The blog post "AES and ChaCha" compares two popular symmetric encryption algorithms, highlighting ChaCha's simplicity and speed advantages, particularly in software implementations and resource-constrained environments. While AES, the Advanced Encryption Standard, is widely adopted and hardware-accelerated, its complex structure makes it more challenging to implement securely in software. ChaCha, designed with software in mind, offers easier implementation, potentially leading to fewer vulnerabilities. The post concludes that while both algorithms are considered secure, ChaCha's streamlined design and performance benefits make it a compelling alternative to AES, especially in situations where hardware acceleration isn't available or software implementation is paramount.
Researchers have demonstrated a method for cracking the Akira ransomware's encryption using sixteen RTX 4090 GPUs. By exploiting a vulnerability in Akira's implementation of the ChaCha20 encryption algorithm, they were able to brute-force the 256-bit encryption key in approximately ten hours. This breakthrough signifies a potential weakness in the ransomware and offers a possible recovery route for victims, though the required hardware is expensive and not readily accessible to most. The attack relies on Akira's flawed use of a 16-byte (128-bit) nonce, effectively reducing the key space and making it susceptible to this brute-force approach.
Hacker News commenters discuss the practicality and implications of using RTX 4090 GPUs to crack Akira ransomware. Some express skepticism about the real-world applicability, pointing out that the specific vulnerability exploited in the article is likely already patched and that criminals will adapt. Others highlight the increasing importance of strong, long passwords given the demonstrated power of brute-force attacks with readily available hardware. The cost-benefit analysis of such attacks is debated, with some suggesting the expense of the hardware may be prohibitive for many victims, while others counter that high-value targets could justify the cost. A few commenters also note the ethical considerations of making such cracking tools publicly available. Finally, some discuss the broader implications for password security and the need for stronger encryption methods in the future.
The blog post details a successful effort to decrypt files encrypted by the Akira ransomware, specifically the Linux/ESXi variant from 2024. The author achieved this by leveraging the power of multiple GPUs to significantly accelerate the brute-force cracking of the encryption key. The post outlines the process, which involved analyzing the ransomware's encryption scheme, identifying a weakness in its key generation (a 15-character password), and then using Hashcat with a custom mask attack on the GPUs to recover the decryption key. This allowed for the successful decryption of the encrypted files, offering a potential solution for victims of this particular Akira variant without paying the ransom.
Several Hacker News commenters expressed skepticism about the practicality of the decryption method described in the linked article. Some doubted the claimed 30-minute decryption time with eight GPUs, suggesting it would likely take significantly longer, especially given the variance in GPU performance. Others questioned the cost-effectiveness of renting such GPU power, pointing out that it might exceed the ransom demand, particularly for individuals. The overall sentiment leaned towards prevention being a better strategy than relying on this computationally intensive decryption method. A few users also highlighted the importance of regular backups and offline storage as a primary defense against ransomware.
Apple is reportedly planning to add support for encrypted Rich Communication Services (RCS) messaging between iPhones and Android devices. This means messages, photos, and videos sent between the two platforms will be end-to-end encrypted, providing significantly more privacy and security than the current SMS/MMS system. While no official timeline has been given, the implementation appears to be dependent on Google updating its Messages app to support encryption for group chats. This move would finally bring a modern, secure messaging experience to cross-platform communication, replacing the outdated SMS standard.
Hacker News commenters generally expressed skepticism about Apple's purported move towards supporting encrypted RCS messaging. Several doubted Apple's sincerity, suggesting it's a PR move to deflect criticism about iMessage lock-in, rather than a genuine commitment to interoperability. Some pointed out that Apple benefits from the "green bubble" effect, which pressures users to stay within the Apple ecosystem. Others questioned the technical details of Apple's implementation, highlighting the complexities of key management and potential vulnerabilities. A few commenters welcomed the move, though with reservations, hoping it's a genuine step toward better cross-platform messaging. Overall, the sentiment leaned towards cautious pessimism, with many anticipating further "Apple-style" limitations and caveats in their RCS implementation.
NIST has chosen HQC (Hamming Quasi-Cyclic) as the fifth and final public-key encryption algorithm to standardize for post-quantum cryptography. HQC, based on code-based cryptography, offers small public key and ciphertext sizes, making it suitable for resource-constrained environments. This selection concludes NIST's multi-year effort to standardize quantum-resistant algorithms, adding HQC alongside the previously announced CRYSTALS-Kyber for general encryption, CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. These algorithms are designed to withstand attacks from both classical and quantum computers, ensuring long-term security in a future with widespread quantum computing capabilities.
