Tag

Zero Knowledge

All articles tagged with #zero knowledge

technology9 days ago•10 min saved

Security researchers find critical flaws in mainstream password managers

An ETH Zurich team tested Bitwarden, LastPass, and Dashlane under a malicious-server threat model and demonstrated 12, 7, and 6 attacks respectively, showing that passwords could be accessed or altered and that end-to-end, zero-knowledge encryption promises may not hold. They found the attacks often only required routine user actions like logging in or syncing. The researchers propose updating cryptographic standards for new customers, providing migration paths for existing users, and increasing transparency via external audits, noting that many providers still rely on outdated crypto. Consumers should favor password managers that disclose vulnerabilities, are audited, and enable end-to-end encryption by default.

via futurity.org|

#cybersecurity #encryption #eth-zurich

security16 days ago•17 min saved

Zero-knowledge claims tested: researchers reveal multiple flaws in top password managers

Researchers from ETH Zurich and USI Lugano analyzed Bitwarden, Dashlane, and LastPass and uncovered multiple attack vectors that can enable a compromised or malicious server to read or even modify vaults, especially when account-recovery, group enrollment, key escrow, or backward-compatibility features are enabled. Some attacks could allow theft of entire vaults or selective item data, and even breach older encryption configurations. While vendors defend their security audits and ongoing patching, the study argues that the term “zero-knowledge” can be misleading and urges stronger threat models and resilience measures across password managers.

via Ars Technica|

#account-recovery #encryption #password-managers

blockchain2 years ago•1 min saved

Polygon 2.0 Goes Global and Unveils Upgrades to Tap into Internet's 'Value Layer'

Ethereum scaling solution Polygon will unveil its blueprint for version 2.0 over the next few weeks, which will include a network of zero-knowledge layer 2 chains that can communicate with each other. The Polygon 2.0 vision aims to build "the value layer of the internet" and enable decentralized finance, digital ownership, and new means of coordination. The announcement for how Polygon plans to address its Polygon PoS chain is set for next week, followed by a series of announcements on the blockchain's architecture, token, and governance over the next four weeks.

via CoinDesk|

#blockchain #decentralized-finance #ethereum