Category Archives: Encryption
WhatsApp is the mobile messaging backbone of much of the global population, and all of its users just got an added layer of privacy protection.
On the WhatsApp blog, the Facebook-owned messaging app confirmed that end-to-end encryption for backed up chats in the cloud will roll out "slowly" to all of its two billion (!) users starting now. This was previously announced in September, but without a specific release date. All you need to do is have the latest version of the WhatsApp mobile app installed to get access to the feature.
Here's how it works: Let's say you're getting a new phone and want to keep some WhatsApp conversations that are stored locally on your current device around for future reference using the iCloud or Google Drive cloud backup that's already available in WhatsApp. Open the Settings menu, find the "Chat Backup" option in the Chats section, then tap "End-to-end Encrypted Backup." You'll be prompted to turn it on, and guided through the process of creating a custom password or a 64-digit key. Hit "Create" after that and watch the magic happen.
Of course, it's vital that you keep your password or key around so you can use it later. What this feature does is lock that cloud backup behind a layer of security that prevents both WhatsApp and any cloud service from accessing the messages or the key used to unlock them.
This closes a loophole that would have allowed governments to force cloud services to hand over backed up messages, notably in the wake of increased online surveillance laws in India. That country has the largest concentration of WhatsApp users in the world.
As always, if an app gives you the option to enhance privacy, you should probably use it.
WhatsApp is beginning to roll out a new feature that will provide its two billion users the option to encrypt their chat history backup in iCloud or Google Drive, patching a major loophole that has been exploited by governments to obtain and review private communication between individuals.
WhatsApp has long encrypted chats between users on its app. But users have had no means to protect the backup of those chats stored in the cloud. (For iPhone users, the chat history is stored in iCloud, and Android users rely on Google Drive.)
It has been widely reported that law enforcement agencies across the globe have been able to access the private communications between suspect individuals on WhatsApp by exploiting this loophole.
WhatsApp, which processes over 100 billion messages a day, is closing that weak link, and tells TechCrunch that its providing this new feature to users in every market where the app is operational. The feature is optional, the company said.(Its not uncommon for companies to withhold privacy features for legal and regulatory reasons. Apples new encrypted browsing feature isnt available to users in certain authoritarian regimes, such as China, Belarus, Egypt, Kazakhstan, Saudi Arabia, Turkmenistan, Uganda and the Philippines.)
Mark Zuckerberg, founder and chief executive of Facebook, noted that WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups. Proud of the team for continuing to lead on security for your private conversations, he wrote in a post on his Facebook page.
WhatsApp began testing the feature with a small group of users last month. The company devised a system to enable WhatsApp users on Android and iOS to lock their chat backups with encryption keys. WhatsApp says it will offer users two ways to encrypt their cloud backups.
Users on WhatsApp will see an option to generate a 64-digit encryption key to protect their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based backup key vault that WhatsApp has developed. The cloud-stored encryption key cant be used without the users password, which isnt known to WhatsApp.
While end-to-end encrypted messages you send and receive are stored on your device, many people also want a way to back up their chats in case they lose their phone, the company wrote in a blog post.
The feature can be accessible by navigating to Settings > Chats > Chat Backups > End-to-End Encrypted Backup (Image Credits: WhatsApp)
As we wrote last month, the move to introduce this additional layer of privacy is significant and one that can have far-reaching implications.
End-to-end encryption remains a thorny topic of discussion as governments across the globe continue to lobby for backdoors. Apple was pressured to not add encryption to iCloud Backups after the FBI complained, according to Reuters, and while Google has offered users the ability to encrypt their data stored in Google Drive, the company reportedly didnt tell governments before it rolled out the feature.
India, WhatsApps biggest market by users, has introduced a new law that requires the company to devise a way to make traceability of questionable messages possible. WhatsApp has sued the Indian government over this new mandate, and said such a requirement effectively mandates a new form of mass surveillance.
The U.K. government which isnt exactly a fan of encryption recentlyasked messaging apps to not use end-to-end encryption for kids accounts. Elsewhere in the world, Australia passed controversial laws three years ago that are designed to force tech companies to provide police and security agencies access to encrypted chats.
