Cryptography Engineering
New News section
In the News
Wired, February 18, 2016
As cryptographer Matthew Green explains in a blog post, the user's password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a ...
Fox, February 18, 2016
Matthew Green, who teaches cryptography and computer security at Johns Hopkins University, fears it's a slippery slope. If Apple complies with the government this time, it'll be forced to in the future. “I haven't seen any guiding principle that would ...
Washington Post, February 17, 2016
“If the government can't break into your phone, probably the criminal down the street can't either,” explained Matthew Green, a cryptography expert at Johns Hopkins University. Apple's decision to take on the government over the Farook case is intended ...
NPR, February 17, 2016
Dr. Matthew Green serves as a guest on NPR.
Washington Post, February 17, 2016
To get that key, one could use a number of techniques, including melting the plastic off the chip and hitting it with bursts of lasers or radio frequencies to recover bits of the key. Matthew D.Green, a cryptography expert at Johns Hopkins University ...
The Intercept, February 17, 2016
“If the U.S. government dictating iPhone encryption design sounds ok to you, ask yourself how you'll feel when China demands the same,” wrote Matthew Green, a cryptography professor at Johns Hopkins University, in a recent tweet. Sen. Ron Wyden, D-Ore.
CNN, February 16, 2016
Matthew Green, who teaches cryptography and computer security at Johns Hopkins University, fears it's a slippery slope. If Apple complies with the government this time, it'll be forced to in the future. "I haven't seen any guiding principle that would prevent this from getting out of hand. It could easily result in every American becoming less secure," he said.
Wired, February 16, 2016
Matthew Green, a cryptographer and professor at Johns Hopkins University, says that Apple and the FBI might indeed be able to defeat the count limit, but doubts they would be able to defeat the 80-millisecond delay the government writes about in its ...
BBC News, October 30, 2015
Matthew Green, assistant professor at the Johns Hopkins Information Security Institute, is sceptical of the idea that either companies or governments are capable of making secure back doors that bad actors could not exploit.
Tech News World, October 29, 2015
The Library of Congress, which oversees the U.S. Copyright Office, on Wednesday published new rules to replace a set of controversial -- and for many, outdated -- measures. Consumers now may hack their own tablet computers, automobile software and Blu-ray devices without fear of being sued.
Ars Technica, October 22, 2015
"If the NSA's mathematicians began to make even modest, but sustained advances in the state of the art for solving the ECDLP, it would put the entire field at risk," Green wrote in a blog post. "Beginning with the smallest of the standard curves, P-256, which would now provided less than the required 128-bit security."
U.S. News and World Report, October 2, 2015
"It’s an idea, like social networking, that you wouldn’t think very much of until it happens. Then you can’t imagine people giving it up,” says Johns Hopkins University computer science professor Matthew Green. “The easiest way to think about Silk Road is to view it as a proof of concept for later darknet markets.”
Wired, September 8, 2015
Yesterday, the New York Times mentioned a trend that’s becoming more common: tech companies fighting back against government requests for user data, among them Microsoft and Apple.
September 15, 2015
Matthew D. Green gives keynote "Secure protocols in a hostile world"
Computer World, August 26, 2015
The Agora Dark Web market cited Tor Hidden Services security vulnerabilities that could allow de-anonymization attacks and temporarily shut down operations after detecting suspicious activity on its servers.
Wired, August 20, 2015
AUGMENTED REALITY GLASSES like Google Glass have never had a stellar reputation among the privacy crowd. But a group of researchers believes that cyborg eyewear could actually offer a privacy upside in the form of a new kind of effortless encrypted communication—one where sensitive data is decrypted not on the screen of a vulnerable computer, but only in the eye of the recipient.
The Washington Post, July 7, 2015
Silicon Valley and Washington have spent the past year arguing over whether technology companies should enable users to encrypt their digital lives in such a way that not even the Federal Bureau of Investigation could unscramble the information.
CNN, June 23. 2015
Capital One, JPMorgan Chase, Suntrust, Wells Fargo -- none of them use what's commonly referred to as the "best practice" in the industry when it comes to Web security.
