[OPLIN 4cast] OPLIN 4cast #498: Future-proofing website privacy

OPLIN Support support at oplin.ohio.gov
Wed Jul 13 10:30:06 EDT 2016 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #498: Future-proofing website privacy
July 13th, 2016

[image: cryptography] For the last couple of years, Google has been
encouraging <http://www.oplin.org/4cast/?p=4845> websites to use the HTTPS
protocol to secure the traffic between the website and the website user. As
of this writing, about half of the OPLIN Dynamic Website Kits have been
converted to HTTPS, meaning any searches or entries people do on those
websites and any data sent by the website to a user is encrypted to prevent
eavesdropping. This encryption requires that the computer receiving the
data have a valid “key” that pairs with a key held by the sending computer.
These keys are too complex for current eavesdropping computers to be able
to guess, which would make it possible to decrypt the data. But Google is
beginning to worry about future computers.
- HTTPS crypto’s days are numbered. Here’s how Google wants to save it
<http://arstechnica.com/security/2016/07/https-crypto-is-on-the-brink-of-collapse-google-has-a-plan-to-fix-it/>
(Ars Technica | Dan Goodin)  “Virtually all forms of public key encryption
in use today are secured by math problems that are so hard that they take
millennia for normal computers to solve. In a world with quantum computers,
the same problems take seconds to solve. No one knows precisely when this
potential doomsday scenario will occur. Forecasts call for anywhere from 20
to 100 years. But one thing is certain: once working quantum computers are
a reality, they will be able to decrypt virtually all of today’s HTTPS
communications. Even more unnerving, eavesdroppers who have stashed away
decades’ worth of encrypted Internet traffic would suddenly have a way to
decrypt all of it.”
- Google tests new crypto in Chrome to fend off quantum attacks
<https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/>
(Wired | Andy Greenberg)  So while a traditional computer might have to
cycle through enormous numbers of possible keys, trying one at a time
before it randomly guesses the key that decrypts an encrypted message, a
quantum computer can try vast swathes of possible keys essentially
simultaneously, collapsing those simultaneous states into one fixed state
only after cracking a scrambled message. And that can mean the difference
between deciphering a message in minutes or in millennia.”
- Google is already fighting hackers from the future with post-quantum
cryptography
<http://mashable.com/2016/07/08/google-chrome-quantum-cryptography/>
(Mashable | Stan Schroeder)  Google is using it [the ‘New Hope’
cryptography algorithm] on top of the existing crypto algorithm, in case
New Hope turns out to be breakable with today’s computers. You read that
right: The post-quantum algorithm protects you from hackers from the
future, but it might be vulnerable against today’s machines. Conversely,
the elliptic-curve algorithm Google is normally using might be worthless
against future’s quantum computers, but it’s the best option against the
computers of today.”
- Google is working to safeguard Chrome from quantum computers
<http://www.theverge.com/2016/7/7/12120280/google-chrome-canary-quantum-computing-encryption-new-hope>
(The Verge | Nick Statt)  The plan is not to create a standard for others
to adopt, but to gather information and experience on how to deploy
post-quantum cryptography. So Google will discontinue the use of New Hope
within two years, hopefully by replacing it with something better, the
company says.”

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - MIT's new 5-atom quantum computer could make today's encryption
   obsolete.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=f5h&AN=114390089>
   (*PC World*, April 2016, p.11-13 | Katherine Noyes)
   - Digital privacy is important too.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=cph&AN=113772833>
   (*Computers in Libraries*, March 2016, p.23-24 | jessamyn west)
   - Can encryption save us?
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=pwh&AN=102935507>
   (*Nation*, 6/15/2015, p.16-18 | Eleanor Saitta)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20160713/aa03ee10/attachment.html>

More information about the OPLIN4cast mailing list