WhatsApp declined to discuss whether it had consulted with lawmakers or government agencies about the new feature.
Privacy-focused organizations including Electronic Frontier Foundation have lauded WhatsApps move.
This privacy win from Facebook-owned WhatsApp is striking in its contrast to Apple, which has been under fire recently for its plans for on-device scanning of photos that minors send on Messages, as well as of every photo that any Apple user uploads to iCloud. While Apple has paused to consider more feedback on its plans, theres still no sign that they will include fixing one of its longstanding privacy pitfalls: no effective encryption across iCloud backups, the organization wrote.
WhatsApp is raising the bar, and Apple and others should follow suit.
See original here:
WhatsApp now lets users encrypt their chat backups in the cloud - TechCrunch
For centuries, cryptography was the exclusive preserve of the state. Then, in 1976, Whitfield Diffie and Martin Hellman came up with a practical method for establishing a shared secret key over an authenticated (but not confidential) communications channel without using a prior shared secret. The following year, three MIT scholars Ron Rivest, Adi Shamir and Leonard Adleman came up with the RSA algorithm (named after their initials) for implementing it. It was the beginning of public-key cryptography at least in the public domain.
From the very beginning, state authorities were not amused by this development. They were even less amused when in 1991 Phil Zimmermann created Pretty Good Privacy (PGP) software for signing, encrypting and decrypting texts, emails, files and other things. PGP raised the spectre of ordinary citizens or at any rate the more geeky of them being able to wrap their electronic communications in an envelope that not even the most powerful state could open. In fact, the US government was so enraged by Zimmermanns work that it defined PGP as a munition, which meant that it was a crime to export it to Warsaw Pact countries. (The cold war was still relatively hot then.)
In the four decades since then, theres been a conflict between the desire of citizens to have communications that are unreadable by state and other agencies and the desire of those agencies to be able to read them. The aftermath of 9/11, which gave states carte blanche to snoop on everything people did online, and the explosion in online communication via the internet and (since 2007) smartphones, has intensified the conflict. During the Clinton years, US authorities tried (and failed) to ensure that all electronic devices should have a secret backdoor, while the Snowden revelations in 2013 put pressure on internet companies to offer end-to-end encryption for their users communications that would make them unreadable by either security services or the tech companies themselves. The result was a kind of standoff: between tech companies facilitating unreadable communications and law enforcement and security agencies unable to access evidence to which they had a legitimate entitlement.
In August, Apple opened a chink in the industrys armour, announcing that it would be adding new features to its iOS operating system that were designed to combat child sexual exploitation and the distribution of abuse imagery. The most controversial measure scans photos on an iPhone, compares them with a database of known child sexual abuse material (CSAM) and notifies Apple if a match is found. The technology is known as client-side scanning or CSS.
Powerful forces in government and the tech industry are now lobbying hard for CSS to become mandatory on all smartphones. Their argument is that instead of weakening encryption or providing law enforcement with backdoor keys, CSS would enable on-device analysis of data in the clear (ie before it becomes encrypted by an app such as WhatsApp or iMessage). If targeted information were detected, its existence and, potentially, its source would be revealed to the agencies; otherwise, little or no information would leave the client device.
CSS evangelists claim that its a win-win proposition: providing a solution to the encryption v public safety debate by offering privacy (unimpeded end-to-end encryption) and the ability to successfully investigate serious crime. Whats not to like? Plenty, says an academic paper by some of the worlds leading computer security experts published last week.
The drive behind the CSS lobbying is that the scanning software be installed on all smartphones rather than installed covertly on the devices of suspects or by court order on those of ex-offenders. Such universal deployment would threaten the security of law-abiding citizens as well as lawbreakers. And even though CSS still allows end-to-end encryption, this is moot if the message has already been scanned for targeted content before it was dispatched. Similarly, while Apples implementation of the technology simply scans for images, it doesnt take much to imagine political regimes scanning text for names, memes, political views and so on.
In reality, CSS is a technology for what in the security world is called bulk interception. Because it would give government agencies access to private content, it should really be treated like wiretapping and regulated accordingly. And in jurisdictions where bulk interception is already prohibited, bulk CSS should be prohibited as well.
