to review the code that their applications is running. Cryptography can protect our privacy and authenticate sources of important information. For #cryptography to work for the people, the people need to understand it.

The #chatmail #fosdem talk from @compl4xx is public. It goes into topics such as

- why chatmail servers?
- how to setup a server with your child
- (avoiding) spam filtering
- metadata and guaranteed end to end encryption in #deltachat
- #cryptographic #interoperability for email message routing

Thanks to attendees for the great energy even if was the last talk on the day and also for questions and conversations afterwards!

https://ftp.fau.de/fosdem/2025/k4601/fosdem-2025-5217-chatmail-server-networks-for-anonymous-end-to-end-encrypted-messaging.mp4

Key Management Lifecycle
Best Practices

Failure to securely manage #cryptographic keys may lead to security breaches and data loss. There are also various regulatory requirements and guidelines related to key management, such as #PCI #DSS, #GDPR, #HIPAA, and #NIST which ensure the confidentiality, integrity, and availability of sensitive data and systems that use cryptographic keys.

This document provided by Cloud Security Alliance serves as guidance for enterprise technologists and service providers to effectively and securely manage cryptographic keys throughout the key management lifecycle.

https://s3.amazonaws.com/content-production.cloudsecurityalliance/w7kpgh2vuilf74md26z51q9tc6f7?response-content-disposition=inline%3B%20filename%3D%22Key%20Management%20Lifecycle%20Best%20Practices-20231215.pdf%22%3B%20filename%2A%3DUTF-8%27%27Key%2520Management%2520Lifecycle%2520Best%2520Practices-20231215.pdf&response-content-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6XDIRHKHO4F5SU4%2F20250127%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250127T195904Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=df5d7974bbea25e26413f56ca86471552566f71bea8a5768ed6fd5030c15b586

→ Chinese researchers break #RSA encryption with a #quantum computer
https://www.csoonline.com/article/3562701/chinese-researchers-break-rsa-encryption-with-a-quantum-computer.html

“In a potentially alarming development for global #cybersecurity, Chinese researchers have unveiled a method […] to #crack classic #encryption, potentially accelerating the timeline for when quantum computers could pose a real #threat to widely used #cryptographic systems”

“data being encrypted today could be at risk if adversaries are stealing it with the intention of decrypting it in the future”

Scientists in #China use #quantum computers to crack military-grade #encryption — quantum attack poses a "real and substantial threat" to #RSA and #AES. According to a report published by the SCMP, the researchers utilized a #DWave #quantumcomputer to mount the first successful quantum attack on widely used #cryptographic algorithms.
https://www.tomshardware.com/tech-industry/quantum-computing/chinese-scientists-use-quantum-computers-to-crack-military-grade-encryption-quantum-attack-poses-a-real-and-substantial-threat-to-rsa-and-aes

The #cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas.
#security
https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

#YubiKeys Are a #Security Gold Standard—but They Can Be Cloned

Security researchers have discovered a #cryptographic flaw that leaves the #YubiKey 5 vulnerable to attack.
#privacy

https://www.wired.com/story/yubikey-vulnerability-cloning/

@jpl - Good points, but specifically your last point is indeed rather concerning. Thankfully, there is RADIUS over #TLS, which is probably anyway a good idea. Perhaps this will be an incentive to prioritize the deployment of RADIUS over TLS, which enforces modern #cryptographic #security guarantees.

Additionally, #cryptographic #algorithms resistant to #sidechannelattacks have been developed, including:

1. Constant-time algorithms like Curve25519 and ChaCha20
2. Masking techniques for algorithms like AES
3. White-box #cryptography implementations
4. Leakage-resilient cryptography***