|
Matthew Green (cryptographer)
Matthew Daniel Green (born 1976) is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency and Zerocash. He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, Speedpass and E-ZPass. Education Green received a B.S. from Oberlin College (Computer Science), a B.M. from Oberlin College (Electronic Music), a Master's from Johns Hopkins University (Computer Science), and a PhD from Johns Hopkins University (Computer Science). His dissertation was titled "Cryptography for Secure and Private Databases: Enabling Practical Data Access withou ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hanover, New Hampshire
Hanover is a town located along the Connecticut River in Grafton County, New Hampshire, United States. As of the 2020 census, its population was 11,870. The town is home to the Ivy League university Dartmouth College, the U.S. Army Corps of Engineers Cold Regions Research and Engineering Laboratory, and Hanover High School. The Appalachian Trail crosses the town, connecting with a number of trails and nature preserves. Most of the population resides in the Hanover census-designated place (CDP)—the main village of the town. Located at the junctions of New Hampshire routes 10, 10A, and 120, the Hanover CDP recorded a population of 9,078 people at the 2020 census. The town also contains the smaller villages of Etna and Hanover Center. History Hanover was chartered by Governor Benning Wentworth on July 4, 1761, and in 1765–1766 its first European inhabitants arrived, the majority from Connecticut. Although the surface is uneven, the town developed into an agricultural co ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cryptographically Secure Pseudorandom Number Generator
A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also loosely known as a cryptographic random number generator (CRNG) (see Random number generation § "True" vs. pseudo-random numbers). Most cryptographic applications require random numbers, for example: * key generation * nonces * salts in certain signature schemes, including ECDSA, RSASSA-PSS The "quality" of the randomness required for these applications varies. For example, creating a nonce in some protocols needs only uniqueness. On the other hand, the generation of a master key requires a higher quality, such as more entropy. And in the case of one-time pads, the information-theoretic guarantee of perfect secrecy only holds if the key material comes from a true random source with high entropy, and thus any kind of pseudorandom number genera ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Crypto Naming Controversy
The meaning of the word ''crypto'' as an abbreviation is controversial. Cryptographers - people who specialize in cryptography - have used the term "''crypto''" as an abbreviation for their field of study. However, "''crypto''" has also become a common abbreviation for cryptocurrency. Etymologies and definitions The word ''cryptography'' derives from the prefix "''crypto-''" of Greek origin meaning "hidden" and the suffix "''-graph''" also of Greek origin and meaning "to write". This name reflects cryptography's historical role as the study of codes for secret communication. Still, the prefix ''crypto'' appears in many other words, such as ''cryptofascism'' (secret support for fascism), ''cryptosporidium'' (a parasite), and ''cryptomnesia'' (a long-forgotten memory). The term "''cryptography''" nowadays refers to an effervescent area of research that has moved beyond secret ciphers to study message authentication, digital signatures, secure multiparty computation and zero ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
TrueCrypt
TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, or encrypt a partition or the whole storage device (pre-boot authentication). On 28 May 2014, the TrueCrypt website announced that the project was no longer maintained and recommended users find alternative solutions. Though development of TrueCrypt has ceased, an independent audit of TrueCrypt (published in March 2015) has concluded that no significant flaws are present. Two projects forked from TrueCrypt: VeraCrypt (active) and CipherShed (abandoned). History TrueCrypt was initially released as version 1.0 in February 2004, based on E4M (Encryption for the Masses). Several versions and many additional minor releases have been made since then, with the most current version being 7.1a. E4M and SecurStar dispute Original release of TrueCrypt was made by anonymous developers called "the TrueCrypt Team". Shortly after ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Security Audit
An information security audit is an audit on the level of information security in an organization. It is an independent review and examination of system records, activities and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the Internal control, controls being audited can be categorized to Technology, technical, physical and Business administration, administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas. When centered on the Information technology (IT) aspects of information sec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
CipherCloud
