It has faced enormous DDoS attacks by assumed nation-state adversaries, and following the election of Donald Trump, sign-ups at the service doubled. Users can navigate to the Tor network through: https://protonirockerxow.onion Today, ProtonMail is announcing the introduction of a Tor hidden service, or onion site, which will allow users to directly connect to their encrypted email accounts through the Tor network at the URL https://protonirockerxow.onion, which ProtonMail said it expended "considerable CPU time" to generate for the sake of finding a hash that was more human readable and less prone to phishing. Additionally, the onion site also has a valid SSL certificate issued to Proton Technologies AG by DigiCert.
This is a reasonably novel innovation as the classical Certificate Authority system isn't compatible with Tor, where onion addresses are self-generated rather than purchased from a registrar. Yen told The Register: "The problem is, if you act as your own CA, you run the issue of not trusting that certificate authority by default." As such, ProtonMail reached out to the Tor Project, which suggested it get in touch with DigiCert, who had previously provided the CA service for Facebook. "Given ProtonMail's recent growth, we realize that the censorship of ProtonMail in certain countries is inevitable and we are proactively working to prevent this." said Yen. "Tor provides a way to circumvent certain Internet blocks so improving our compatibility with Tor is a natural first step." In the coming months, the Tor Project stated it would be "making additional security and privacy enhancements to ProtonMail, including finishing some of the leftover items from our 2016 Security Roadmap". ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub
Developer Open Whisper Systems says the country is censoring its messaging and voice calling program.
Egypt has reportedly censored encrypted chat service Signal.
App developer Open Whisper Systems on Monday confirmed the transcontinental country is censoring its messaging and voice calling program.
We'll begin deploying censorship circumvention in Signal over the next several weeks. Until then, Tor or a VPN can be used to access Signal.— Open Whisper Systems (@whispersystems) December 19, 2016
The issue surfaced on Saturday, when IT specialist Ahmed Gharbeia tweeted about "wide reports" of Signal failure in Egypt.
"Everything is functioning normally on our end," Open Whisper Systems wrote in response, suggesting "something might be up" on the local network.
The firm reached out to the Open Observatory of Network Interference (OONI)—a global organization operating under the Tor Project to detect censorship, surveillance, and traffic manipulation on the Internet.
The project last week released two new software tests designed to examine the blocking of WhatsApp and Facebook Messenger, allowing anyone to monitor the accessibility of the apps and collect data as evidence.
Signal, a free app for Android, iOS, and desktop, is one of several messaging services to support end-to-end encryption—including Facebook's WhatsApp and Messenger. It is also one of several to come under fire from law enforcement officials who can't keep tabs on the conversations of suspected criminals.
Further details on the alleged censorship were not revealed; Open Whisper Systems did not immediately respond to PCMag's request for comment.
Constraints to encrypted social media are not new in Egypt: Facebook's free Internet service was shut down in December 2015 because the country's government could not spy on the browsing activities of local users.
The Egyptian Ministry of Communications and Information Technology also did not respond to a request for comment.
Open Whisper Systems recently ruffled some more government feathers with added support for disappearing messages. Users can determine how long—from five seconds to one week—a chat message is available to recipients before it self-destructs.
In it he discusses the “most beautiful woman in the world,” 1930s and ‘40s superstar Hedy Lamarr. With her composer friend George Antheil, she invented frequency hopping. Frequency hopping (or spread spectrum) is a technology that underlies the communication transport and security of almost every wireless device we value today, including GPS, cellphones, Bluetooth, satellites, and home wireless networks. I’ve been telling the story of amateur inventor Lamarr in my security and crypto classes as long as I’ve been teaching.
It’s a great story of a nonscientist making a discovery that changes society forever.
Stories of amateurs solving the world’s hardest problems abound in the computer security and crypto world. Sometimes it’s hard to separate the myths (like the janitor who supposedly became a crypto supersleuth at the NSA) from the real stories, but there are plenty of “average” people who ended leaving a remarkable legacy. The Rosetta Stone One of my other favorite stories is about Jean-François Champollion, a French philosopher who ultimately solved the riddle of the Rosetta Stone and ultimately deciphered Egyptian hieroglyphics.
The Rosetta Stone is a stone tablet written in 196 BCE that contained three different languages of (nearly) the same text: ancient Egyptian hieroglyphics, ancient Greek, and Demotic script. The last two had been decoded, but no one could figure out the hieroglyphics.
Champollion, competing against the popular Egyptian historian Thomas Young, was able to figure out that the hieroglyphs were a combination of an alphabet and single characters that represent a word or phrase (called a logograph). Young repeatedly denigrated Champollion’s findings in public, even when presented with irrefutable proof otherwise.
It was many years later, after Champollion’s death, that other Egyptian experts realized Champollion was right.
I use this story to remind myself that even the popularly accepted experts can be wrong. Even today I see popular computer security experts who give bad advice on topics they don’t know much about.
They either feel they are experts or think their “gut feelings” are better than the evidence to the contrary.
I guess it’s hard to say, “I don’t know,” when someone begs you for advice or when the press asks you to be an “expert.” Public/private key crypto Public/private cryptography underlies almost every digital encryption and signature technology used across the internet.
In the 1970s, three men -- Whitfield Diffie, Martin Hellman, and Ralph Merkle -- together solved the centuries-old problem of how to securely transmit a private encryption key from one location to another, without both parties needing to know a secret at the outset. Diffie presented his idea for public/private key crypto to a group at IBM during a “lunch and learn” brown bag presentation.
Although a very smart MIT graduate, Diffie was not a trained cryptographer, so the IBMers discounted what he said and walked out. One of the people told him he sounded like another crazy guy called Martin Hellman (who had worked at IBM and taught at MIT). In point of fact, British cryptographer, Clifford Cocks officially “discovered” public/private key encryption in 1973, but his creation was top secret and not announced publicly until 1997.
Thus, Diffie, Hellman, and Merkle discovered it separately, and they're still given credit for the first public discovery and announcement. Diffie sought out Hellman and, after a little persuading, decided to try and crack the public/private key problem, while adding Merkle to do the math validity checks.
Diffie realized computers were not very efficient at calculating large prime numbers. Hence, the Diffie-Hellman public/private key cipher provides protection, because finding/factoring the original two large prime numbers used to create a third number is very difficult for even massive computers. Heroes of Bletchley Park A key figure in helping to decipher the World War II German Engima ciphers is Joan Clarke.
Although Clarke had a double-first degree in math from Cambridge University and been selected to work at Bletchley Park, she was assigned clerical duties and paid less than male code breakers. But her intelligence and attitude showed through, and she became a key code breaker and confidante of Alan Turing, who himself struggled after persecution for being gay.
I like this story -- it shows how our irrational discrimination only slows down technological progress. The mischievous raven Edgar Allen Poe was a mischievous amateur cryptographer.
Back at the turn of the 19th century, it was common for lovers and people having affairs to declare their love for each other -- and to schedule rendezvous in the newspaper using rudimentary cryptography (often simple character substitution). Poe would often decipher the lovers' messages, then write a humorous or admonishing reply.
Alternately, he would respond to one party or the other with a fake message using the same cipher. We should call this a “Poe in the middle” attack. There are hundreds of fascinating stories where ordinary people did extraordinary things and changed the world -- or at least added levity.
If you are interested in computer security or cryptography, I encourage you to buy and read a few crypto history books.
They’re much more fun to read than you might think. Who knows? Maybe a Kardashian will solve quantum crypto one day.