As a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key …

In the past years there was a lot of discussion about internet censorship. To get an actual impression of how censorship may be implemented and what methods of circumvention are possible, we created the Intercensor Project. Your task is to bring your laptop, connect it to our special switch and choose a challenge to solve. We provide several levels of difficulty and various methods of censorship, so that you can play around with many ways of circumvention.

We invite you to visit our table at the Hackcenter (in the back, near the elevator), try the game and give us feedback.

An average internet user who has to deal with cryptography: big problem. An average programmer who has to secure his protocol with cryptography: a much bigger problem. Practically, because not every programmer cares much about cryptography. Theoretically, because it is sort of a bad design if everyone implements it in their own piece of software.

Last year, fefe and erdgeist showed impressively how hard it is for a programmer to create a socket, let alone open a connection to another machine on the Internet. Today, as a programmer, you also have to encrypt your connection; you have to …

As many of us know, the whole internet should be regarded as an insecure place. At every place where your internet traffic passes by, it can be modified, suppressed or recorded. Daniel J. Bernstein will show us how you can prevent this from happening:

This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show …

This morning, a concert grand (see photo) was delivered to the stage of Saal one for a special event today: Starting at 18:30 hrs, Corey Cerovsek, Alex Antener and Julien Quentin will be giving a classical concert.

They will be playing pieces from many different composers, including Lennon, Bernstein (Leonard probably; Dan Bernstein can be heard one hour later in the same Saal ;-), Mozart, Liszt and Paganini, to name a few. But there’s more:

In this very concert copyright and public domain issues will be discussed—and a (musical) answer will be given: what would classical music sound like if …

SSL/TLS is the standard when it comes to securing HTTP traffic on the internet. The authenticity of a web server is usually secured using a X.509 certificate digitally signed by a trusted certification authority (CA). All major web browsers come with a list of CAs preinstalled they assume as trustworthy. Every website can be signed by any of these CAs, so no web browser would show a warning, if www.dod.gov would be signed by a Chinese certification authority or the Deutsche Telekom.

To examine the usage of X.509 certificates for SSL/TLS, the EFF installed a SSL Observatory:

The SSL …

To relay a question to the Mission Angels in each talk, use the following Twitter hash tags without dashes:

#27c3Saal1
#27c3Saal2
#27c3Saal3

If you’d like to help, you can sign yourself up for Mission Angel shifts in the Engelsystem. Be sure to check in at the Angel Heaven on the C level for your briefing sheet.

The new national id card Neuer Personalausweis (NPA) was one of the biggest IT projects in the German government in the last years. Compared to the old id card, the new id card is a RFID smart card, which can also be used on the internet to prove your identify to a remote party (Ebay, Paypal, or Amazon for example) and to sign binding contracts. For example, you can use the card to buy a new house or car, or open up a bank account or apply for a credit.

When using the card over the internet, the card is connected to a reader, which is connected to a (potentially insecure) PC, which is …

Thanks to the Mission Angels, you’ll be able to interact with the talks going on at the 27c3 and more! While you watch the streams from one of many Peace Missions throughout the world, Mission Angels will be monitoring IRC and Twitter for questions to be asked in selected events during the 27c3.

To ask a question in a session on IRC join #27c3-Saal-1, #27c3-Saal-2, #27c3-Saal-3 on Freenode or use the corresponding terms as a Twitter hashtag to put your question to the session.

If you’re in a Peace Mission, you can even sign up to give a Lightning Talk!

See the Peace Missions entry on the 27c3 …

Many applications, including closed source applications like malware or DRM-enabled multimedia players (you might consider them as malware too) use cryptography. When analyzing these applications, a first step is the identification and localization of the cryptographic building blocks (cryptographic primitives, for example AES, DES, RSA…) in the applications. When these blocks have been localized, the input and output of the cryptographic primitives and the key management can be observed and the application can be analyzed further. Fortunately, many cryptographic algorithms use special …

Who: You! And lots of Hackers in Berlin!
What: Day 0 Dinner Meetup
When: Today! (26 Dec.) 6pm-11pm (18-23h)
Where: Vapiano Berlin 3 — Mittelstrasse 51, 10117 Berlin
Why: Interesting conversation, good food and great people!
How: Register Here! (Registration requested, not required)

Following the success of last year’s meetup, we’ve arranged another relaxing dinner to celebrate the start of the 27c3 and the other events happening in Berlin between Christmas and New Year’s.  Whatever your plans for the 27th on, stop by tonight for some nice food and great company! Vapiano has dishes for all …

People have been telling us that the phone number, we gave in our last blog post, doesn’t work from certain telephone networks.

In that case please use +49-461-50566232425 or sip://2425@voip.eventphone.de