As cryptographer Matthew Green explains in a blog post, the user's password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a ...
Matthew Green, who teaches cryptography and computer security at Johns Hopkins University, fears it's a slippery slope. If Apple complies with the government this time, it'll be forced to in the future. “I haven't seen any guiding principle that would ...
“If the government can't break into your phone, probably the criminal down the street can't either,” explained Matthew Green, a cryptography expert at Johns Hopkins University. Apple's decision to take on the government over the Farook case is intended ...
To get that key, one could use a number of techniques, including melting the plastic off the chip and hitting it with bursts of lasers or radio frequencies to recover bits of the key. Matthew D.Green, a cryptography expert at Johns Hopkins University ...
“If the U.S. government dictating iPhone encryption design sounds ok to you, ask yourself how you'll feel when China demands the same,” wrote Matthew Green, a cryptography professor at Johns Hopkins University, in a recent tweet. Sen. Ron Wyden, D-Ore.
Matthew Green, who teaches cryptography and computer security at Johns Hopkins University, fears it's a slippery slope. If Apple complies with the government this time, it'll be forced to in the future. "I haven't seen any guiding principle that would prevent this from getting out of hand. It could easily result in every American becoming less secure," he said.
Matthew Green, a cryptographer and professor at Johns Hopkins University, says that Apple and the FBI might indeed be able to defeat the count limit, but doubts they would be able to defeat the 80-millisecond delay the government writes about in its ...
Matthew Green, assistant professor at the Johns Hopkins Information Security Institute, is sceptical of the idea that either companies or governments are capable of making secure back doors that bad actors could not exploit.
The Library of Congress, which oversees the U.S. Copyright Office, on Wednesday published new rules to replace a set of controversial -- and for many, outdated -- measures. Consumers now may hack their own tablet computers, automobile software and Blu-ray devices without fear of being sued.
"If the NSA's mathematicians began to make even modest, but sustained advances in the state of the art for solving the ECDLP, it would put the entire field at risk," Green wrote in a blog post. "Beginning with the smallest of the standard curves, P-256, which would now provided less than the required 128-bit security."
"It’s an idea, like social networking, that you wouldn’t think very much of until it happens. Then you can’t imagine people giving it up,” says Johns Hopkins University computer science professor Matthew Green. “The easiest way to think about Silk Road is to view it as a proof of concept for later darknet markets.”
The Agora Dark Web market cited Tor Hidden Services security vulnerabilities that could allow de-anonymization attacks and temporarily shut down operations after detecting suspicious activity on its servers.
AUGMENTED REALITY GLASSES like Google Glass have never had a stellar reputation among the privacy crowd. But a group of researchers believes that cyborg eyewear could actually offer a privacy upside in the form of a new kind of effortless encrypted communication—one where sensitive data is decrypted not on the screen of a vulnerable computer, but only in the eye of the recipient.
Silicon Valley and Washington have spent the past year arguing over whether technology companies should enable users to encrypt their digital lives in such a way that not even the Federal Bureau of Investigation could unscramble the information.
Another week, another dire warning about the technology used to secure online communications. Internet security researchers are warning about apreviously undisclosed vulnerability that affected all modern Web browsers — a weakness that could allow an attacker to snoop or even change communications thought to be secure.
Prominent security experts and systems designers Moxie Marlinspike and Matthew Green both wrote essays a few months apart recently arguing that the venerable message encryption system known as PGP (originally short for Pretty Good Privacy) has run its course.
Lawmakers should vote to end the National Security Agency's sweeping surveillance program that scooped up the call records of tens of millions of Americans, a strong majority of Passcode's Influencers said.
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
Matthew Green, a professor of computer science at Hopkins, says the number of such students the school turns out each year can vary. "Sometimes it's a half-a-dozen," he says. "Sometimes it's just one or two."Add News Story here
Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov.
In October 2013, cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt. This was partly prompted by the leaks from former U.S. National Security Agency contractor Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption.
President Obama tried to walk a very fine line on encryption, the technology that secures much of the communications that occur online, during his recent visit to Silicon Valley -- saying that he is a supporter of "strong encryption," but also understands law enforcement's desire to access data.
In potentially the largest bank heist on record, an Eastern European hacker ring is stealing an estimated $1 billion from banks by infecting computers with malware and siphoning money. Add News Story here
For almost two decades, the open source GnuPG encryption project has teetered on the brink of insolvency. Now, following word of that plight, the lone developer keeping the project alive has received more than $135,000—in a single day, no less.
