Security News

India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distributiontechnology that can operate across distances of 150km. While the likes of Toshiba offer a commercial service, current implementations such as a network in London span just 32km. India's military announced it has trialled tech that operates over 150km, and now plans to buy it and put it to work.

If we turn back the clock to five years ago, that's when Slack started leaking hashed passwords. If you're a Slack user, I would assume that if they didn't realise they were leaking hashed passwords for five years, maybe they didn't quite enumerate the list of people affected completely either.

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer.

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology.

Grover's algorithm given a big and powerful enough quantum computer, claims to be able to complete the same feat with the square root of the usual effort, thus cracking the code, in theory, in just 264 tries instead. Shor's quantum factorisation algorithm. Or you'd have to adopt a completely new sort of post-quantum encryption system to which Shor's algorithm didn't apply.

One of the four encryption algorithms the US National Institute of Standards and Technology recommended as likely to resist decryption by quantum computers has has holes kicked in it by researchers using a single core of an Intel Xeon CPU, released in 2013. "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively. A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core," wrote Castryck and Decru, of Katholieke Universiteit Leuven in a a preliminary article [PDF] announcing their discovery.

They use quantum keys that guarantee security based on quantum physics rather than computational complexity, thus they are secure even against quantum computers. Quantum key distribution is the most important technology for realizing quantum cryptosystems.

IBM has started offering quantum-resistant crypto - using the quantum-resistant crypto recommended by the US National Institute of Standards and Technology. China is felt to be stealing data today, safe in the knowledge its future quantum computers will be able to decrypt it in the near future.

The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day - such as online banking and email software. This Help Net Security video covers the highlights of four encryption algorithms selected by NIST..

Threat actors exchange beacons for badgers to evade endpoint securityUnidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Attackers are using deepfakes to snag remote IT jobsMalicious individuals are using stolen personally identifiable information and voice and video deepfakes to try to land remote IT, programming, database and software-related jobs, the FBI has warned last week.