Wired, June 2, 2015
THE NATIONAL SECURITYAgency knows Edward Snowden disclosed many of its innermost secrets when he revealed how aggressive its surveillance tactics are.
The Washington Post, May 28, 2015
Another week, another dire warning about the technology used to secure online communications. Internet security researchers are warning about apreviously undisclosed vulnerability that affected all modern Web browsers — a weakness that could allow an attacker to snoop or even change communications thought to be secure.
Fast Company, May 5, 2015
Prominent security experts and systems designers Moxie Marlinspike and Matthew Green both wrote essays a few months apart recently arguing that the venerable message encryption system known as PGP (originally short for Pretty Good Privacy) has run its course.
Christian Science Monitor, May 6, 2015
Lawmakers should vote to end the National Security Agency's sweeping surveillance program that scooped up the call records of tens of millions of Americans, a strong majority of Passcode's Influencers said.
The Washington Post, April 15, 2015
For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?
NPR, March 31, 2015
Matthew Green, a professor of computer science at Hopkins, says the number of such students the school turns out each year can vary. "Sometimes it's a half-a-dozen," he says. "Sometimes it's just one or two."Add News Story here
Reuters, March 6, 2015
Apple Inc and Google Inc said on Tuesday that they have developed fixes to mitigate the newly uncovered 'Freak' security flaw affecting mobile devices and Mac computers.
The Washington Post, March 3, 2015
Technology companies are scrambling to fix a major security flaw that for more than a decade left users of Apple and Google devices vulnerable to hacking when they visited millions of supposedly secure Web sites, including Whitehouse.gov, NSA.gov and FBI.gov.
PC World, February 20, 2015
In October 2013, cryptography professor Matthew Green and security researcher Kenneth White launched a project to perform a professional security audit of TrueCrypt. This was partly prompted by the leaks from former U.S. National Security Agency contractor Edward Snowden that suggested the NSA was engaged in efforts to undermine encryption.
The Washington Post, February 19, 2015
President Obama tried to walk a very fine line on encryption, the technology that secures much of the communications that occur online, during his recent visit to Silicon Valley -- saying that he is a supporter of "strong encryption," but also understands law enforcement's desire to access data.
Al Jazeera America, February 17, 2015
Interview with Matt Green.
Gizmodo, February 16, 2015
In potentially the largest bank heist on record, an Eastern European hacker ring is stealing an estimated $1 billion from banks by infecting computers with malware and siphoning money. Add News Story here
Ars Technica, February 6, 2015
For almost two decades, the open source GnuPG encryption project has teetered on the brink of insolvency. Now, following word of that plight, the lone developer keeping the project alive has received more than $135,000—in a single day, no less.
Forbes, December 15, 2014
We’ve been creating passwords since the dawn of the Internet. And we’re still really, really bad at it. Unless you’ve got a cryptography background, your passwords probably offer no more resistance to a hacker than a $5 cable does to a bike thief.
CNN, December 1, 2014
When it comes to privacy, Matthew Green is a guru. This college professor knows all about NSA spying, encryption, computer security -- the works. Yet he's met his match: his 7-year-old son.
The Guardian, November 4, 2014
Johns Hopkins University cryptographer Matthew Green tweeted his dismay after realising that some private notes had found their way to iCloud. Bruce Schneier, another prominent cryptography expert, wrote a blog post calling the automatic saving function “both dangerous and poorly documented” by Apple.
Ars Technica, November 3, 2014
Representing a potential privacy snare for some users, Mac OS X Yosemite uploads documents opened in TextEdit, Preview, and Keynote to iCloud servers by default, even if the files are later closed without ever having been saved.Add News Story here
Slate, November 3, 2014
If you’re like the majority of Mac users, you may think your in-progress files—the ones you haven’t explicitly saved—are being stored directly on your hard drive.
Reuters, October 14, 2014
Three Google Inc researchers have uncovered a security bug in widely used web encryption technology that they say could allow hackers to steal data in what they have dubbed a "Poodle" attack.