We’ve been creating passwords since the dawn of the Internet. And we’re still really, really bad at it. Unless you’ve got a cryptography background, your passwords probably offer no more resistance to a hacker than a $5 cable does to a bike thief.
Johns Hopkins University cryptographer Matthew Green tweeted his dismay after realising that some private notes had found their way to iCloud. Bruce Schneier, another prominent cryptography expert, wrote a blog post calling the automatic saving function “both dangerous and poorly documented” by Apple.
Representing a potential privacy snare for some users, Mac OS X Yosemite uploads documents opened in TextEdit, Preview, and Keynote to iCloud servers by default, even if the files are later closed without ever having been saved.Add News Story here
Usually, someone finds a way into someone’s phone and releases one set of images,” Matthew Green, a professor of computer science at Johns Hopkins and an expert on information security, told me. “This time, everything came down at once.” No one knows exactly how the hackers got the images, but Green laid out two possible scenarios.
Green said, “The problem with this is that, for all the good PGP has done in the past, it's a model of email encryption that's fundamentally broken.” Further Green said “PGP keys suck,” “PGP key management sucks” and that that there is “no forward secrecy.” His blog post adds more criticisms and also attempts to find some solutions.
U.S. government standards for software may enable spying by the National Security Agency through widely used coding formulas that should be jettisoned, some of the country's top independent experts concluded in papers released on Monday.
The Ultra-Simple App That Lets Anyone Encrypt Anything
Wired, July 3, 2014
Green is cautiously optimistic about miniLock’s security. “I wouldn’t go out and encrypt NSA documents with it right now,” he says. “But it has a nice and simple cryptographic design, with not a lot of places for it to go wrong…This is one that I actually think will take some review, but could be pretty secure.”
The group created last month to support open source software in need has announced funding for four initial projects, among them a full security audit of the computer code that sprouted the Heartbleed bug.
Edward Snowden saw the power of TrueCrypt. Before he became famous for leaking NSA documents to the press, he spent an afternoon in Hawaii teaching people how they could use the encryption software to securely and privately send information over the internet.
For Green, the latest turn of events with TrueCrypt raises issues about the dependency of the crypt community on volunteer projects when it comes to encryption. "We used to think these were toys, and along the way we turned them into things people really rely on," he says.
On Wednesday afternoon, the official website for the TrueCrypt encryption software — which allows users to encrypt hard drives and sensitive files — was updated to say that it is no longer safe to use.
The Open Crypto Audit Project that contracted iSEC to perform the professional code review was created in October by Matthew Green, a cryptographer and research professor at Johns Hopkins University in Baltimore and Kenneth White, a security research ...
Audio: NPR Marketplace
NPR, April 14, 2014
Matthew Green appears on Marketplace Tech to discuss reverse heartbleed, and why the flaw in OpenSSL is significant.
[The results] don't panic me,” Matthew Green, a Johns Hopkins cryptography professor who has been one of the people leading this effort, told Ars. “I think the code quality is not as high as it should be, but on the other hand, nothing terrible is in there, so that's reassuring.”Green said that the second phase was now to perform a “detailed crypto review and make sure that there’s no bug in the encryption.”...
Why would they want to when it's fueled by passion, as Torvalds explained? As Johns Hopkins University cryptography expert Matthew Green tweeted recently, "Hey companies that use OpenSSL: How many $$ have you spent recovering from Heartbleed?
Johns Hopkins professor Matthew Green told the Times, “If we could get $500,000 kicked back to OpenSSL and teams like it, maybe this kind of thing won't happen again.” Maybe. But maybe not—Apple, one of the richest companies in the world, reported a ...
ut if the machines that run the firewalls and virtual private networks are affected by the Heartbleed bug, attackers could use them to infiltrate a network, said Matthew Green, an encryption expert at Johns Hopkins University...
“We have standards for coding in mission-critical systems like the airline industry, but I'm not sure we would want those standards applied everywhere,” said Matthew Green, a cryptographer and research professor at Johns Hopkins University. Such strict ...
Heartbleed bug puts the chaotic nature of the Internet under the magnifying glassWashington Post - 16 hours ago“These are guys who are working very hard for very little money,” said Matthew Green, a Johns Hopkins University cryptography expert who has attempted to help the foundation. “Yahoo and all these companies are getting all this value out of this. If they just ...
