Imagine, just for a moment, that a mathematical breakthrough had occurred on the eve of the second World War. Perhaps Turing or Rejewski or Driscoll realised that prime number theory held the key to unbreakable encryption. This blog post attempts to answer the question "could public-key cryptography have been used in 1939?" Let's briefly step back into history. The Enigma machine represented…
Continue reading →
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest:…
Continue reading →
I recently saw Robin Moisson's method of password protecting a statically served HTML page. It's quite neat! But it does rely on JavaScript. That got me wondering if there was a way to encrypt a static page only using CSS? And... I think I've done it! I'll warn you now, this is a deeply stupid way to solve the problem. Here's a screencast of the demo in action: …
Continue reading →
Messaging app Signal is launching a payment service in the UK. This will allow users to send each other money cryptocurrency. Many people have written about why this is a daft idea. But they've mostly talked about why cryptocoins corrupt everything they touch. I want to talk about why this is a shitty idea from a product perspective. It all comes down to user needs. What pain point are you…
Continue reading →
I'm not sure if I'm the first person to do this - but I'm going to claim credit anyway! Terence Eden is on Mastodon@edentHello! This Tweet has been signed with my PGP Key. pic.x.com/ed4rcldlvw❤️ 35💬 7🔁 008:03 - Thu 14 May 2020 You can verify by pasting the alt text into keybase.io/verify - or by using your favourite command line tool. Back in 2017, I wondered if Twitter's alt text could be (ab)…
Continue reading →
This is a quick tutorial on how to encrypt your Twitter messages using PGP with the help of Keybase.io. I read an article yesterday which seemed to imply that Twitter was mangling PGP encrypted messages (albeit unintentionally). There is a minor bug in Twitter's web interface - but PGP seems to work perfectly in apps. So, I want to demonstrate how it can be done successfully. I've written this …
Continue reading →
(An adaptation of my earlier blog post on the same topic.) This is a case study focusing on the usability of encryption systems as used by political dissidents in Apartheid era South Africa. Background - South Africa Between 1948 and 1994, the nation of South Africa was ruled by an ethnically white minority. They set in place a system of government – known as Apartheid - which suppressed, b…
Continue reading →
In 1987 MI5's former Assistant Director, Peter Wright, released his autobiography. Spycatcher: The Candid Autobiography of a Senior Intelligence Officer. It was immediately banned by the British Government. Although the Internet wasn't around to facilitate its distribution, it was trivial to obtain copies imported from Australia. As a boy, I remember seeing the publicity about it on the…
Continue reading →
I have been reading a wonderful account of how The ANC in South Africa developed and used encryption to avoid persecution by the Apartheid regime. The article is a good 15,000 words and will take you some time to read. It is a fascinating account of how an ersatz encryption technology was developed by enthusiastic amateurs using acoustic couplers, DTMF, tape recorders, and early mobile phones. …
Continue reading →
You should visit Bletchley Park. Seriously. It's the most amazing museum - dedicated to the wartime effort to crack Enigma; the Nazi cryptographic machines. The tour guides of Bletchley Park are full of fascinating stories. They can tell you how all the primitive computers work, about the history of each building, they know all the curious little facts which make visiting the park an absolute …
Continue reading →
As Shakespeare said... "[Blog posts are] a tale told by an idiot, full of sound and fury, signifying nothing." Today Ofcom published the responses it had for its consultation on plans for the BBC to encrypt its HD broadcasts. The blogosphere went nuts! DRM? Not on our watch. Boing Boing mobilised its army of commentators, the BBC published two blog posts which quickly filled up with comments, …
Continue reading →
