Category Archives: crypto

it’s the randomness, stupid

Posted on February 16, 2012 by ben

The New York Times is reporting that a flaw has been found in RSA. The original paper is here, and it looks like a second team was about to release similar information, so they’ve posted an explanatory blog post, which … Continue reading

Posted in crypto | 10 Comments

encryption is (mostly) not magic

Posted on December 21, 2011 by ben

A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens … Continue reading

Posted in crypto, mozilla, privacy, security, web | 14 Comments

Wombat Voting: Open Audit Elections in Israel

Posted on June 1, 2011 by ben

My friend Alon Rosen is leading an effort with colleagues Amon Ta-Shma, Ben Riva, and Yoni Ben-Nun in Israel to implement and deploy in-person open-audit voting. The project is called Wombat Voting. It combines a number of existing cryptographic techniques … Continue reading

Posted in crypto, voting | 3 Comments

grab the pitchforks!… again

Posted on April 19, 2011 by ben

I’m fascinated with how quickly people have reached for the pitchforks recently when the slightest whiff of a privacy/security violation occurs. Last week, a few interesting security tidbits came to light regarding Dropbox, the increasingly popular cloud-based file storage and … Continue reading

Posted in crypto, data, privacy, web | 10 Comments

intelligently designing trust

Posted on March 30, 2011 by ben

For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. … Continue reading

Posted in crypto, policy, security, web | 3 Comments

everything I know about voting I learned from American Idol

Posted on March 2, 2011 by ben

Tonight, American Idol began online voting. Yes, I’m a fan of American Idol, but don’t let that fool you: I’m still a bitchin’ cryptographer. I suspect that American Idol online voting will give rise to many questions such as “wow, … Continue reading

Posted in crypto, voting | 4 Comments

Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

Posted on January 14, 2011 by ben

In the late 1990s and early 2000s, it was widely assumed by most tech writers and thinkers, myself included, that the Internet was a “Control Revolution” (to use the words of Andrew Shapiro, author of a book with that very … Continue reading

Posted in crypto, privacy, web | 9 Comments

Crisis in the Java Community… could they have used a secret-ballot election?

Posted on December 9, 2010 by ben

There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue … Continue reading

Posted in crypto, privacy, security, voting | Leave a comment

keep your hands off my session cookies

Posted on October 25, 2010 by ben

For years, security folks — myself included — have warned about the risk of personalized web sites such as Google, Facebook, Twitter, etc. being served over plain HTTP, as opposed to the more secure HTTPS, especially given the proliferation of … Continue reading

Posted in crypto, security, web | 18 Comments

Facebook can and should do more to proactively protect users

Posted on October 22, 2010 by ben

A few days ago, the Wall Street Journal revealed that Facebook apps were leaking user information to ad networks. Today, Facebook proposed a scheme to address this issue. This is good news, but I’m concerned that Facebook’s proposal doesn’t address … Continue reading

Posted in crypto, privacy, web | 2 Comments