In the longer view of the evolution of digital technology, though, CSS is just the latest step in the inexorable intrusion of surveillance devices into our lives. The trend that started with reading our emails, moved on to logging our searches and our browsing clickstreams, mining our online activity to create profiles for targeting advertising at us and using facial recognition to allow us into our offices now continues by breaching the home with smart devices relaying everything back to motherships in the cloud and, if CSS were to be sanctioned, penetrating right into our pockets, purses and handbags. That leaves only one remaining barrier: the human skull. But, rest assured, Elon Musk undoubtedly has a plan for that too.
Wheels within wheelsIm not an indoor cyclist but if I were, The Counterintuitive Mechanics of Peloton Addiction, a confessional blogpost by Anne Helen Petersen, might give me pause.
Get out of hereThe Last Days of Intervention is a long and thoughtful essay in Foreign Affairs by Rory Stewart, one of the few British politicians who always talked sense about Afghanistan.
The insiderBlowing the Whistle on Facebook Is Just the First Step is a bracing piece by Maria Farrell in the Conversationalist about the Facebook whistleblower.
Go here to read the rest:
Apples plan to scan images will allow governments into smartphones - The Guardian
Today EFF and other internet and digital rights organizations are announcing the Alliance for Encryption in Latin America and the Caribbean (AC-LAC). The Alliance is a platform for collective capacity building and information, based on the principle that encryption is an essential tool for security and respect for human and fundamental rights in the region, including freedom of expression and privacy.
The virtual launch event is October 21, with the participation of member organizations. It is open to the public.
This regional Alliance seeks to advance a proactive agenda to promote and defend encryption in Latin America and the Caribbean. It aims to strengthen the use of encryption and generate an ecosystem of trust, security and stability within information and communications technologies (ICTs), particularly the critical infrastructure of the internet and its applications and services.
The platform,comprised of 14 organizations throughout the region, seeks to coordinate efforts with encryption initiatives at the global, regional, and national levels, and generate spaces for exchanging information and mobilizing actions to respond to the effects weakened encryption have on security and fundamental rights.
The member organizations, which have outlined a joint agenda despite their diverse natures and interests, are: Access Now, ALAI, APC; Article 19; Coalizo Direitos na Rede (CDR); Derechos Digitales; EFF; Karisma Foundation; IP.rec; IRIS; ISOC Brazil; Nic.br; R3D. The eLAC initiative will participate as an observer member. The Alliance is open to new members who share its principles and ideas.
On Thursday, October 21, during Global Encryption Day, AC-LAC will present its regional pro-encryption agenda. A live event will be held to introduce the Alliance and its mission, and discuss why encryption is imperative for a more secure internet.
In addition to the 14 member organizations, AC-LAC counts on the Institute for Digital Development of Latin America and the Caribbean (IDD LAC) as the Alliance's secretariat.
Follow us on our social networks: twitter: @aclac_alianza and linkedIn: AC-LAC or on our website http://www.ac-lac.org for more information.
WhatsApp end-to-end encrypted backups are rolling out on both Android and iOS – GSMArena.com news – GSMArena.com
Starting today, WhatsApp is adding end-to-end encryption to your cloud backups on both Android and iOS. While WhatsApp itself has been end-to-end encrypted by default for the past five years, until now if you chose to backup your chats to Google Drive (from the Android version of WhatsApp) or iCloud (if you're on iOS), those backups wouldn't be encrypted.
Now, however, you can turn on end-to-end encryption for your backups. The way WhatsApp owner Facebook describes this in its announcement, it seems like it won't be on by default but you'll have to actively choose to enable it by going to Settings > Chats > Chat Backup > End-to-end Encrypted Backup.
When you do that, you'll need to use either a password of your choice or a 64-digit encryption key that only you know. Once you set all that up, neither WhatsApp nor Google or Apple will be able to read your backups without your key or password.
Facebook rightly points out that WhatsApp is the only global messaging service to provide such a level of security at such a scale. The new feature allowing for end-to-end encryption of backups will be rolling out slowly to those with the latest version of WhatsApp for Android or iOS.
WhatsApp is allowing users to encrypt their backed-up chats, making them unreadable without access to a password or 64-digit encryption key.
