In May, I taught a class on the History of Cryptography at Portland Underground Grad School. I’m extremely grateful to PUGS for asking me to teach, because I’d never done it before. It was a great experience. My students were intelligent and the discussion was good. I learned quite a few things in the process.
Kind of good news: Senators Ron Wyden and Rand Paul teamed up to squash the Patriot Act extension. It’s going to expire on June 1st unless another vote is called on the 31st. The USA Freedom Act (which I think is good?) unfortunately didn’t make it through Senate, either.
Objected to extending the Patriot Act #EndThisDragnet
— Ron Wyden (@RonWyden) May 23, 2015
Regarding the Logjam vulnerability that I mentioned last week, if you’ve got a cloud server and you’re generating new Diffie-Hellman parameters, make sure you’ve got good random numbers! Digital Ocean has advice on generating sufficient random data on cloud servers. The short version is that you should be running haveged on all of your servers.
Regarding #LOGJAM, I wonder how many people are generating new 2048 bit primes on virtual machines with bad RNG right now.
— 🅳🅰🆅🅸🅳 🅷🅾🅻🅼🅴🆂 (@capmblade) May 22, 2015
I’m in the middle of some major migrations and upgrades on the Arnesonium servers. So far, the results have been positive. For instance, the SSL/TLS configuration on my webserver is finally awesome. I’ve also got MaxCDN configured properly, so the entire website is now served via SSL/TLS only!
Here’s what the Qualys SSL Labs checker had to say:
My four-week History of Cryptography class at Portland Underground Grad School is almost over. While I’ve had plenty of experience with speaking to audiences about difficult subjects, this has been my first time with an ongoing class. I think I’m learning as much as my students! Because this class has helped rekindle my passion for cryptography and computer security, this link rodeo is going to focus on those subjects.
Version 1.3.0 of the OpenPGP Form Encryption for WordPress plugin is now available. It’s important to upgrade. It includes the following changes.
- Updates OpenPGP.js to version 1.0.1
- Tests the plugin against WordPress 4.2.2
- Ensures that the browser can support OpenPGP.js
There are a few new features planned for this plugin. Expect a major version release in the next few months.
Check out the plugin page on the WordPress Plugin Repository.
Portland Underground Graduate School (PUGS) has invited me to teach a class on the history of cryptography starting May 4th. The class will be four sessions and is very affordable: only $40!
We will cover the basics of cryptography, where it came from, and why it’s important. In addition, I will teach you how to use a number of manual cryptographic techniques. I’m really excited about this class, and I can’t wait to share my knowledge!
To learn more and to sign up, please visit the PUGS class listing here.
WordPress sends out email sometimes, and it doesn’t encrypt any of them by default. Integration of WordPress and OpenPGP for a better security is a case study by Paweł Bulwan that examines the security implications of all of these emails. Are they leaking important information? Should WordPress site owners worry about them?