Large even prime number discovered

You have probably been taught that two is the only even prime number. But today mathematicians at the University of Southern North Dakota at Hoople have discovered a new, large, even prime. It is more than a million digits long and is equal to the value of 3²²³⁷⁵⁶¹+3¹¹¹⁸⁷⁸¹. Many people are under the erroneous belief […]

Guess why we’re moving to 256-bit AES keys

1Password is moving to using 256-bit AES keys instead of 128-bit keys. We already started this within the browser extensions in the summer of 2011, and the new Cloud Keychain Format also uses 256-bit keys. Why do you think we are making this move? If your answer is because AES 256 is stronger than AES […]

Authenticated Encryption and how not to get caught chasing a coyote

I introduced HMAC (Hash-based Message Authentication Code) through the back door when talking about the Time-based One Time Password (TOTP) of Dropbox’s two-step verification. But TOTP is actually a peculiar way to use HMAC. Let’s explore what what Message Authentication Codes (MACs) are normally used for and why they play such an important role in […]

Doing the two-step until the end of time

In my discussion of Dropbox’s new two-step authentication, I skimped on the cryptography. Because we had to move quickly, I wanted to focus at the time just on our recommendations, so I told a few fibs about how the way the six digit codes “get” to your phone. Now I want to explain how it […]

Alan Turing’s contribution can’t be computed

Alan Turing was born a hundred years ago this year and his most important paper was published seventy-six years ago (November 1936). It is close to impossible to overstate the influence that Turing has had on the modern world. It is something well worth celebrating his life throughout this centennial year. Although any celebration must […]

Hashing fast and slow: GPUs and 1Password

The net is atwitter with discussion of Jeremi Gosney’s specially crafted machine with 25 GPUs that can test hundreds of billions of passwords per second using hashcat, a password cracking system. Password crackers, like hashcat, look at the cryptographic hashes of user passwords and repeatedly make guesses to try to find a password that works. […]

Credit card numbers, checksums, and hashes. The story of a robocall scam

As  Lívia and I were out walking Molly and Patty on Monday evening, I received a telephone call from an unknown number. I decided to answer the phone anyway, and I was greeted by a recorded voice telling me that my Bank of America debit card beginning with 4217 has been limited and whether I […]

Flames and collisions

Having a Microsoft code signing certificate is the Holy Grail of malware writers. This has now happened.—Mikko Hypponen Unless you are a system administrator for a government institution in or around the Middle East you do not need to worry about Flame infecting your computer. Flame (also known as “Flamer” and “skywiper”) itself is not […]

A salt-free diet is bad for your security

I am not giving anyone health advice. Instead, I’m going to use the example of the recent LinkedIn breach to talk about hashes and salt. Not the food, but the cryptology. Before you dive into this article, you should certainly review the practical advice that Kelly has posted first. Also Kelly’s article has more information […]

Cipher of Advanced Encryption Substitution And Rotation

In the rapidly changing world of eternal mathematical truths, we need to innovativize for the sustanation of our competitive advantage. So instead of serving our customer base with the same old encryption algorithms that are used by governments, military, and most of the Internet, we want to provide the world with new, proprietary systems that […]