Facebook, the messaging apps owner, said from Thursday some users would be able to fully encrypt messages stored on Google Drive or Apples iCloud. The company said it would be introducing the feature slowly to people with the latest version of WhatsApp.
The move comes against a backdrop of concern about the safety of backed-up messages. In May, WhatsApp sued the Indian government over new IT laws that include putting messages into a traceable database. The government would then be able to identify and act against the sender if any content was ruled unlawful. India is WhatsApps largest market.
Facebook said users could hold their own encryption key, preventing a scenario whereby a cloud service provider could be forced to hand the key to authorities. It said: You can now secure your end-to-end encrypted backup with either a password of your choice, or a 64-digit encryption key that only you know. Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it.
WhatsApp messages sent and received on mobile devices are already end-to-end encrypted, with the latest feature designed to reassure people who back up their messages on cloud services in case they lose their phone. The feature can be activated by opening the apps settings, tapping on chats, then chats backup and end-to-end encrypted backup.
Facebooks plans gradually to introduce end-to-end encryption across its suite of services, which also include Instagram and Facebook Messenger, have previously been criticised by the government. The home secretary, Priti Patel, has said it would put children at risk and offer a hiding place for abusers and other criminals.
In June, the Home Office said the government was in favour of strong encryption to protect citizens from harm online but was concerned that Facebooks implementation of the technology would blind law enforcements ability to access content.
WhatsApps more than 2 billion users send more than 100bn messages a day. Speaking in September, when the proposal was announced, to the US technology blog The Verge, WhatsApps chief executive, Will Cathcart, said: I believe strongly that governments should be pushing us to have more security and not do the opposite.
Mark Zuckerberg, Facebooks chief executive, also speaking in September, said: WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and backups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems.
October 14, 2021 | 9:29am
MANILA, Philippines One of the most dangerous security vectors facing enterprises is also one of the least understood.
Research into Encrypted Traffic Threats shows that 41% of businesses do not have a solid understanding of the existence and nature of encrypted traffic threats, and the harm that they can cause.
However, encryption has gradually become one of the most substantial vehicles for cyber threats organizations now have to deal with.
Encrypted traffic became a potential hazard precisely because so much data is now encrypted. In 2016 just over a half (53%) of all web traffic was encrypted, but by 2019, that percentage had grown to a massive 87%, opening an opportunity that is almost the size of the entire Internets data for hackers to slip malicious code into enterprise networks.
The risk that encrypted traffic threats pose is simple; they are hard to see. Cybercriminals find this pathway to be one of the most effective ways to bypass firewalls, intrusion prevention systems, unified threat management, secure web gateways, data loss prevention, anti-malware and most other security solutions.
One way to protect against this is to deploy decryption solutions, but even here, there are some concerns, with 36% of those surveyed citing concern over data privacy, 29% worried about decryption causing performance bottlenecks and 18% worried about having a lack of available skills to manage such a security solution.
Consequently, nearly one-half (48%) of organizations have yet to implement decryption solutions.
The best way to address these issues is to have an automated solution that can proactively monitor and analyze encrypted data.
When the Czech Republics National Cyber and Information Security Agency sought a more robust way to fortify the countrys selected government institutions against modern advanced threats, it turned to Flowmon and the Flowmon Anomaly Detection System for threat-hunting capability.
The system uses 44 detection methods comprising 200+ algorithms to immediately spot and alert the IT teams of any anomalies that had been hidden in network traffic, encrypted or not. (More about the National Cyber and Information Security Agency experience here.)
This application of AI became a valuable source IT expertise that multiplied staff bandwidth to manage the solution and allowed for full and complex monitoring of the entire networked environment.
With Flowmon ADS in place, the institute has a comprehensive, yet noise-free overview of suspicious behaviors in the partner networks, flawless detection capability, and a platform for the validation of indicators of compromise.
Flowmons solution works at scale, too. GANT, a pan-European data network for the research and education community,is running one of the worlds largest data networks, and transfers over 1,000 terabytes of data per day over the GANT IP backbone.
For something of that scale, there is simply no way to manually monitor the entire network for aberrant data. With a redundant application of two Flowmon collectors deployed in parallel, GANT was able to have a pilot security solution to manage the data flow of this scale live in just a few hours.
