The RC4 Stream Cipher could be the most common stream cipher used on the Internet. RC4 is the only Stream Cipher which is standardized for the SSL/TLS protocol, it is also used for WEP and WPA protected wireless networks. Initially, RC4 was designed to be a closed source commercial product, with the core algorithm kept secret. In 1994, the source code for RC4 was posted on the internet and the algorithm could be analyzed.

The first attack on RC4 was published by Fluhrer, Mantin, and Shamir in 2001. The attack is very effective, but can only be used against certain keys starting with a special …

As a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key …

SSL/TLS is the standard when it comes to securing HTTP traffic on the internet. The authenticity of a web server is usually secured using a X.509 certificate digitally signed by a trusted certification authority (CA). All major web browsers come with a list of CAs preinstalled they assume as trustworthy. Every website can be signed by any of these CAs, so no web browser would show a warning, if www.dod.gov would be signed by a Chinese certification authority or the Deutsche Telekom.

To examine the usage of X.509 certificates for SSL/TLS, the EFF installed a SSL Observatory:

The SSL …

The new national id card Neuer Personalausweis (NPA) was one of the biggest IT projects in the German government in the last years. Compared to the old id card, the new id card is a RFID smart card, which can also be used on the internet to prove your identify to a remote party (Ebay, Paypal, or Amazon for example) and to sign binding contracts. For example, you can use the card to buy a new house or car, or open up a bank account or apply for a credit.

When using the card over the internet, the card is connected to a reader, which is connected to a (potentially insecure) PC, which is …

Thanks to the Mission Angels, you’ll be able to interact with the talks going on at the 27c3 and more! While you watch the streams from one of many Peace Missions throughout the world, Mission Angels will be monitoring IRC and Twitter for questions to be asked in selected events during the 27c3.

To ask a question in a session on IRC join #27c3-Saal-1, #27c3-Saal-2, #27c3-Saal-3 on Freenode or use the corresponding terms as a Twitter hashtag to put your question to the session.

If you’re in a Peace Mission, you can even sign up to give a Lightning Talk!

See the Peace Missions entry on the 27c3 …

Many applications, including closed source applications like malware or DRM-enabled multimedia players (you might consider them as malware too) use cryptography. When analyzing these applications, a first step is the identification and localization of the cryptographic building blocks (cryptographic primitives, for example AES, DES, RSA…) in the applications. When these blocks have been localized, the input and output of the cryptographic primitives and the key management can be observed and the application can be analyzed further. Fortunately, many cryptographic algorithms use special …

In one of our last posts we’ve invited all peace missions to register their IP addresses by mail. Registered IP addresses will be granted access to a dedicated video streaming relay.

We’ve received mails from lots of people, who’d like to set up a peace mission and gave us their IP address. So far, so good – it’s cool to see so much interest. Unfortunately, now you’ve invested time for sending us an email, we do change the registration procedure.

There will be a web site, where peace missions can register. After we’ve acknowledged a registration you may add or change your IP address on the …

We wish you a very merry festival of fixing the WiFi at your family’s home!

Over the past few days, the 27c3 team has been hard at work with the initial preparations for the 27c3.  At the bcc, several tons of networking hardware have arrived, the network backbone is up and running and the hackcenter decor is taking shape.  In far away lands, many new Peace Missions have been announced and there’s always room for more.

Peaceful journeys!  We’ll see you on the 27th!

Beim 27C3 werden alle Vorträge live und in Farbe im und um das bcc via DVB-T ausgestrahlt. Den Besuchern des 27C3 ist es damit möglich, Vorträge auch von außerhalb zu folgen und damit die überfüllten Vortragssäle zu vermeiden.

Zum Empfang eignet sich jeder PC oder Laptop mit DVB-T-Stick, Fernseher mit DVB-T-Tuner, Handy mit DVB-T-Funktion, etc. Im Wiki werden wir evtl. notwendige Konfigurationsdateien hinterlegen und eine Liste mit gut und weniger gut funktionierenden Empfängern pflegen.

Die Bundesnetzagentur hat uns Kanal 22 (482MHz) zugeteilt, auf dem wir mit 6 Watt ERP senden werden. …

Wie in alter Chaos-Tradition üblich, verschob sich die Bereitstellung der PDF-Tickets vom 13. auf den 17. Dezember. Doch – wie immer – aufgeschoben ist nicht aufgehoben, sodaß die Tickets nun in den Accounts zum Download bereitstehen.

Bitte druckt die Tickets aus und zeigt sie an der Kasse vor.

Auf den Tickets sind alle quittungsrelevanten Daten aufgedruckt, sodass Ihr keine zusätzliche Rechnung oder Kassenbon benötigt.

Viel Spaß auf dem Kongress! :)

Hackers of all ages can (learn how to) make things at the Hardware Hacking Area of the 27c3!

The HHA is open to everyone and open the entire congress! Hackers of all ages and skill levels are welcome! Round-the-clock hands on workshops will be led by lots of experienced teachers like Mitch Altman, Jimmie P. Rodgers, fbz, Wim Vandeputte and…you!

Learn to solder, then help teach others! Make cool things with electronics, design and print 3D models on the Makerbot, break RFID, or give your own workshop on the projects you’ve been hacking on this year. Last year there was a Cantenna workshop, a …

Want four minutes on stage at the 27c3? You can have it! Registration is now open for the Lightning Talk sessions at the 27c3.

Taking place at 12:45 in Saal 3 on Days 2, 3 and 4, these fast paced sessions are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to share with the world.

Lightning talks are also good for getting publicity for your workshop at the 27c3, or for recruiting people to join in on things like a high calorie flash mob.

In order to maximize the available time, registrations will be granted to presenters who submit …