Slate, September 23, 2014
ast week Apple released its new iOS 8 operating system for iPhones, iPads, and iPod Touch devices. Most of the coverage of iOS 8 focuses on visible features that users can interact with.
The New Yorker, September 1, 2014
Usually, someone finds a way into someone’s phone and releases one set of images,” Matthew Green, a professor of computer science at Johns Hopkins and an expert on information security, told me. “This time, everything came down at once.” No one knows exactly how the hackers got the images, but Green laid out two possible scenarios.
NPR, September 2, 2014
Computer hackers, celebrities, nude photos. We've heard the story before but this time the implications could be more worrisome.
CSO, August 27, 2014
Green said, “The problem with this is that, for all the good PGP has done in the past, it's a model of email encryption that's fundamentally broken.” Further Green said “PGP keys suck,” “PGP key management sucks” and that that there is “no forward secrecy.” His blog post adds more criticisms and also attempts to find some solutions.
Reuter, July 14, 2014
U.S. government standards for software may enable spying by the National Security Agency through widely used coding formulas that should be jettisoned, some of the country's top independent experts concluded in papers released on Monday.
The Ultra-Simple App That Lets Anyone Encrypt Anything
Wired, July 3, 2014
Green is cautiously optimistic about miniLock’s security. “I wouldn’t go out and encrypt NSA documents with it right now,” he says. “But it has a nice and simple cryptographic design, with not a lot of places for it to go wrong…This is one that I actually think will take some review, but could be pretty secure.”
The Wall Street Journal, May 30, 2014
The group created last month to support open source software in need has announced funding for four initial projects, among them a full security audit of the computer code that sprouted the Heartbleed bug.
The Guardian, May 30, 2014
Encryption tool TrueCrypt has closed its doors, removed its downloads and advised users to switch to a competitor, citing only the end of life of Windows XP as a reason.
Ars Technica, May 29, 2014
One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn't safe to use.
Wired, May 29, 2014
Edward Snowden saw the power of TrueCrypt. Before he became famous for leaking NSA documents to the press, he spent an afternoon in Hawaii teaching people how they could use the encryption software to securely and privately send information over the internet.
Network World, May 29, 2014
Yet cryptographer Matthew Green, who helped start a crowdfunding effort to raise $70,000 so TrueCrypt could be professionally audited, said ...
The Washington Post, May 28, 2014
For Green, the latest turn of events with TrueCrypt raises issues about the dependency of the crypt community on volunteer projects when it comes to encryption. "We used to think these were toys, and along the way we turned them into things people really rely on," he says.
Forbes, May 28, 2014
On Wednesday afternoon, the official website for the TrueCrypt encryption software — which allows users to encrypt hard drives and sensitive files — was updated to say that it is no longer safe to use.
PC World, May 28, 2014
TrueCrypt, the popular open-source encryption program, on ... Matthew Green, who teaches cryptoanalysis at Johns Hopkins and who worked ...
PBS, May 20, 2014
Matthew Green interviewed on PBS's Frontline.
NPR, April 15, 2014
Matt Green appears on The Kojo Nnamdi show.
Johns Hopkins University, April 15, 2014
Matthew Green participates in panel at Johns Hopkins alongside Christopher Soghoian, Principal Technologist at the ACLU and Shahid Buttar, Executive Director of Bill of Rights Defense Committee.
PC World, April 15, 2014
The Open Crypto Audit Project that contracted iSEC to perform the professional code review was created in October by Matthew Green, a cryptographer and research professor at Johns Hopkins University in Baltimore and Kenneth White, a security research ...
Audio: NPR Marketplace
NPR, April 14, 2014
Matthew Green appears on Marketplace Tech to discuss reverse heartbleed, and why the flaw in OpenSSL is significant.