With a few months of further testing, integration and algorithmic learning, the solution was then ready to protect GANTs entire network from encrypted data threats. (More about the GANT experience here.)
Uncertainty and a lack of understanding are driving the hesitancy for enterprises to adopt encrypted traffic threat response solutions.
Furthermore, for a response to this threat to be effective, it is critical that network operations and security operations (NetOps + SecOps = NetSecOps) work in collaboration, but according to the study, 40% of enterprises do not currently have these teams working closely together.
By adopting tools that are built with the NetSecOps philosophy in mind in order to foster collaboration between the two teams, companies can greatly cut down on incident resolution time and save expenditure on tools with functional overlap.
In 2020, Kemp Technologies announced the acquisition of Flowmon. In doing so, the company has been able to bring together holistic solutions that allow partners to become a one-stop-shop for robust network security.
We are excited to extend the value offered to customers in the areas of infrastructure security, network observability and automated incident response by welcoming Flowmon to the Kemp family, Kemp Technologies CEO Ray Downes said.
The expansion of Kemps portfolio to include Flowmons solutions will provide customers the ideal combination of network analysis, pre-emptive threat detection and workload delivery for optimal, uninterrupted user and application experience, he added.
Kemps two product families comprising the LoadMaster load balancer and the Flowmon NetSecOps suite allows companies to take full control of their digital environment, with load balancing, network performance monitoring and response solutions. The solution is easy to deploy and configure and boasts data on the dashboard within 30 minutes.
With government regulation and privacy concerns demanding that corporations show ever-greater responsibility around data and encryption, Flowmon and Kemp are proving to be an essential response in also protecting the network from cybercrime.
Kemp is currently offering Free Network Assessment. To learn more, firstname.lastname@example.org, call (+632) 8706 5592 or visitwww.acw-distribution.com.ph.
Encrypted Traffic Threats Research:https://www.flowmon.com/en/idg-research-encrypted-traffic-threats
Encryption Management Solutions Market 2021 : Industry Analysis ,Size, Share, Revenue, Prominent Players, Developing Technologies, Tendencies and…
The Encryption Management Solutions market research includes a market evaluation, trends, segments, and regional markets. A summary and dynamics were also given in the report. The report provides specific production numbers for each region in terms of revenue and volume over a long period of time. The report also provides COVID-19s impact for an analogous period, as well as statistics on recovery and production capacity.
Get a Sample Report of Encryption Management Solutions Market @ https://www.intelligencemarketreport.com/report-sample/90891
Key Companies Included in this report are:
The research covers a wide range of market aspects in depth. The study goes into great detail on the elements that drive worldwide market growth as well as technical advancements. The report also examines the Encryption Management Solutions markets present constraints, which limit growth and have long-term consequences. The influence of increased consumer demand on global economic growth is also discussed in the report.
Report details available @ https://www.intelligencemarketreport.com/market-report/encryption-management-solutions-market
COVID-19 Impact Analysis
The outbreak of COVID-19 has impacted a number of businesses. Furthermore, the COVID Pandemic has opened up a limited number of new commercial options for the Encryption Management Solutions market. The epidemic has changed the competitive landscape and market dynamics in general. All of these disruptions and repercussions have been quantified in this research, which is backed up by market trends, events, and revenue change analysis.
Encryption Management Solutions Market Segmentation, By Type:Disk EncryptionFolder EncryptionCloud EncryptionCommunication Encryption
Encryption Management Solutions Market Segmentation, By Application:BFSIHealthcareGovernmentRetailIT and telecom
Enquiry about report @ https://www.intelligencemarketreport.com/send-an-enquiry/90891
The competitive landscape of the Encryption Management Solutions market gives in-depth information on the markets major competitors. A firm overview, finances, incomes generated, market potential, and investment in R&D are among the details. Other information includes new market initiatives, regional presence, corporate strengths and weaknesses, product launch, product width and scope, and applications. Only market-related companies are included in the above data points. The report also includes a summary of key players achievements in the global Encryption Management Solutions market. It also shows the most important market trends that are worth following.
