technology:digital signature

#monero #multisignatures explained
▻https://hackernoon.com/monero-multisignatures-explained-46b247b098a7?source=rss----3a8144eabfe3

https://cdn-images-1.medium.com/max/1024/1*hALLAJfvC9q7v2ZyXXMcEw.jpeg

This text opens a new series in which we will explore the inner workings of various blockchains currently being used by the industry. Today, I’m glad to present you with our first research subject: Monero, the #blockchain behind XMR, a fairly well-known, privacy-centered cryptocurrency. Being anonymous, the network implements a number of interesting algorithmic and cryptographic solutions, including multisignature (or simply multisig), a digital signature scheme allowing multiple users to sign documents together as a group.Although Monero added the support for the multisignature protocol several months ago, there is still a certain lack of information online on how this technology works, so we would like to fill this gap first of all. Since the process of creating a multisignature (...)

#multisignatures-explained #monero-multisignatures

US Border Agents Didn’t Verify Any e-Passports Since 2007 Because They Didn’t Have the Software
►https://www.bleepingcomputer.com/news/government/us-border-agents-didnt-verify-any-e-passports-since-2007-because-t

The United States of America, the country with one of the most draconian border crossing procedures in the world, hadn’t verified the validity of chip-implanted e-passports since 2007, the time when foreigners were first required to have one. Shockingly, the reason is that US border agents lacked the software to do so, according to revelations made this week by Senators Ron Wyden (D-Oregon) and Claire McCaskill (D-Missouri) in a letter sent to US Customs and Border Protection (CBP) (...)

#Identité #frontières #voyageurs #surveillance #puce

##Identité ##voyageurs

Blockchains Use Massive Amounts of Energy—But There’s a Plan to Fix That - MIT Technology Review
▻https://www.technologyreview.com/s/609480/bitcoin-uses-massive-amounts-of-energybut-theres-a-plan-to-fix-it

https://cdn.technologyreview.com/i/images/jfmmit2017nov15.jpg?cx=10&cy=682&cw=2990&ch=1681&sw=1200

Bitcoin guzzles about as much electricity annually as all of Nigeria. Ethereum gulps electrons too, as do most other cryptocurrencies.

Blockchains get a lot of love, but they are only shared sets of data. What brings cryptocurrencies like Bitcoin and Ethereum to life is the way all the computers in their networks agree, over and over, that what a blockchain says is true. To do this, they use an algorithm called a consensus mechanism. You’ve probably heard it called “mining.” (See: “What Bitcoin Is, and Why It Matters”)

Cryptocurrency miners do much more than unlock new coins. In the process, they check the blockchain to make sure people aren’t spending coins fraudulently, and they add new lists of transactions—the blocks—to the chain. It’s the second step, meant to secure the blockchain from attacks, that guzzles electricity.

Ultimately, the miners must transform each list of most recent transactions into a digital signature that can serve as proof that the information is true. All miners can do this, using a cryptographic tool that takes any input and spits out a string of seemingly random characters. But Bitcoin’s creator, Satoshi Nakamoto, made this part particularly difficult.

This expends an immense amount of energy, signaling to the rest of the network that a miner’s accounting can be trusted.

But while this particular method of reaching agreement—known as “proof of work”—is the most established, it isn’t the only one. A growing number of technologists are exploring different avenues, and some smaller cryptocurrencies already employ alternative means.

The one in the best position to supplant proof of work is called “proof of stake.”

#Monnaie_numérique #Bitcoin #Energie

Google security researchers broke SHA-1
(Feb 2017)

SHA-1 was officially deprecated by NIST in 2011.
Chrome already deprecated it, and Firefox has now deprecated it as well following this announcement.

▻https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision [a collision is when two different documents have the same hash fingerprint]. This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. We’ve summarized how we went about generating a collision below. As a proof of the attack, we are releasing two PDFs that have identical SHA-1 hashes but different content.

▻https://shattered.it

It is now practically possible to craft two colliding PDF files and obtain a SHA-1 digital signature on the first PDF file which can also be abused as a valid signature on the second PDF file.

Attack infographic:

▻https://shattered.it/static/infographic.pdf

The research paper:

▻https://shattered.it/static/shattered.pdf

Note: the LinkedIn data leak in 2016 revealed the company was using SHA-1 to hash user passwords.

#SHA-1

Verizon Lawyer Argues for Greater Legal Protection for Customer Location Data
▻https://theintercept.com/2016/10/11/verizon-lawyer-argues-for-greater-legal-protection-for-customer-locati

Verizon’s general counsel and head of public policy made a public case this week for reconsidering legal protections on customer data in light of evolving technology that allows companies to almost continuously track cell phone users’ location. Craig Stillman’s opinion piece published Monday in Bloomberg Law comes just days after Reuters revealed that Yahoo, the company Verizon is reportedly buying, helped the U.S. government scan millions of emails for a specific “digital signature,” (...)

#NSA #Yahoo ! #géolocalisation #surveillance #Verizon

##Yahoo_!