3G crypto a go-go

Check out the latest algorithms


We came across an interesting web page today, full of details on the new 3G encryption algorithms.

A researcher at AT&T Labs thought it would be a good idea if information about the new encryption algorithms or development processes was available to anyone who wanted it. So, he collated as much as he could find, and posted it here.

The new security protocols are based on the bits that worked well in GSM, with new stuff drafted in to fill the gaps.

"In the last few years," Janos Csirik writes, "GSM took a lot of flak for their approach to crypto algorithm design, which relied on keeping the algorithms secret. In fact, their various algorithms have been broken." Although he acknowledges that this is a point of contention, by no means resolved.

The folks at 3G, on the other hand, are disseminating material as widely as possible - for peer review and proper implementation, counting on the algorithm to withstand the inevitable pounding it will get from interested observers. And this open approach is winning approval from the crypto community.

Interesting stuff, with loads of links. It has the lowdown on the 3GPP - the 3G Partnership Project - and its organisational structure, as well as links to all the techie stuff we know you like so much.

It would get a big "Register Recommends" sticker stuck on it, except that we don't have any. ®


Other stories you might like

  • If you're using the ctx Python package, bad news: Vandal added info-stealing code
    Domain associated with maintainer email expired, taken over in supply-chain attack

    The Python Package Index (PyPI), a repository for Python software libraries, has advised Python developers that the ctx package has been compromised.

    Any installation of the software in the past ten days should be investigated to determine whether sensitive account identifiers stored in environment variables, such as cloud access keys, have been stolen.

    The PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the registry since the rogue versions of ctx first appeared, starting around 19:18 UTC on May 14, 2022.

    Continue reading
  • DigitalOcean sets sail for serverless seas with Functions feature
    Might be something for those who find AWS, Azure, GCP overly complex

    DigitalOcean dipped its toes in the serverless seas Tuesday with the launch of a Functions service it's positioning as a developer-friendly alternative to Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions.

    The platform enables developers to deploy blocks or snippets of code without concern for the underlying infrastructure, hence the name serverless. However, according to DigitalOcean Chief Product Officer Gabe Monroy, most serverless platforms are challenging to use and require developers to rewrite their apps for the new architecture. The ultimate goal being to structure, or restructure, an application into bits of code that only run when events occur, without having to provision servers and stand up and leave running a full stack.

    "Competing solutions are not doing a great job at meeting developers where they are with workloads that are already running today," Monroy told The Register.

    Continue reading
  • Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
    Google Project Zero blows lid off bug involving that old chestnut: XML parsing

    Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.

    The bug, tracked as CVE-2022-22787, received a CVSS severity score of 5.9 out of 10, making it a medium-severity vulnerability. It affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0, and users should download the latest version of the software to protect against this arbitrary remote-code-execution vulnerability.

    The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. Exploiting this is a bit involved, so crooks may not jump on it, but you should still update your app.

    Continue reading

Biting the hand that feeds IT © 1998–2022