HN commenters discuss NIST's selection of HQC, expressing surprise and skepticism. Several highlight HQC's vulnerability to side-channel attacks and question its suitability despite its speed advantages. Some suggest SPHINCS+ as a more robust, albeit slower, alternative. Others note the practical implications of the selection, including the need for hybrid approaches and the potential impact on existing systems. The relatively small key and ciphertext sizes of HQC are also mentioned as positive attributes. A few commenters delve into the technical details of HQC and its underlying mathematical principles. Overall, the sentiment leans towards cautious interest in HQC, acknowledging its strengths while emphasizing its vulnerabilities.
The UK's National Cyber Security Centre (NCSC), along with GCHQ, quietly removed official advice recommending the use of Apple's device encryption for protecting sensitive information. While no official explanation was given, the change coincides with the UK government's ongoing push for legislation enabling access to encrypted communications, suggesting a conflict between promoting security best practices and pursuing surveillance capabilities. This removal raises concerns about the government's commitment to strong encryption and the potential chilling effect on individuals and organizations relying on such advice for data protection.
HN commenters discuss the UK government's removal of advice recommending Apple's encryption, speculating on the reasons. Some suggest it's due to Apple's upcoming changes to client-side scanning (now abandoned), fearing it weakens end-to-end encryption. Others point to the Online Safety Bill, which could mandate scanning of encrypted messages, making previous recommendations untenable. A few posit the change is related to legal challenges or simply outdated advice, with Apple no longer being the sole provider of strong encryption. The overall sentiment expresses concern and distrust towards the government's motives, with many suspecting a push towards weakening encryption for surveillance purposes. Some also criticize the lack of transparency surrounding the change.
Apple is challenging a UK court order demanding they create a "backdoor" into an encrypted iPhone belonging to a suspected terrorist. They argue that complying would compromise the security of all their devices and set a dangerous precedent globally, potentially forcing them to create similar backdoors for other governments. Apple claims the Investigatory Powers Act, under which the order was issued, doesn't authorize such demands and violates their human rights. They're seeking judicial review of the order, arguing existing tools are sufficient for the investigation.
HN commenters are largely skeptical of Apple's claims, pointing out that Apple already complies with lawful intercept requests in other countries and questioning whether this case is truly about a "backdoor" or simply about the scope and process of existing surveillance capabilities. Some suspect Apple is using this lawsuit as a PR move to bolster its privacy image, especially given the lack of technical details provided. Others suggest Apple is trying to establish legal precedent to push back against increasing government surveillance overreach. A few commenters express concern over the UK's Investigatory Powers Act and its implications for privacy and security. Several highlight the inherent conflict between national security and individual privacy, with no easy answers in sight. There's also discussion about the technical feasibility and potential risks of implementing such a system, including the possibility of it being exploited by malicious actors.
Delta Chat is a free and open-source messaging app that leverages existing email infrastructure for communication. Instead of relying on centralized servers, messages are sent and received as encrypted emails, ensuring end-to-end encryption through automatic PGP key management. This means users can communicate securely using their existing email addresses and providers, without needing to create new accounts or convince contacts to join a specific platform. Delta Chat offers a familiar chat interface with features like group chats, file sharing, and voice messages, all while maintaining the decentralized and private nature of email communication. Essentially, it transforms email into a modern messaging experience without compromising user control or security.
Hacker News commenters generally expressed interest in Delta Chat's approach to secure messaging by leveraging existing email infrastructure. Some praised its simplicity and ease of use, particularly for non-technical users, highlighting the lack of needing to manage separate accounts or convince contacts to join a new platform. Several users discussed potential downsides, including metadata leakage inherent in the email protocol and the potential for spam. The reliance on Autocrypt for key exchange was also a point of discussion, with some expressing concerns about its discoverability and broader adoption. A few commenters mentioned alternative projects with similar aims, like Briar and Status. Overall, the sentiment leaned towards cautious optimism, acknowledging Delta Chat's unique advantages while recognizing the challenges of building a secure messaging system on top of email.
The post "Learn How to Break AES" details a hands-on educational tool for exploring vulnerabilities in simplified versions of the AES block cipher. It provides a series of interactive challenges where users can experiment with various attack techniques, like differential and linear cryptanalysis, against weakened AES implementations. By manipulating parameters like the number of rounds and key size, users can observe how these changes affect the cipher's security and practice applying cryptanalytic methods to recover the encryption key. The tool aims to demystify advanced cryptanalysis concepts by providing a visual and interactive learning experience, allowing users to understand the underlying principles of these attacks and the importance of a full-strength AES implementation.
