PGP Corporation Blogs » PGP Advisory Board

Stoned Boot Attack

Jon Callas — Wed, 05 Aug 2009 02:42:54 +0000

Another development that came out this last week at Black Hat is the “Stoned Bootkit” boot-level malware. You can find documentation including the source code at the http://www.stoned-vienna.com/ site.

This is an interesting piece of malware, particularly since it works around the full-disk…

AES Attack- No Reason to Panic

Jon Callas — Thu, 30 Jul 2009 20:02:59 +0000

Today a group of cryptographers, Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, have released an attack against the AES block cipher. For the crypto community this is an impressive achievement, but we need to be clear…

Birukov and Khovratovich Attack on AES

Jon Callas — Thu, 02 Jul 2009 21:55:35 +0000

You can find their paper here, a news story here, and Bruce Schneier’s blog on it here.

The summary is that they can break AES-192 and AES-256 with related-key attacks.

As they say, themselves, it isn’t a practical attack. They need far…

Congratulations to Apple and Ivan Krstić

Jon Callas — Mon, 18 May 2009 21:05:15 +0000

I am pleasantly surprised to learn that Apple has hired one of the best minds in computer security, Ivan Krstić for their operating security work.

I first met Ivan a few years ago through his work with the One Laptop Per…

Lies, Damned Lies, and Marketing

Jon Callas — Tue, 28 Apr 2009 22:07:03 +0000

I wrote last week about the latest update of a password cracker that’s using graphics processing cards as parallel processing.

The company who made this has a great product, and as I said then, it’s a very cool product. They also did…

You Might Need a Longer Passphrase

Jon Callas — Sat, 25 Apr 2009 02:52:48 +0000

There are plenty of password crackers out there. There are open source crackers, commercial crackers, and private ones. One of the companies that publishes a commercial product has recently released a new version that uses graphics cards as parallel…

The Strange Rise and Fall of Hardware Disk Encryption

Jon Callas — Tue, 14 Apr 2009 19:01:28 +0000

It is perhaps a mistake to even talk about hardware as opposed to software anymore. Many devices that we normally think of as hardware are actually computer systems with a CPU, memory, mass storage, and so on. Routers, cell phones,…

Email Marketing Gaffe

Jon Callas — Tue, 24 Mar 2009 21:05:51 +0000

As you may have read in John Leyden’s article in The Register, “PGP email marketing gaffe creates message storm,” one of our Business Development people sent out an email to some 290 customers who are evaluating PGP Desktop.

The person in…

Report from the NIST Hash Function Conference

Jon Callas — Thu, 05 Mar 2009 05:27:21 +0000

“Oh,” I thought, “now that the new blogging system is in place, I could live-blog from the Hash conference!” That was a small fit of optimism in its purest form. Conferences are always tiring because one tends to get up…

PGP Products and the VPN in the Houses of Parliament

Jon Callas — Wed, 04 Mar 2009 22:54:23 +0000

In an article in The Register, “MPs told PGP ‘incompatible’ with Parliament network,” John Leyden reports that Members of Parliament have been told that they are welcome to use PGP products for protecting their email communications, but that there may…