My four-week History of Cryptography class at Portland Underground Grad School is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects.
Crypto superstar Bruce Schneier has written a good overview of the new Logjam attack against the Diffie-Hellman key exchange protocol. If you want to test your browser and various websites against the bug, check this website. The CloudFlare blog also has a good explanation of the Logjam attack.
The worst part of the #logjam vulnerability is going back through our stockpile of data. What a chore.
— NSA Public Relations (@NSA_PR) May 20, 2015
GNU Privacy Guard (GnuPG) version 2.1.4 was released earlier this month. Read the announcement here. The exciting thing about the 2.1 releases is that they support elliptic curve cryptography (ECC), and allow you to create ECC public keys. I still find ECC difficult to understand, but here’s a pretty good introduction written by Nick Sullivan.
Finally, back in February, Moxie Marlinspike wrote about how he hopes OpenPGP will die someday. I, on the other hand, still use it regularly and enjoy it! In fact, I’m going to encourage you to check out the FSF Email Self Defense website so you can get started with encrypting your email today. When you’re ready, drop me a line using my OpenPGP key.
The featured image for this post is courtesy of Flickr user Jaymis Loveday.