HN commenters discuss the practicality and limitations of the "block breaker" attack described in the article. Some express skepticism, pointing out that the attack requires specific circumstances and doesn't represent a practical break of AES. Others highlight the importance of proper key derivation and randomness, reinforcing that the attack exploits weaknesses in implementation rather than the AES algorithm itself. Several comments delve into the technical details, discussing the difference between a chosen-plaintext attack and a known-plaintext attack, as well as the specific conditions under which the attack could be successful. The overall consensus seems to be that while interesting, the "block breaker" is not a significant threat to AES security when implemented correctly. Some appreciate the visualization and explanation provided by the article, finding it helpful for understanding block cipher vulnerabilities in general.
Apple has removed its iCloud Advanced Data Protection feature, which offers end-to-end encryption for almost all iCloud data, from its beta software in the UK. This follows reported concerns from the UK's National Cyber Security Centre (NCSC) that the enhanced security measures would hinder law enforcement's ability to access data for investigations. Apple maintains that the feature will be available to UK users eventually, but hasn't provided a clear timeline for its reintroduction. While the feature remains available in other countries, this move raises questions about the balance between privacy and government access to data.
HN commenters largely agree that Apple's decision to pull its child safety features, specifically the client-side scanning of photos, is a positive outcome. Some believe Apple was pressured by the UK government's proposed changes to the Investigatory Powers Act, which would compel companies to disable security features if deemed a national security risk. Others suggest Apple abandoned the plan due to widespread criticism and technical challenges. A few express disappointment, feeling the feature had potential if implemented carefully, and worry about the implications for future child safety initiatives. The prevalence of false positives and the potential for governments to abuse the system were cited as major concerns. Some skepticism towards the UK government's motivations is also evident.
Bipartisan U.S. lawmakers are expressing concern over a proposed U.K. surveillance law that would compel tech companies like Apple to compromise the security of their encrypted messaging systems. They argue that creating a "back door" for U.K. law enforcement would weaken security globally, putting Americans' data at risk and setting a dangerous precedent for other countries to demand similar access. This, they claim, would ultimately undermine encryption, a crucial tool for protecting sensitive information from criminals and hostile governments, and empower authoritarian regimes.
HN commenters are skeptical of the "threat to Americans" angle, pointing out that the UK and US already share significant intelligence data, and that a UK backdoor would likely be accessible to the US as well. Some suggest the real issue is Apple resisting government access to data, and that the article frames this as a UK vs. US issue to garner more attention. Others question the technical feasibility and security implications of such a backdoor, arguing it would create a significant vulnerability exploitable by malicious actors. Several highlight the hypocrisy of US lawmakers complaining about a UK backdoor while simultaneously pushing for similar capabilities themselves. Finally, some commenters express broader concerns about the erosion of privacy and the increasing surveillance powers of governments.
The UK government is pushing for a new law, the Investigatory Powers Act, that would compel tech companies like Apple to remove security features, including end-to-end encryption, if deemed necessary for national security investigations. This would effectively create a backdoor, allowing government access to user data without their knowledge or consent. Apple argues that this undermines user privacy and security, making everyone more vulnerable to hackers and authoritarian regimes. The law faces strong opposition from privacy advocates and tech experts who warn of its potential for abuse and chilling effects on free speech.
HN commenters express skepticism about the UK government's claims regarding the necessity of this order for national security, with several pointing out the hypocrisy of demanding backdoors while simultaneously promoting end-to-end encryption for their own communications. Some suggest this move is a dangerous precedent that could embolden other authoritarian regimes. Technical feasibility is also questioned, with some arguing that creating such a backdoor is impossible without compromising security for everyone. Others discuss the potential legal challenges Apple might pursue and the broader implications for user privacy globally. A few commenters raise concerns about the chilling effect this could have on whistleblowers and journalists.
The blog post details how the author lost access to a BitLocker-encrypted drive due to a Secure Boot policy change, even with the correct password. The TPM chip, responsible for storing the BitLocker recovery key, perceived the modified Secure Boot state as a potential security breach and refused to release the key. This highlighted a vulnerability in relying solely on the TPM for BitLocker recovery, especially when dual-booting or making system configuration changes. The author emphasizes the importance of backing up recovery keys outside the TPM, as recovery through Microsoft's account proved difficult and unhelpful in this specific scenario. Ultimately, the data remained inaccessible despite possessing the password and knowing the modifications made to the system.