Ars Technica, April 14, 2014
[The results] don't panic me,” Matthew Green, a Johns Hopkins cryptography professor who has been one of the people leading this effort, told Ars. “I think the code quality is not as high as it should be, but on the other hand, nothing terrible is in there, so that's reassuring.”Green said that the second phase was now to perform a “detailed crypto review and make sure that there’s no bug in the encryption.”...
The Register, April 14, 2014
The first phase of crowd-funded audit of TrueCrypt has turned up several vulnerabilities, but nothing particularly amiss and certainly nothing that looks like a backdoor...
Slate, April 14, 2014
Johns Hopkins cryptography professor Matthew Green writes, “The OpenSSL developers have a pretty amazing record considering the amount ...
BBC News, April 12, 2014
"If the NSA really knew about Heartbleed, they have some *serious* explaining to do," cryptographer Matthew Green said on Twitter...
Bloomberg, April 11, 2014
Why would they want to when it's fueled by passion, as Torvalds explained? As Johns Hopkins University cryptography expert Matthew Green tweeted recently, "Hey companies that use OpenSSL: How many $$ have you spent recovering from Heartbleed?
Slate, April 11, 2014
Johns Hopkins professor Matthew Green told the Times, “If we could get $500,000 kicked back to OpenSSL and teams like it, maybe this kind of thing won't happen again.” Maybe. But maybe not—Apple, one of the richest companies in the world, reported a ...
The Wall Street Journal, April 11, 2014
ut if the machines that run the firewalls and virtual private networks are affected by the Heartbleed bug, attackers could use them to infiltrate a network, said Matthew Green, an encryption expert at Johns Hopkins University...
The New York Times, April 9, 2014
“We have standards for coding in mission-critical systems like the airline industry, but I'm not sure we would want those standards applied everywhere,” said Matthew Green, a cryptographer and research professor at Johns Hopkins University. Such strict ...
The Washington Post, April 9, 2014
Heartbleed bug puts the chaotic nature of the Internet under the magnifying glassWashington Post - 16 hours ago“These are guys who are working very hard for very little money,” said Matthew Green, a Johns Hopkins University cryptography expert who has attempted to help the foundation. “Yahoo and all these companies are getting all this value out of this. If they just ...
After Heartbleed Bug, A Race to Plug Internet Hole
The Wall Street Journal, April 9, 2014
Matthew Green, an encryption expert at Johns Hopkins University, said OpenSSL Project is relatively neglected, given how critical of a role it plays in the Internet. Last year, the foundation took in less than $1 million from donations and consulting contracts.Add News Story here
Salon, April 9, 2014
As Johns Hopkins University computer scientist and cryptographerMatthew Green wrote as long ago as last year, there are a number of ways ...
The Washington Post, April 8, 2014
“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” Matthew Green, a cryptographer and research professor at Johns HopkinsUniversity, said ...
Business Week, April 9, 2014
Heartbleed just sounds scary! The name refers to the part of OpenSSL that is vulnerable—the heartbeat, a series of communications sent back and forth between devices and websites. Matthew Green, a cryptographer at Johns HopkinsUniversity, has posted ..
The Wall Street Journal Canada, April 9, 2014
"It is sort of like sticking a teaspoon in the ocean," said Matthew Green, a computer science professor at Johns Hopkins University in Baltimore.
The Washington Times, April 9, 2014
“You should care about this because — whether you realize it or not — a hell of a lot of the security infrastructure you rely on is dependent in some way on OpenSSL,” wrote Matthew Green, a cryptographer and research professor at Johns Hopkins University, on his blog...
Threatpost, April 9, 2014
We'll see how many people do that,” said cryptographer Matthew Green, a professor atJohns Hopkins University. Officials at Mozilla ..
PC Magazine, April 7, 2014
You turned Yahoo into an encryption powerhouse," Matthew Green, a professor of cryptography at Johns Hopkins University, wrote on Twitter ...
Register, April 3, 2014
Yahoo! has announced major encryption improvements designed to thwart ... fun of now that Yahoo! is taking encryption seriously," saidMatthew Green. a cryptographer and research professor at Johns Hopkins University.