Buy Single User PDF Research Report On Encryption Management Solutions Market @
The Encryption Management Solutions market is separated into geographical areas based on locations like North America, Latin America, Europe, Asia Pacific, the Near East, and Africa. Production and consumer ratios, market size and market share, import and export ratios, supply and demand, consumer demand ratios, technological advancements, research and development, infrastructure development, economic growth, and a strong market presence in every region are all covered by research.
The findings of this study are a valuable resource for fulfilling all company objectives, including crucial missions. The outcomes have improved the performance of business stakeholders and industry entities demonstrably. The outcomes are tailored to meet the needs of stakeholders. The Encryption Management Solutions market study also includes current case studies on how companies dealt with various issues on their way to consolidation.
Head of Business Development & Strategy
Phone: +44 20 8144 2758
SSL/TLS is supported by Redis starting with version 6 as an optional feature that needs to be enabled at compile time.
To build with TLS support you'll need OpenSSL development libraries (e.g. libssl-dev on Debian/Ubuntu).
Run make BUILD_TLS=yes.
To run Redis test suite with TLS, you'll need TLS support for TCL (i.e. tcl-tls package on Debian/Ubuntu).
Run ./utils/gen-test-certs.sh to generate a root CA and a server certificate.
Run ./runtest --tls or ./runtest-cluster --tls to run Redis and Redis Cluster tests in TLS mode.
To manually run a Redis server with TLS mode (assuming gen-test-certs.sh was invoked so sample certificates/keys are available):
To connect to this Redis server with redis-cli:
In order to support TLS, Redis must be configured with a X.509 certificate and a private key. In addition, it is necessary to specify a CA certificate bundle file or path to be used as a trusted root when validating certificates. To support DH based ciphers, a DH params file can also be configured. For example:
The tls-port configuration directive enables accepting SSL/TLS connections on the specified port. This is in addition to listening on port for TCP connections, so it is possible to access Redis on different ports using TLS and non-TLS connections simultaneously.
You may specify port 0 to disable the non-TLS port completely. To enable only TLS on the default Redis port, use:
By default, Redis uses mutual TLS and requires clients to authenticate with a valid certificate (authenticated against trusted root CAs specified by ca-cert-file or ca-cert-dir).
You may use tls-auth-clients no to disable client authentication.
A Redis master server handles connecting clients and replica servers in the same way, so the above tls-port and tls-auth-clients directives apply to replication links as well.
On the replica server side, it is necessary to specify tls-replication yes to use TLS for outgoing connections to the master.
When Redis Cluster is used, use tls-cluster yes in order to enable TLS for the cluster bus and cross-node connections.
Sentinel inherits its networking configuration from the common Redis configuration, so all of the above applies to Sentinel as well.
When connecting to master servers, Sentinel will use the tls-replication directive to determine if a TLS or non-TLS connection is required.
Additional TLS configuration is available to control the choice of TLS protocol versions, ciphers and cipher suites, etc. Please consult the self documented redis.conf for more information.
TLS adds a layer to the communication stack with overheads due to writing/reading to/from an SSL connection, encryption/decryption and integrity checks. Consequently, using TLS results in a decrease of the achievable throughput per Redis instance (for more information refer to this discussion).
I/O threading is currently not supported with TLS.
TLS Support Redis
XEdDSA and VXEdDSA
This document describes how to create and verify EdDSA-compatible signatures using public key and private key formats initially defined for the X25519 and X448 elliptic curve Diffie-Hellman functions. This document also describes "VXEdDSA" which extends XEdDSA to make it a verifiable random function, or VRF.
This document describes the "X3DH" (or "Extended Triple Diffie-Hellman") key agreement protocol. X3DH establishes a shared secret key between two parties who mutually authenticate each other based on public keys. X3DH provides forward secrecy and cryptographic deniability.
This document describes the Double Ratchet algorithm, which is used by two parties to exchange encrypted messages based on a shared secret key. The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated from later ones. The parties also send Diffie-Hellman public values attached to their messages. The results of Diffie-Hellman calculations are mixed into the derived keys so that later keys cannot be calculated from earlier ones. These properties give some protection to earlier or later encrypted messages in case of a compromise of a party's keys.
This document describes the Sesame algorithm for managing message encryption sessions in an asynchronous and multi-device setting.
Signal >> Documentation