HN commenters generally concur with the article's premise that relying solely on BitLocker without additional security measures like a TPM or Secure Boot can be risky. Several point out how easy it is to modify boot order or boot from external media to bypass BitLocker, effectively rendering it useless against a physically present attacker. Some commenters discuss alternative full-disk encryption solutions like Veracrypt, emphasizing its open-source nature and stronger security features. The discussion also touches upon the importance of pre-boot authentication, the limitations of relying solely on software-based security, and the practical considerations for different threat models. A few commenters share personal anecdotes of BitLocker failures or vulnerabilities they've encountered, further reinforcing the author's points. Overall, the prevailing sentiment suggests a healthy skepticism towards BitLocker's security when used without supporting hardware protections.
iOS 18 introduces homomorphic encryption for some Siri features, allowing on-device processing of encrypted audio requests without decrypting them first. This enhances privacy by preventing Apple from accessing the raw audio data. Specifically, it uses a fully homomorphic encryption scheme to transform audio into a numerical representation amenable to encrypted computations. These computations generate an encrypted Siri response, which is then sent to Apple servers for decryption and delivery back to the user. While promising improved privacy, the post raises concerns about potential performance impacts and the specific details of the implementation, which Apple hasn't fully disclosed.
Hacker News users discussed the practical implications and limitations of homomorphic encryption in iOS 18. Several commenters expressed skepticism about Apple's actual implementation and its effectiveness, questioning whether it's fully homomorphic encryption or a more limited form. Performance overhead and restricted use cases were also highlighted as potential drawbacks. Some pointed out that the touted benefits, like encrypted search and image classification, might be achievable with existing techniques, raising doubts about the necessity of homomorphic encryption for these tasks. A few users noted the potential security benefits, particularly regarding protecting user data from cloud providers, but the overall sentiment leaned towards cautious optimism pending further details and independent analysis. Some commenters linked to additional resources explaining the complexities and current state of homomorphic encryption research.
Summary of Comments ( 1 )
https://news.ycombinator.com/item?id=43682369
HN commenters generally praised the article for its clear and concise explanation of ChaCha and AES, particularly appreciating the accessible language and lack of jargon. Some discussed the practical implications of choosing one cipher over the other, highlighting ChaCha's performance advantages on devices lacking AES hardware acceleration and its resistance to timing attacks. Others pointed out that while simplicity is desirable, security and correctness are paramount in cryptography, emphasizing the rigorous scrutiny both ciphers have undergone. A few commenters delved into more technical aspects, such as the internal workings of the algorithms and the role of different cipher modes. One commenter offered a cautionary note, reminding readers that even well-regarded ciphers can be vulnerable if implemented incorrectly.
The Hacker News post titled "AES and ChaCha" linking to a blog post about the simplicity of ChaCha and AES sparked a moderately active discussion with 17 comments. Several commenters focused on the performance aspects of ChaCha20-Poly1305, particularly its advantages on devices lacking AES hardware acceleration. One commenter highlighted its suitability for mobile devices and routers, where dedicated AES hardware might not be present, leading to improved performance compared to AES software implementations. This thread also explored the implications for power consumption, suggesting ChaCha20 could be more energy-efficient in these scenarios.
Another commenter appreciated the original blog post's focus on the internal structure of the algorithms, contrasting it with other resources that primarily delve into mathematical proofs. They valued the author's approach of explaining the algorithms through visuals and understandable language.
There was some discussion about the security of both algorithms. One commenter mentioned the "Sweet32" birthday attack against 3DES, but clarified that it doesn't affect ChaCha20 or AES due to their larger block size. Another commenter discussed the relative merits of block ciphers and stream ciphers, noting ChaCha20's position as a performant stream cipher and AES as a robust block cipher. A related comment touched on the need for authenticated encryption modes like AES-GCM and ChaCha20-Poly1305.
A couple of comments mentioned the real-world usage of ChaCha20-Poly1305, citing its adoption in protocols like TLS 1.3 and WireGuard. One commenter speculated that its increased use in TLS 1.3 might be influenced by Google's promotion of the cipher, possibly due to its performance benefits on their Android platform.
Finally, one commenter praised the blog post's clarity, accessibility, and helpful visuals, stating that it provided a good overview of the subject.