After Heartbleed Bug, A Race to Plug Internet Hole
The Wall Street Journal, April 9, 2014
Matthew Green, an encryption expert at Johns Hopkins University, said OpenSSL Project is relatively neglected, given how critical of a role it plays in the Internet. Last year, the foundation took in less than $1 million from donations and consulting contracts.Add News Story here
“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” Matthew Green, a cryptographer and research professor at Johns HopkinsUniversity, said ...
Heartbleed just sounds scary! The name refers to the part of OpenSSL that is vulnerable—the heartbeat, a series of communications sent back and forth between devices and websites. Matthew Green, a cryptographer at Johns HopkinsUniversity, has posted ..
“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” wrote Matthew Green, a cryptographer and research professor at Johns Hopkins University, on his blog...
Yahoo! has announced major encryption improvements designed to thwart ... fun of now that Yahoo! is taking encryption seriously," saidMatthew Green. a cryptographer and research professor at Johns Hopkins University.
"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Matt Green, a professor specializing in cryptography at Johns Hopkins University...
Exclusive: NSA infiltrated RSA security more deeply than thought ...
Reuters, March 31, 2014
A group of professors from Johns Hopkins, the University of Wisconsin, ... Johns Hopkins Professor Matthew Green said it was hard to take the ...
But the terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. “Ok, I know what the Apple bug is,” tweeted Matthew Green, a cryptography professor at Johns Hopkins. “And it is bad. Really bad.”
... haystack. Lacey said of Hopkins' monitoring efforts ... authority, Peterson said.Hopkins officials said they are ... for everyone," said Matthew Green, an assistant research ... of computer science at Johns Hopkins. "It's good to be ...Add News Story here
The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time. According to media reports last year based on secret documents leaked by former NSA contractor Edward Snowden, the NSA had ...
“Bitcoin works really well,” said Matthew Green, a Johns Hopkins University cryptographer who is working to develop a different virtual currency. “All this craziness around Bitcoin isn’t around Bitcoin itself. It’s around the people.”...
How To Avoid Data Theft When Using Public Wi-Fi
Forbes, March 4, 2014
Security experts point to a number of options that hackers can use to gain access to personal information. But they all stem from the fact that the public network is, well, public. “The fact that anyone can join the network is what makes it so unsafe,” cautions Matthew Green, an assistant professor at Johns Hopkins’ Information Security Institute. ”A password login to join the network might feel reassuring,” he adds, “but if everybody knows the password, that’s no better than not having one at all.”
“Stay away from unencrypted Wifi. Don’t use your own Wifi if you live in a crowded neighborhood and have a weak WPA password,” said cryptography expert Matthew Green, of Johns Hopkins, in an email. “Apple’s whole security posture is insane. They’ve been lucky so far, but if they keep it up with the secrecy they won’t stay lucky.”
Apple acknowledged a major security flaw in its software for mobile devices on Friday but did so in such a low-key way that most users likely aren’t aware of just how at risk they might be if they fail to update their software.
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professorMatthew Green. Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor ...
Matthew Green, the Hopkins assistant professor of computer science who is leading the Zerocoin project, says there is a legitimate need for anonymous financial transactions. If virtual currencies are going to exist, he and his team of graduate students say, there should be one that provides the same kind of privacy that people have when exchanging traditional forms of money.
Fifty prominent American computer scientists have signed an open letter urging the United States to reject mass surveillance and preserve privacy. At the heart of the letter is a warning against systems that encourage abuse:
Matthew Green announced the next phase in the evolution of Zerocoin: creating an alternative cryptocurrency with an infrastructure independent of Bitcoin. The new coins, which Green says will go into circulation in May in some sort of beta program, will have their own exchange rate with existing currencies, their own “miners” producing new coins, and their own public ledger of transactions known as the “blockchain,” just as Bitcoin does. But unlike Bitcoin, Zerocoin is designed to be spent and received without revealing any trace of a user’s identity.
Video: Real World Cryptography Workshop
Real World Cryptography Workshop, January 13, 2014
Matthew Green presents on ZeroCoin at Real World Cryptography Workshop.
Critics contend RSA has failed to clarify what its specific business dealings were with the NSA.“I would want to see a clear statement from EMC about what software they’re using, and what algorithms they’re using,” said Matthew Green...