Ars Technica, March 31, 2014
"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Matt Green, a professor specializing in cryptography at Johns Hopkins University...
Exclusive: NSA infiltrated RSA security more deeply than thought ...
Reuters, March 31, 2014
A group of professors from Johns Hopkins, the University of Wisconsin, ... Johns Hopkins Professor Matthew Green said it was hard to take the ...
The New York Post, March 31, 2014
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency’s ability to eavesdrop on some Internet...
Wired, March 30, 2014
But the terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. “Ok, I know what the Apple bug is,” tweeted Matthew Green, a cryptography professor at Johns Hopkins. “And it is bad. Really bad.”
The Baltimore Sun, March 15, 2014
... haystack. Lacey said of Hopkins' monitoring efforts ... authority, Peterson said.Hopkins officials said they are ... for everyone," said Matthew Green, an assistant research ... of computer science at Johns Hopkins. "It's good to be ...Add News Story here
PC World, March 15, 2014
The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time. According to media reports last year based on secret documents leaked by former NSA contractor Edward Snowden, the NSA had ...
The Washington Post, March 8, 2014
“Bitcoin works really well,” said Matthew Green, a Johns Hopkins University cryptographer who is working to develop a different virtual currency. “All this craziness around Bitcoin isn’t around Bitcoin itself. It’s around the people.”...
How To Avoid Data Theft When Using Public Wi-Fi
Forbes, March 4, 2014
Security experts point to a number of options that hackers can use to gain access to personal information. But they all stem from the fact that the public network is, well, public. “The fact that anyone can join the network is what makes it so unsafe,” cautions Matthew Green, an assistant professor at Johns Hopkins’ Information Security Institute. ”A password login to join the network might feel reassuring,” he adds, “but if everybody knows the password, that’s no better than not having one at all.”
CBS News, February 25, 2014
Apple released a fix for its Mac OS X operating system on Tuesday, after revealing on Friday that a major security flaw had been found.
Forbes, February 24, 2014
“Stay away from unencrypted Wifi. Don’t use your own Wifi if you live in a crowded neighborhood and have a weak WPA password,” said cryptography expert Matthew Green, of Johns Hopkins, in an email. “Apple’s whole security posture is insane. They’ve been lucky so far, but if they keep it up with the secrecy they won’t stay lucky.”
CNN, February 23, 2014
"It's as bad as you could imagine, that's all I can say," Johns Hopkins University cryptography professor Matthew Green told Reuters. [Readers ...
Slate, February 22, 2014
Apple acknowledged a major security flaw in its software for mobile devices on Friday but did so in such a low-key way that most users likely aren’t aware of just how at risk they might be if they fail to update their software.
Fox, February 22, 2014
Matthew Green appears on Fox TV.
Reuters, February 22, 2014
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professorMatthew Green. Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor ...
Gardner Films Documentary, February 15, 2014
Matthew Green appears as cyyptology expert in Enemy of the Reich documentary film.
New American Foundation, February 12, 2014
Matthew Green participates in Bitcoin Panel
The Baltimore Sun, February 1, 2014
Matthew Green, the Hopkins assistant professor of computer science who is leading the Zerocoin project, says there is a legitimate need for anonymous financial transactions. If virtual currencies are going to exist, he and his team of graduate students say, there should be one that provides the same kind of privacy that people have when exchanging traditional forms of money.
Popular Science, January 24, 2014
Fifty prominent American computer scientists have signed an open letter urging the United States to reject mass surveillance and preserve privacy. At the heart of the letter is a warning against systems that encourage abuse:
Forbes, January 14, 2014
Matthew Green announced the next phase in the evolution of Zerocoin: creating an alternative cryptocurrency with an infrastructure independent of Bitcoin. The new coins, which Green says will go into circulation in May in some sort of beta program, will have their own exchange rate with existing currencies, their own “miners” producing new coins, and their own public ledger of transactions known as the “blockchain,” just as Bitcoin does. But unlike Bitcoin, Zerocoin is designed to be spent and received without revealing any trace of a user’s identity.