CipherCloud is an American software company providing cloud security to businesses. The company was established in 2010 and is based out of San Jose, California. History CipherCloud was founded in 2010 by Pravin Kothari, who previously co-founded ArcSight. The company launched in February 2011 and initially worked in Salesforce.com environments. It added Amazon Web Services integration in 2011. CipherCloud released its Gmail security service in June 2012. By September 2012, CipherCloud's platform could secure Force.com, Chatter, Microsoft Office 365. It also launched Connect AnyApp, which allowed users to specify Web pages of an application to be secured. CipherCloud closed a $30 million funding round led by Andreessen Horowitz and Index Ventures in December 2012. Deutsche Telekom also participated in the funding round through T-Ventures, the telecommunications company's venture capital arm. John M. Jack, a partner at Andreessen Horowitz and former CEO of Fortify Software, jo ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
OpenSSL
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites. OpenSSL contains an open-source implementation of the SSL and TLS protocols. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. The OpenSSL Software Foundation (OSF) represents the OpenSSL project in most legal capacities including contributor license agreements, managing donations, and so on. OpenSSL Software Services (OSS) also represents the OpenSSL project for support contracts. OpenSSL is available for most Unix-like operating systems (including Linux, macOS, and BSD), Microsoft Windows and OpenVMS. Project history The OpenSSL ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Heartbleed
Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from ''heartbeat''. The vulnerability was classified as a buffer over-read, a situation where more data can be read than should be allowed. Heartbleed was registered in the Common Vulnerabilities and Exposures database as . The federal Canadian Cyber Incident Response Centre issued a security bulletin advising system administrators about the bug. A fixed version of OpenSSL was released on 7 April 2014, on the same day Heartbleed was publicly disclosed. System administra ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
AT&T Laboratories
AT&T Laboratories, Inc. was the research & development division of AT&T Corporation. It was founded in 1925 as Bell Telephone Laboratories, Inc., following the merger of the research & development divisions of American Telephone & Telegraph and Western Electric. History In 1996, most of Bell Labs was spun off into Lucent Technologies, along with AT&T Technologies, formerly Western Electric The Western Electric Company was an American electrical engineering and manufacturing company officially founded in 1869. A wholly owned subsidiary of American Telephone & Telegraph for most of its lifespan, it served as the primary equipment ma ..., and the Bell Labs name. Research dealing with telephone equipment and most physical research went to Lucent. But a smaller number of researchers dealing with voice technology, network management, and software stayed with AT&T Bell Laboratories, Inc., which was renamed AT&T Laboratories, Inc. Locations included Shannon Labs in Florham Par ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Logjam (computer Security)
Logjam is a security vulnerability in systems that use Diffie–Hellman key exchange with the same prime number. It was discovered by a team of computer scientists and publicly reported on May 20, 2015. The discoverers were able to demonstrate their attack on 512-bit ( US export-grade) DH systems. They estimated that a state level attacker could do so for 1024-bit systems, then widely used, thereby allowing decryption of a significant fraction of Internet traffic. They recommended upgrading to at least 2048-bits for shared prime systems. Details Diffie–Hellman key exchange depends for its security on the presumed difficulty of solving the discrete logarithm problem. The authors took advantage of the fact that the number field sieve algorithm, which is generally the most effective method for finding discrete logarithms, consists of four large computational steps, of which the first three depend only on the order of the group G, not on the specific number whose finite log is desired ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible. The TLS protocol aims primarily to provide security, including privacy (confidentiality), integrity, and authenticity through the use of cryptography, such as the use of certificates, between two or more communicating computer applications. It runs in the presentation layer and is itself composed of two layers: the TLS record and the TLS handshake protocols. The closely related Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications. In technical writing you often you will see references to (D)TLS when it applies to both versions. TLS is a proposed Internet Engineering Task Force (IETF) standard, first defined in 1999, and the c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Bitcoin
Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distributed ledger called a blockchain. The cryptocurrency was invented in 2008 by an unknown person or group of people using the name Satoshi Nakamoto. The currency began use in 2009, when its implementation was released as open-source software. The word "''bitcoin''" was defined in a white paper published on October 31, 2008. It is a compound of the words ''bit'' and ''coin''. The legality of bitcoin varies by region. Nine countries have fully banned bitcoin use, while a further fifteen have implicitly banned it. A few governments have used bitcoin in some capacity. El Salvador has adopted Bitcoin as legal tender, although use by merchants remains low. Ukraine has accepted cryptocurrency donations to fund the resistance to the 2022 Russ ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