Video: Real World Cryptography Workshop
Real World Cryptography Workshop, January 13, 2014
Matthew Green presents on ZeroCoin at Real World Cryptography Workshop.
The Washington Post, January 9, 2014
For years, security and privacy advocates urged Yahoo toimplement encryption by default for its e-mail products. Without such encryption ..
The Boston Globe, December 28, 2013
Critics contend RSA has failed to clarify what its specific business dealings were with the NSA.“I would want to see a clear statement from EMC about what software they’re using, and what algorithms they’re using,” said Matthew Green...
The New York Times, November 18, 2013
Matthew D. Green, a professor of computer science at Johns Hopkins University, said he had been working with a team of researchers to come ...
BBC, November 17, 2013
Matthew Green appears on BBC radio to talk about TrueCrypt audit.
The New York Times, November 17, 2013
Matthew D. Green, a research professor of computer science at Johns Hopkins, says buying illegal drugs online is now easier than buying them ...
The Economist, November 14, 2013
“At that point”, says Matthew Green, a cryptographer at Johns HopkinsUniversity, “people started to get really upset.” In this section. Besieged ...
The New Yorker, November 9, 2013
Matthew Green authors an article in the New Yorker about secure email.
IEEE Spectrum, October 24, 2013
Matthew Green, a computer scientist at the Johns Hopkins Information Security Institute, in Baltimore, wants to make Bitcoin truly anonymous. He’s one of the developers behind Zerocoin, a proposed extension to the Bitcoin protocol that would provide true anonymity.
The Economist, October 18, 2013
The professionally paranoid will tell you that there is no reason to assume those executables were made from the version of the source code that’s publically available. For all these reasons, Matthew Green, an academic cryptographer at Johns Hopkins university and one of the people organising the audit, wants to have it done by a company that specialises in such work.
Ars Technica, October 15, 2013
“We're now in a place where we have nearly, but not quite enough to get a serious audit done,” wrote Matthew Green, a well-known cryptography professor at Johns Hopkins University. How much would “enough” be? “That depends on how many favors we can get from the security evaluation companies,” Green continued on Twitter. "I'm trying to answer that this week."...
Bloomberg, TV, October 13, 2013
Matthew Green appears on Street Smart.
The Baltimore Sun, October 8, 2013
Encryption expert Matthew Green discusses some unfamiliar Internet ... Professor Matthew Green spoke with The Baltimore Sun about some ...
NPR, October 4, 2013
Matthew Green appears on Science Friday.
The Baltimore Sun, October 3, 2013
... exposing many casual Internet users to unfamiliar terms like Deep Web, Tor and Bitcoin. So we asked Johns Hopkins cryptography professor MatthewGreen -- who recently was in the news himself for his writings on the NSA -- to help break down this ...
September 30, 2013
Matthew Green, Research Professor of Computer Science at Johns Hopkins University, says that of the four different fonts, 'False' could be most promising, but that in his view camouflaged fonts are not terribly effective at protecting people's privacy...
The Baltimore Sun, September 29, 2013
A Johns Hopkins University cryptography ... know what to say," said MatthewD. Green, who received the invitation ... invitation gave a boost to Green's rising prominence in ... over NSA spying methods. Johns Hopkins administrators this month ...
NPR, September 26, 2013
Matthew Green appears on All Things Considered.
Risky Business, September 20, 2013
Matthew Green featured on radio show Risky Business.
The Baltimore Sun, September 18, 2013
week of reflection, the Johns Hopkins cryptography professor ... NSA, was concerned that Matthew Green had posted links to classified ... from those concerned that Green's academic freedom had ... might lose my job," Green said. He made the comments ...
JHU, September 18, 2013
Matthew Green participates in a Cryptography Roundtable discussion at Johns Hopkins to discuss NSA surveillance and censorship of his blog.
The Baltimore Sun, September 18, 2013
Matthew Green speaks at a Johns Hopkins event about the NSA's covert surveillance operations in the U.S. Green, an assistant research ...